The InfoSec Blog

HR hacks job requests before publishing

Posted by Anton Aylward

On his weblog for January 19th Martin McKeay describes how HR munged his job description and requirement before publishing it on Dice.

It's very interesting to read the HR version of the job description. I was asked to comment on the job description several weeks ago and I tried to modify it to match what I really do. Some of my changes were ignored, others were modified heavily and, as always happens, the job description put on Dice only marginally describes the position I've filled for the last 16 months.

I've often mentioned http://wiki.pragprog.com/cgi-bin/wiki.cgi/AnneLearnsToRecruit and experienced that myself.

What an idiot!

Posted by Anton Aylward

http://www.foxnews.com/story/0,2933,236480,00.html

In a fit of pique over a small amount (roughly a month's income) this clown has earned himself eight years in chokey, (at the age of 64). If he survives that, he'll emerge a bankrupt. (I'm assuming that anyone with $3m+ assets isn't going to pull such a stunt over $17,500.) Even his planned option sting didn't fly. How did anyone that stupid get a US $150k job as a sysadmin? He hasn't even the excuse of impetuous youth.

The sentence might seem harsh, but in view of the deliberate nature of the crime and the cost of the damage, it is justified, if only "pour decourager les autres".

Filed under: Security Comments Off

Rest In Peace

Posted by Anton Aylward

This week has seen the the deaths of two leading lights and activists in the North American security community: Robert Garigue here in Canada and Laurie H. McQuillan in Washington.

The will both be sorely missed by their colleagues, friends and family.

Filed under: Social Continue reading

Cabling blunder fouls up DoD network

Posted by antonaylward

http://www.infoworld.com/article/07/01/09/03OPrecord_1.html?source=NLC-RECORD2007-01-10

I had a similar experience with a manufacturer based her in TO.
They insisted in using their own electrician, who was a power/HVAC guy.

Of course he did EVERYTHING wrong

  • route the cable through steel conduits
  • with power cables
  • and past fluorescent lights

And of course the company was doing it all on the cheap so it wasn't shielded cable!

But the real showdown was that he punched the wires into the rack and the outlets in a completely arbitrary manner.

And guess who got yelled at when the network didn't work?

When I FINALLY convinced the COO what was wrong he went through with me and we re-routed and re-punched the wiring together. Of course I billed for that time, which he wasn't happy about.

The moral is that you should do the job properly, which often means getting the experienced professional.

Filed under: Failures Comments Off

2006: The Year of the laptop … stolen that is

Posted by Anton Aylward

When did you last secure your laptop?

The last year seems to have been a bumper one for stolen laptops, especially ones stolen from high profile companies and which contian plenty of personal information.

Many of the companies concerned seem to think that having passowrd proetction is adequate. Others think that because the laptop was stolen "for the hardware" and not for the information on it, all is OK. A couple think that firing the person who was using the laptop makes everythng OK.

"If thieves read the newspaper, they can readily figure out that they have got more than just a piece of hardware."

Well, I don't think so.

Will things change?

At the very least, the publicity has made it clear to theives that tTell me about when you saved the company a million dollars. Or when you successfully managed the million dollar project to deployment, on schedule and on budget. The infomation on the laptop is more valuable than the hardware. This year, 2007, any thief with any sense will sell the data and throw away the laptop. Perhaps on a rubish tip - oh, I see one did that 🙂

Here is a summary of some news articles from 2006