Happy Halloween! We know that all IT professionals have experienced their fair share of freaky Friday IT anomalies. And today is the perfect day to share these scary IT nightmares.
We dug deep into the IT crypt and rounded up some cringe worthy tales below. Have any that you want to share? We would love to hear your best "Nightmare on IT street" story. So, howl your stories at us on twitter: #ITNightmare
#1 Password Boogie Man
"I think back to a time right after a fairly large network upgrade. All weekend, day and night, had been spent migrating a nightmare network from a hodgepodge of Windows 95/98/ME and even OS/2 clients with NetWare and Windows NT servers to a clean, homogeneous utopia of redundant Windows 2000 Servers on the back and Windows XP Professional desktops on the front.
Things hadn’t gone quite as smoothly as we’d hoped, so instead of finishing up on Sunday afternoon, we were still putting final tweaks in place on Monday morning.
After we did our last test (making sure all local tape backups were working properly) it was about noon. (Most users by now had logged in, been informed that they needed to choose a new password in accordance with our medium-strong password guidelines, and had chosen a new password.) I stumbled bleary-eyed into the lunchroom for my umpteenth caffeine fix. Chugging my Coke, I almost missed it while mincing out of the lunchroom. But it grabbed my attention from the corner of my eye and caused Coca-Cola to shoot from my schnoz like some enraged soda dragon.
[It was a] “Password List.” Yes, every user's new password along with IT and even some specific switch passwords had been printed out by a well-meaning secretary and posted in the lunchroom.... she explained that she just figured it’d be easier to post them there than to answer all the phone calls when users inevitably forgot them. So she went around and collected them (in my name), built her list, and posted it."
#2 Invasion of the Rogue IT Users
"The security team of a large nonprofit had a sinking feeling that members of their company were engaging in rogue IT use, but they weren’t quite prepared for what they discovered. They decided to call up the suspected SaaS company to pose as a perspective buyer from their company. Not only did the company sales rep immediately – and without authenticating the caller’s ID – admit that 1600 employees from the company were using the SaaS app, but the rep also offered to send the entire list of names and emails to the (potentially malicious) unauthenticated caller. "
#3 Silence of the Hackers
Puppet Labs held a System administrator Halloween Gif contest, and it's easy to see why this was a top entry:
"When a sysadmin colleague forgets to change the default password in a production deployment and you get hacked after a couple of hours."
Source: Puppet Labs contest
Trick or Treat
Well, we hope these tales don't keep you up at night or dampen your Halloween plans. Dress up, eat some candy, watch a scary movie, and remember that we can help prevent these security nightmares from happening!