Monday, March 20, 2006
Screen all your employees
A GM security guard has been arrested for unauthorized access to a database.
Physical security matters
A press story said he "hacked" into a database. Actually he took advantage of being able to prowl around the office and find paperwork with employee Social Security Numbers on it. Then he used those to log into a database.
Don't keep databases you don't need
Maybe GM had a reason to keep track of the make, model, year and options package of the cars their employees were driving. But it's hard to see how they'd get a lot of use from it.
Try not to hire crazies, as well as not hiring crooks
What did the security guard do with his ill-gotten knowledge? He posed as a QA representative and sent people repetitive email asking how well they liked their cars. He didn't get money or revenge or any of the usual motivators for computer crooks. The closest thing to an explanation he ever gave was that he was bored.
|
Physical security matters
A press story said he "hacked" into a database. Actually he took advantage of being able to prowl around the office and find paperwork with employee Social Security Numbers on it. Then he used those to log into a database.
Don't keep databases you don't need
Maybe GM had a reason to keep track of the make, model, year and options package of the cars their employees were driving. But it's hard to see how they'd get a lot of use from it.
Try not to hire crazies, as well as not hiring crooks
What did the security guard do with his ill-gotten knowledge? He posed as a QA representative and sent people repetitive email asking how well they liked their cars. He didn't get money or revenge or any of the usual motivators for computer crooks. The closest thing to an explanation he ever gave was that he was bored.
# posted by Frederick @ 9:39 PM Email to a friend:
Haloscan: they provide trackback