Friday, February 14, 2014

Snowden used another worker's logon: a basic no-no where I worked

The recent story that another NSA employee gave Edward Snowden his logon, and has now resigned, reminds me of IT department policy in the past.

But many accounts say that the worker trusted Snowden because he was the "IT worker" who was supposed to fix a problem.  (That reminds me of Mark Zcukerberg's infamous email, "They 'trusted; me, Dumf f___".  And a middle school math teacher didn't like it when I used the word "dumb bunny" one time.)

I started at Chilton Credit Reporting in Dallas in late 1981.  Within a month, there was a memo warning us that we were responsible for any misuse of our own passwords, even on the old CMS system (like VM) before they switched to Roscoe under MVS (in an Ahmdahl IBM emulation environment).  We were told we should log out before leaving our desks.

In the late 1980s, source management systems gave companies the ability to guarantee source-load module integrity by properly locking components as part of the elevation process.  Companies were sometimes slow to enforce the new rules until the early 90s, making them vulnerable to dishonest employees.

These sorts of problems have been around as long as there were computer shops.  

No comments: