[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [OT] msbsos password recovery



On Sun, Oct 19, 2008 at 02:45:26PM +0000, g wrote:
> 
> bob smith wrote:
> > contact the system administrator, or company CISSO
> 
> thanks for your suggestions.
> 
> this was my first suggestion, but they were told 'security policy prohibits'.
> 
> they are going to follow my second suggestion, after we crack password,
> new site provider.
> 

Who's security policy do you violate,  If this is a service provider
there must be some process to reaccess the resource if it is yours.

In general there are laws governing this stuff and any worthy 
service provider must act within the law -- as must you.

If someone dies you may be required to deliver a death certificate and 
more to validate and cover their legal needs.   Yes this can take time.

Implied in all of this is a lesson to us in large and small companies
that access and pass words and keys need to be well managed.   If you have
not placed a sealed envelope with pass words and keys in your managers locked
resource perhaps you should.

Such things need to be covered by policy and process.


-- 
	T o m  M i t c h e l l 
	Found me a new hat, now what?



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]