On 2017-03-31 22:31, Konstantin Olchanski wrote:
On Fri, Mar 31, 2017 at 07:10:22PM -0700, jdow wrote:
That's why I pictured IT plus other corporate authorities. When you
compromise security on a company's network you give away the keys to
the corporate kingdom. That can, has, and should lead to a firing.
Having a password that doesn't meet spec is a whole different
ballgame.
None of this makes sense. Installing a wifi hotspot in a locked
room in a locked building (where it cannot possibly be accessed
by unauthorised people) is a firing offense but using the same
password for root and for yahoo is ok (or just a slap on the wrist).
THAT demands a reply considering that I am somewhat if an expert in the
electronics and technology used in radios of all kinds, including WiFi hot
spots. Unless the building is a Tempest qualified facility or is a considerable
distance from roads it's a very easy matter to exchange signals with a WiFi
MODEM. A nice high gain directional antenna is a common tool for WiFi hackers.
Radio does not abide by locks, locked rooms, or locked buildings. It does care
about the walls between the transmitter and receiver. But usually adding some
antenna gain solves that problem neatly.
In about 1990 give or take a little somebody had setup in a car outside the
Torrance courthouse in California. He had a gadget that demonstrated why TEMPEST
standards meant something. His screen painted what was on the screens in the
court house offices. (These days it would be harder because of the number of
computers there. In those days separating the leakage signals was not as hard.)
The TEMPEST facility where I worked near there was a well shielded area with
special locks to keep people out and NO network in or out of the room. They
spent two months building it and securing it. It had a guard in it 24/7 to keep
material inside on the inside. Fortunately USB did not exist in those days. The
computer was a small VAX running VMS.
As for using the same password multiple places - how in h-e-double-toothpicks
are you going to police that in a legal and secure manner? If course it should
get the guy tossed out on his ear if he does it and is caught. That event shows
he is beyond stupid into criminally stupid enough to be caught doing it. (Who
was shoulder surfing while he was typing his password?)
Should I take it as a fact that you have setup such a configuration where you
work and are trying to justify your act? Don't answer, I'd feel compelled to be
a nasty tattle-tale about it.
{^_^}