On 2017-03-31 22:31, Konstantin Olchanski wrote:
On Fri, Mar 31, 2017 at 07:10:22PM -0700, jdow wrote:That's why I pictured IT plus other corporate authorities. When you compromise security on a company's network you give away the keys to the corporate kingdom. That can, has, and should lead to a firing. Having a password that doesn't meet spec is a whole different ballgame.None of this makes sense. Installing a wifi hotspot in a locked room in a locked building (where it cannot possibly be accessed by unauthorised people) is a firing offense but using the same password for root and for yahoo is ok (or just a slap on the wrist).
THAT demands a reply considering that I am somewhat if an expert in the electronics and technology used in radios of all kinds, including WiFi hot spots. Unless the building is a Tempest qualified facility or is a considerable distance from roads it's a very easy matter to exchange signals with a WiFi MODEM. A nice high gain directional antenna is a common tool for WiFi hackers. Radio does not abide by locks, locked rooms, or locked buildings. It does care about the walls between the transmitter and receiver. But usually adding some antenna gain solves that problem neatly.
In about 1990 give or take a little somebody had setup in a car outside the Torrance courthouse in California. He had a gadget that demonstrated why TEMPEST standards meant something. His screen painted what was on the screens in the court house offices. (These days it would be harder because of the number of computers there. In those days separating the leakage signals was not as hard.) The TEMPEST facility where I worked near there was a well shielded area with special locks to keep people out and NO network in or out of the room. They spent two months building it and securing it. It had a guard in it 24/7 to keep material inside on the inside. Fortunately USB did not exist in those days. The computer was a small VAX running VMS.
As for using the same password multiple places - how in h-e-double-toothpicks are you going to police that in a legal and secure manner? If course it should get the guy tossed out on his ear if he does it and is caught. That event shows he is beyond stupid into criminally stupid enough to be caught doing it. (Who was shoulder surfing while he was typing his password?)
Should I take it as a fact that you have setup such a configuration where you work and are trying to justify your act? Don't answer, I'd feel compelled to be a nasty tattle-tale about it.
{^_^}
