• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

I found a security breach, what do I do?

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
nealric

nealric

Member
Joined
Sep 9, 2002
Location
under the floorboards
I just finnished a job taking inventory at foleys (department store). Sorting throught the clothes, i found some discarded paper with some sensitive network information on it- Like the administrator username, a list of servers + Ips, their firewall, etc.

My immediate boss wasnt too bright, and coporate office wasnt open at the time- so there really was nobdoy to bring it up to.

What should I do about this?

1) Say nothing, throw the papers away

2) Try to go back to coporate and find the IT guy

3) Send a non anonymous email explaining myself and how i found the papers.

4) Send an anonymous email descibing myself as a "customer" who chanced to find the papers.

Ive heard stories of people getting in all kinda trouble for notifying admins of secuirty breaches- they get kinda testy. Also, I dont want to be suspected of using the information in an illicit manner.

Has anybody else else been in a similar situation -how did you handle it?
 
First of all are the IP addresses of machines at work, or what, what machines do the IP's belong to. If it were me I wouldn't think anything about it. I surely wouldn't tell anyone, but then again I spend my time finding ways into machines, not keeping people out. hehe
 
personly

i would either destory the papers or leave them where you found them

that is unless this is your carrer job and you will suffer greatly if this company goes down.

i give it like a gizion to 1 odds of anything happening but i wouldnt want anyone knowing that i even know waht the admin password and log on was if anything goes down they will suspect you
 
Well if you turn in the paper you might get a increes in pay for you good dead. :)

Well what you could do is go to the IT guy and say hay I found this on the floor and it looks like some computer information and I thought that you might know what it is. That way you can leave it up to the IT guy what to do withe the paper.

Or you could guist destory the paper and they way it could not fall into the worng hands.
 
Crash893 said:
personly

i would either destory the papers or leave them where you found them

that is unless this is your carrer job and you will suffer greatly if this company goes down.

i give it like a gizion to 1 odds of anything happening but i wouldnt want anyone knowing that i even know waht the admin password and log on was if anything goes down they will suspect you
Click to expand...

agreed. If you tell someone, and they know you know the password, and something happens with their network, they'll think it's you.
 
Personally, I'd wait until the offices are open, and take them to the Personell Director.
Explain where you found them, and what it could be used for "if you weren't so honest", and they'll take care of it.
The passwords will be changed in half and hour, I garontee, and that's the person who really should know who can be trusted if you plan on furthering your career at this store.

Just tossing them doesn't fix anything, the security problem will continue until possibly your payroll is effected.
 
actually, i changed my mind. If you do bring them to someone in charge, the passwords WILL be changed immediately. You'll be known to be trusted because of what you did. I agree totally with Diggrr.
 
it depends on your status in the buizness

if your a grunt your probably always going to be a grunt

if you a little higher up i would do what diggrr said
 
Was you Dumpster diving? I would take them to the head honcho' And tell him that His IT person in charge does not take security seriously. Then apply for the job...

Hey, its a cut throat world...
 
Im done with the job as of today- It was just taking inventory.

That taking the IT guys job sounds pretty interesting....
Only reason I took this one was the bad IT job market :D

So... No reprocussions- cept they havnt payed me yet.

It was really odd how i found it- It was just under a pile of clothes I had to scan- all crumpled. It was like something you would find if you were really sucessful dumpster diving though.

Right now, im leaning towards destroying the papers. Im afraid if I came back with them and seemed to know what they were- it would seem like I did something with them.

I might however mail an anonymous letter notifying them of the need to change paswords.
 
You must log in or register to reply here.

Similar threads

scottw182
HD Tune found 3.9% damaged blocks, what should I do?
Replies
15
Views
28K
Automata
Automata
D
in what can only be called a mammoth security breach.
Replies
3
Views
543
Dolk
D
pauld5999
I lost my paypal dispute today as a seller for an 4870 1GB I shipped : (
2 3
Replies
40
Views
6K
prime81
prime81
jivetrky
The "I Found a Really Sweet Firefox Extension and Feel I Need to Share" Thread
Replies
16
Views
1K
Automata
Automata
nealric
advice needed
Replies
3
Views
456
nealric
nealric
Back