In today’s edition of, “how not to get a recommendation from a former employer”…
From The Chronicle of Higher Education:
University of Florida officials now say that the message was sent by a former employee of Mobile Campus, the vendor that the university uses to operate the text-message alert service. The employee was trying to show off to a friend that he still had access to the university’s system when he accidentally sent the message, according to a statement from the university.
“It raises a concern for us that a former employee was able to still access the system,†said Stephen F. Orlando, a spokesman for the university, in an interview today. “Clearly that’s an issue that needs to be addressed and fixed.â€
Ya think? The absence of a staff exit procedure (or use thereof) is self evident. It’s bad enough that the former employee still had access to the aforementioned system. This is a system that is in place as an emergency alert mechanism. It’s a sad reflection on the vendor that this person could still get in.
But, then the requisite stupidity rears its ugly head. The “spin”.
But Mr. Orlando stressed that no one had hacked into the system, and he said the university was working with Mobile Campus to keep any further unauthorized messages from going out.
“No one had hacked”. An exercise in semantics. He didn’t write some buffer overflow. He got in because his access to the system was never removed. Call it a hack, breach or a bag of potato chips. It still happened. I would be less concerned if he accessed the system via a zero day hack than a piss poor procedural failure.
Just saying.
For the full article read on.
Very interesting event that really hit home for me. My last job was primarily made up of user account administration for 12,500+ employees. Every day I had a pile that HR had sent to my manager quite thick of people that needed to be terminated and new people that needed in. More days than not I got high priority termination tickets (especially for the IT people who know what they are doing) for people who needed their access removed immediately and sometimes even saw the person getting in their car at the end of the day.