Security!
-
Background:
I work for a little Fortune 500 company with presence in 71 countries/regions.
For the past six months or so, we've been getting decrees from Security Operations that we must implement this or that new policy. Some of them are silly; some of them I can't believe weren't implemented before. One big one is that our website must implement SSL.
WTF:
Our Windows server admin just sent a plaintext1 email2 with our unencrypted3 PKCS #12 private key4!!! and public key pair to our Unix server admin, CCing two unrelated people5 (myself included), and two distribution lists6.
-
..... why the supertext but no footnotes?
-
-
Looks more like he's simply enumerating the WTFs...
-
ooooohh.
i wonder, are you going to be doing a PCI complaince audit?
because that should reveal a steaming pile of WTFs. :-D
-
i wonder, are you going to be doing a PCI complaince audit?
The thought terrifies me. I don't know what's coming next, they don't tell me until it's time to implement.
-
The thought terrifies me.
as long as you aren't liable for any violations you can laugh all the way to the bank...
unless you are liable for anything, or value having a personal life (instead of working 80 hour weeks to fix the violations)