To tell or not to tell
-
JimP_07 wrote:
lest they believe we're doing something malicious by using an unauthorized
I once (and only once) pointed out a descriptive sql error for a time card application. I was accussed by a member of the IT department of "white" hacking the app after reporting the error, which is punishable by dismissal and can be prosecuted, as I was so informed by this in-DAH-vidual. Of course I was not trying to "hack" thier application, just using it to enter my information. Lesson learned.
MrPlankton
-
JimP_07 wrote:
lest they believe we're doing something malicious by using an unauthorized
I once (and only once) pointed out a descriptive sql error for a time card application. I was accussed by a member of the IT department of "white" hacking the app after reporting the error, which is punishable by dismissal and can be prosecuted, as I was so informed by this in-DAH-vidual. Of course I was not trying to "hack" thier application, just using it to enter my information. Lesson learned.
MrPlankton
Since dismissal and/or prosecution would typically be initiated from HR, I think a cursory CC to the head of HR would have been nice. As well as the suggestion that a company wide email be sent indicating to all employees that if they encounter an exception, since this is potentially grounds for dismissal, that they should forward it to HR :D
I'm largely language agnostic
After a while they all bug me :doh:
-
During a Webinar with one of our vendors, I wanted to see for myself the site(s) the moderator was demonstrating online. So I typed in the site URL verbatim and suddently a SQL Server Error appeared which was quite explicit in it's explanation. Naturally this was due to my not properly logging into the site. I located the login page. On a lark, I typed the moderator's Username AND the same as password. I was in! This wasn't a demo site AND was secure 'https://' as well. Should I keep my mouth shut or tell said vendor about the SQL Error and how easy his password was to break?
Keep your options open. If you tell, you can't untell. If you don't tell, you can still decide to tell later. :-D
modified on Monday, May 19, 2008 9:51 PM
-
Since dismissal and/or prosecution would typically be initiated from HR, I think a cursory CC to the head of HR would have been nice. As well as the suggestion that a company wide email be sent indicating to all employees that if they encounter an exception, since this is potentially grounds for dismissal, that they should forward it to HR :D
I'm largely language agnostic
After a while they all bug me :doh:
The question I ask myself; "how would this affect my family and my self, tomarrow, next week, next month". Making a stink would have had no benificial effect other than stroking my ego in the short term. Long term, at the very least, I would have adversaries in IT department (never good).
MrPlankton
-
Keep your options open. If you tell, you can't untell. If you don't tell, you can still decide to tell later. :-D
modified on Monday, May 19, 2008 9:51 PM
-
The question I ask myself; "how would this affect my family and my self, tomarrow, next week, next month". Making a stink would have had no benificial effect other than stroking my ego in the short term. Long term, at the very least, I would have adversaries in IT department (never good).
MrPlankton
Ah, but we can dream, no?
I'm largely language agnostic
After a while they all bug me :doh:
-
During a Webinar with one of our vendors, I wanted to see for myself the site(s) the moderator was demonstrating online. So I typed in the site URL verbatim and suddently a SQL Server Error appeared which was quite explicit in it's explanation. Naturally this was due to my not properly logging into the site. I located the login page. On a lark, I typed the moderator's Username AND the same as password. I was in! This wasn't a demo site AND was secure 'https://' as well. Should I keep my mouth shut or tell said vendor about the SQL Error and how easy his password was to break?
If this is someone you've been working with for a while and you have a good relationship with them, do tell. If thats just some random company that you met with to review their offer, why the trouble ?? Keep your options open, you might end up working with them on a project one day.
-
During a Webinar with one of our vendors, I wanted to see for myself the site(s) the moderator was demonstrating online. So I typed in the site URL verbatim and suddently a SQL Server Error appeared which was quite explicit in it's explanation. Naturally this was due to my not properly logging into the site. I located the login page. On a lark, I typed the moderator's Username AND the same as password. I was in! This wasn't a demo site AND was secure 'https://' as well. Should I keep my mouth shut or tell said vendor about the SQL Error and how easy his password was to break?
Would you tell Paris Hilton how easy it is to view her goodies?
-
During a Webinar with one of our vendors, I wanted to see for myself the site(s) the moderator was demonstrating online. So I typed in the site URL verbatim and suddently a SQL Server Error appeared which was quite explicit in it's explanation. Naturally this was due to my not properly logging into the site. I located the login page. On a lark, I typed the moderator's Username AND the same as password. I was in! This wasn't a demo site AND was secure 'https://' as well. Should I keep my mouth shut or tell said vendor about the SQL Error and how easy his password was to break?
I'd tell him in a casual way. (I don't see why any other choice would be honorable.)
Anyone who thinks he has a better idea of what's good for people than people do is a swine. - P.J. O'Rourke
-
Would you tell Paris Hilton how easy it is to view her goodies?