I’m pawing through the internet tonight and I found this article on the New Zealand Herald reporting an incident of the New Zealand Labour Department’s web site being hacked. The thing that is most astonishing is that the method of hack is believed to be “…administrator’s password has been guessed…” What the hell is an administrator account (most likely the administrator account) doing with a guessable password? Isn’t this one of the things that you learn in your Networking 101 class at the local 3rd rate community college?
The other thing I wanted to mention today also has to do with so called professionals dropping the ball in a very visible way. I recently experienced an installation of our software into a final, just before production, staging area. This is supposed to be a test of both the manual and automated installation processes. Part of the process is that we hand off the installation files to the corporate IT department and they perform all the steps themselves with help from us when needed. In this case the individual in the IT department snuggles up to their keyboard and Remote Desktops into the Web and App servers. First step; uninstall the previous version. Process complete, no problems…….except…….oh my…..those weren’t……it looks like they were…..not possible…. Oh yes folks, they did manage to get logged into the production Web and App servers and uninstall the software while it was churning away full tilt, exposed to the world. Luckily we had two App and two Web servers that were load balanced so all we had to do was direct all requests to the untouched servers.
The worst thing out of these two stories isn’t that people performed these stupid human tricks. Instead it’s that they won’t get fired. They probably won’t get disciplined. Heck I’d even bet that the incidents will be forgotten when their next review comes around.
I’m the Igloo Coder and I’m beginning to wonder how I’ll ship the ice blocks to the south pole.