That’s pretty god. Our fired employee just logged into the wifi from outside and changed the status on every helpdesk ticket to “Paul is a nob”.
He didn’t hack anything. He used a password that wasn’t changed.
Technically he was not authorized to use the computer system due to his termination which the law looks at and calls hacking.
I’ll give you half a point because technically you are right.
No, the law specifically called this “unauthorized access to computer material”. It’s right there in the article.
I said the law looks at whether it was authorized access or not, I was not citing any literal lines from the law. Didn’t read the article because I know this already because of the industry I work in and I took a course a number of years ago that literally was about this.
It’s only hacking if it’s in a CVE.
Anything else is just sparkling unauthorized access.
He also didn’t delete servers
That might be slightly illegal.
That person might be slightly doomed.
Companies need to remember to change the login password BEFORE firing people with login passwords.
One man IT shop maybe? Usually stuff like that goes through IT, because who in their right mind would give HR modify access to active directory?
Read the article.
As a former user of “the other site”, I find this suggestion highly offensive /s
Generally a firing is decided the previous day or at least an hour before it happens. Discussions are made prior to the actual meeting where the firing occurs. IT is on standby. They either deactivate the AD account and related auth methods when the employee walks in the office to have the discussion. This is a well oiled machine, so that all parties know their parts. The meeting/discussion is solely a formality and by two minutes into it, theres no longer any access granted. Security shows up at the meeting to escort the employee out and collect their badge or keys. Maybe they let the employee walk by their desk to collect their stuff, maybe the employer ships it to them later, depends on the circumstances and office layout.
I was let go somewhat recently and I noticed just yesterday that I still have admin access to their facebook app.
Time to get busy and say it’s a pen test of their systems.
In well-run orgs, yes. Most places are not well-run.
At my last job I was informed that I’d be terminated, then had to work normally for another month (the termination period), where I still had full domain admin access to all our own and our customers’ systems.
On my last day I myself had to write down a list of all the logins I had and give that to my boss, because no one else knew what accesses I even had.
During the last hour I wiped my own company PC and gave back all hardware I was given. Again, there wasn’t any record of what I was given over the years so they took my word for it. This included unencrypted USB drives with sensitive medical data on them.As someone who worked for German, as well as North American companies, your experience is not the norm in NA. Wish it was.
Server IP address: 192.168.1.1
Username: admin
Password: 12345
— Access Granted —
sudo rm -rf / --no-preserve-root
They will think twice before fire someone else. Well done
