Technology

65879 readers

5340 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

[email protected]

640

Developer convicted for “kill switch” code activated upon his termination (arstechnica.com)

submitted 1 day ago by [email protected] to c/[email protected]

96 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 36 points 1 day ago (3 children)

Initially makes me wonder how the employer could be so dumb as to give one employee so much access. But then I remember a former employer of mine did the same and worse.

Colleague was known for writing his comments in such a way that only he could read them, including mixing in German (US based company doing all business in English). He was also the admin of our CAD system and would use it as leverage to get his way on things, including not giving even default user access to engineers he didn't like. We migrated systems and everyone was thinking, "this is it, the chance to root this guy out of the admin position" and... they gave him admin access again. Not even our IT department had the access he had. I left before the guy retired / was fired, this post is making me wonder if he left peacefully or left bricking the CAD system out.

[–] [email protected] 3 points 1 day ago

Initially makes me wonder how the employer could be so dumb as to give one employee so much access.

Right now, just based purely on the access I need to do my day-to-day job involves me having access where I can pretty much nuke everything from orbit, with an ssh loop.

At some point, you need to trust your employees, in order to get work done. Sure, you can lock it all down tightly, but then you just made work take longer. It's a trade off.

[–] [email protected] 5 points 1 day ago (1 children)

My previous work didn't revoked my access to their CMS. I was so upset when they laid me off after telling them my wife is pregnant.

But I ain't that stupid.

[–] [email protected] 4 points 1 day ago (1 children)

Aren't you no longer binded by profesional silence? Just log in into their DB, export it and try to get a seller

[–] [email protected] 3 points 1 day ago

Again, not that stupid.

[–] [email protected] 2 points 1 day ago

Initially makes me wonder how the employer could be so dumb as to give one employee so much access.

The amount of access he had doesn't surprise me. He'd been there for 11 years already likely working on many things as he interacted with systems in the course of his legitimate work. While its possible to set up access and permissions in an organization utilizing the "least privilege principle", its expensive, difficult to maintain, and adds lots of slowdowns in velocity to business operations. Its worth it to prevent this exact case from the article, but lots of companies don't have the patience or can't afford it.