IT admin charged in Xmas Eve rampage on charity

@ blah 5 - point of order

"Innocent until proven guilty and all that."

Er, innocent unless proven guilty, please.

Re: Excuse me?

>> More then a year after his employment ended? Why weren't the passwords changed no more then 5 minutes after his employment ended? Seriously, shit like that is why these companies keep getting smacked by former admins.

What makes you think that his passwords weren't changed? It doesn't say that in the article. How do you know he didn't physically break into the building - most technical measures are easily bypassed when you have physical access?

>> On a side though what I would like to know is why he did this. What was his reasoning to be so pissed off about it for over a year that he finally decided to do something?

Perhaps the system was so secure or his skills so limited that it took him a year to figure how to gain access after his access was revoked?

I suppose your systems are 100% secure, so that when someone compromises your systems you are completely blameless - but then if they were totally secure then no-one could crack them. By your reasoning it is always the current admin's fault for only making the system 99.999999999999999999999999999% secure - even though you can never guarantee 100% security. I suppose if the previous owner decides to break into my house, after I have changed the locks (or not), it will be my fault for not laying enough land mines in the back garden and on the stairs?

Intrusion method?

I've yet to see an account of this story that specifies the guy's method of intrusion, so although an unrevoked account is a likely culprit it's perhaps a bit early to be blaming the current admin(s). It's also possible he used a backdoor, leveraged another user's credentials through social engineering, guessed another users account details using knowledge of the employees, or used an unpatched exploit still present on the system (although the latter scenario does tend to point the finger of blame back at whoever is the current admin).

in many cases you need to blame the management ...

I am careful not to judge people for IT mistakes until I find out if their working condition make doing quality work remotely possible.

It makes you wonder

What on earth prompted this attack, a full year after working for the company?

Either the actions of the the organisation, or a member of the organisation are the only logical catalyst for such a premeditated onslaught.

After all, he had little to gain from this - financially or otherwise.

Revenge is Biter sweet

I have to admit there have been a number of occasions where I've considered it. Its normally with organisations that have a total lack of respect for IT staff and IT itself. My view is always that I have more integrity than them and more respect for my professional reputation. And I always have the joy of knmowing that their lacklustre approach to IT will end up with collapsing, trojan-ridden systems anyway.

Nah

It's definitely innocent *until* proven guilty, usually by press, speculation on CNN and hearsay. That's why they'll never create laws like you have in Britain, banning the news media from convicting the accused by press while the trial is ongoing. If that happened, the entertainment news industry that has taken the place of real news would lose at least 3/4s of it's content.