Re: It's a bit disappointing
"In my mind, if I do not get confirmation of something from a known authority, you can leave and come do your audit at a later date when I have been notified."
That sounds very nice... on paper. Even those who consciously make some effort to keep to such principles can be vulnerable to an attacker pushing the right buttons with appropriate mastery, playing off fears for one's own job security in case of a hard refusal, the other person's prospects for the same in case you don't play along, etc. It's all about how convincing the attacker manages to get, how much insider information they seem to know, and how well they sell the pickle they're allegedly in if you refuse to help.
That's not to say heartless BOFHs don't exist, but most people would need to either consider their protected target to be of incredible importance or halfway expect some sort of attack in order to find the resolve to stay completely inflexible faced with a really skilled attacker. At any rate, a properly skilled one would know when to back out inconspicuously if they've hit an unexpected hard spot and would just find an easier point of access - that thing about chains, links, weaknesses etc.
Biting the hand that feeds IT
