Reply to post:

Sysadmin 'trashed old bosses' Oracle database with ticking logic bomb'

TheVogon Silver badge

"That's right, but consider they should have also revoked all the access for the remote devices"

Ideally the device substitution would have been spotted, but I think that one would have got past most corporate checks I have seen. What this relies on is that the user also needs to authenticate.

The main failing here is that he was able to know another users admin credentials - and they were not changed

WiFi is not always the only way in. I have been able to plug an Ethernet cable into the back of an IP phone in a (bank's !!) reception area and meeting rooms before and get access to the corporate LAN...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019