From: Nathan (something@comcast.net)
To: comega@attrition.org
Resent-To: staff@attrition.org
Date: Fri, 26 Apr 2002 01:03:33 -0400
Subject: How might I....

Dearest attrition activist.
 
I don't know if you're going to delete my email or disregard it as being
trite and lame but I have a question.  I'm fairly decent with my
technology and have dabbled in system administration and IT management
for the better part of six years.  
 
By no means do I actually have the know-how to program, script, own or
rule the computing world but I do fairly well with what I know.  
 
I was recently let go by a company who completely shifted their policies
and 're-orgd'.  My policy was always researching technology and being up
on current trends and educating myself.  Education and learning was the
key to success I always thought.  This new president immediately shifted
all of my priorities to 'sales' and 'marketing'.  I was thoroughly
disappointed.  Many of my technological projects were scrapped in favor
of 'marketing' ploys and efforts.  In a nutshell this guy told me to
stop reading up and educating myself about network security and
protecting the network and start learning how to spam 50,000 customers.
It was a pretty ruthless and cutthroat change for me.
 
Needless to say weeks went by and eventually this guy replaced me with a
relative at twice my salary.  No joke at all.  He replaced an MCSE with
a VB programmer to run the show.  Someone who would focus on sales and
not on actually keeping a secure and stable environment.  
 
My question to you is this.  I architected the network.  I know every
firewall setting, every loophole, open port, etc.  I'm only slightly
bitter but even more now that I've learned they recently let go of 15
more people.  Sadly enough.after four weeks, the admin password remains
the exact same as I left it.  
 
Should I do anything with this information?  If anything I'd love to see
this company take a hit only because this asshole's mandate was to
abandon research on network security and to focus elsewhere.  His very
words were "you computer guys are all alike, who the hell would want our
data?  Like any hacker out there would even bother".  Which is true to a
point.  But 'hacker' to him was a dull misconception.  What he failed to
see was that virus activity, DOS attacks and port scanning were more
likely to bring everything down.not any 'hacker' or stereotype he has in
his mind that would 'bust in and steal data' as he imagines.  
 
To be honest with you.the internal website is ripe, it's Front Page
extensions can be easily signed into remotely using this admin password.
This is a native 2000 network and all server apps such as ISA, SQL and
Win2k are all MS apps.  Should I pursue an attack on my former company
or is this all out of unjustified spite for losing my job?  Do I have
any sort of merit here for teaching this company a lesson.  The first
lesson being ALWAYS change the admin password when the admin leaves.
Any advice is appreciated.  I don't have the knowledge to spoof my
identity so I'd feel more comfortable posting my knowledge anonymously
on a bulletin board somewhere and having others do the work in a chicken
shit sort of way.