During a presentation on new software, Joe pointed out to me that the syntax they used was allowing wildcards of a type that suggested that inputs weren’t being sanitized. With a little poking, we determined that we could execute queries that could be harmful. I brought this up to the IT head that I had previously sought a job from.

Me: I think there could be a security hole in this.
Him: Hm… good observation. I think we have everything left open for now but I’ll make a note to make sure we lock everything back up when we’re done. You know, we’re looking for a security guy.
Me: Good to know, I’ll shoot you my resume, again.

I probably said one word too many.

The magical computer faeries finally arrived today with my new desktop and after telling the installation guy who had the deadly combination of horrible breath and a soft voice that required leaning in to hear him that I’d been at BMS before he simply left without telling me my new password.  I called him as he’d left his card and he said he couldn’t tell me my password and that I’d have to call in to do a manual password reset that history informed me takes about an hour.  I resigned myself losing my afternoon in a labyrinthine bureaucracy until I saw that he’d left his notebook containing the remaining set-ups and passwords for the rest of his jobs that day.  I called again:
Me: Mr. X, are you missing something?
Him: What do you mean?
Me: Oh, I don’t know.  A certain yellow datebook with a list of executive passwords in it?
Him: I’ll swing by and pick it up.  Leave it on your desk.
Me: The book could be lost again before you get here.  I certainly can’t be responsible for your stuff…
Him: What do you want.
Me: My password… now.
Him: I can’t that violates our firm’s policy I’ve told you that…
Me: Could you hold on, your notebook appears to have disappeared.
Him: Okay! I’ll tell you.  I’ll be over in about an hour.
Me: Half an hour.
Him: 45 minutes.
Me: Deal.
I hung up the phone and resumed petting my Persian cat in my high-back leather chair.

There’s a super-secret IT room at work that normally requires a blood sample, ID badge and post-humous Nobel prize to enter and even when the two people that can go in do, they look both ways before entering and slip through the door rather than open it.  I saw a fleeting glimpse in it once and each monitor had a privacy screen and there was a log-in log-out book.

Today, there were contractors working in the room and the normal entry procedures went through, except to simplify getting back in, they jammed a garbage can in the door.  A fucking garbage can.  The whole day consisted of an intricate dance of curious employees trying to peek in the sepulcher of data and workers looking bewildered at why everyone’s staring at the garbage can.  Who needs multi-factor authentication when you have a 1 gallon Rubbermaid cylinder?