Dealing with an internal ScriptKiddie2019 Community Moderator ElectionDealing with unpleasant food...
Sets that are both Sum-free and Product-free
Can you help me solve this algebra problem?
How do I avoid the "chosen hero" feeling?
How can I prevent an oracle who can see into the past from knowing everything that has happened?
Can you say "leftside right"?
Why can all solutions to the simple harmonic motion equation be written in terms of sines and cosines?
When does a person lose diplomatic status?
In the Lost in Space intro why was Dr. Smith actor listed as a special guest star?
How do I add a strong "onion flavor" to the biryani (in restaurant style)?
Do the speed limit reductions due to pollution also apply to electric cars in France?
Crack the bank account's password!
Is the UK legally prevented from having another referendum on Brexit?
Is Screenshot Time-tracking Common?
How do I make my single-minded character more interested in the main story?
How can guns be countered by melee combat without raw-ability or exceptional explanations?
Why write a book when there's a movie in my head?
Is layered encryption more secure than long passwords?
Why don't you get burned by the wood benches in a sauna?
Can you prevent a man in the middle from reading the message?
Coworker asking me to not bring cakes due to self control issue. What should I do?
Disk space full during insert, what happens?
In a post apocalypse world, with no power and few survivors, would Satnav still work?
If we can’t finish all tasks, does this mean we are doing Scrum wrong?
Boss asked me to sign a resignation paper without a date on it along with my new contract
Dealing with an internal ScriptKiddie
2019 Community Moderator ElectionDealing with unpleasant food odorsDealing with inappropriate emails from recruitersDealing with rude senior colleaguesDealing with gossipsDealing with over smart colleagueDealing with supervisor time theftDealing with a co-worker with a farting problemDealing with a very problematic co-workerDealing with senior bullyingDealing with criticism from boss
Shorter version:
We've been dealing with a credit card number scraping problem on our website for a couple of months.
I have evidence which points to a co-worker being the culprit.
The evidence is strong, but circumstantial, not direct.
How do I handle the situation?
How do I present this to my boss?
Because I previously alluded to this suspicion, only for her to shrug it off at that time. She thinks that if I set up the security protocols good enough, then it doesn't matter that we have a thief working in the office.
Edit: I am not his boss, therefore do not have the authority to take action other than informing, but I am the SysAdmin and have the, albeit circumstantial, evidence.
professionalism termination
asked 3 hours ago
danFbachdanFbach
184
New contributor
danFbach is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
|
show 9 more comments
Shorter version:
We've been dealing with a credit card number scraping problem on our website for a couple of months.
I have evidence which points to a co-worker being the culprit.
The evidence is strong, but circumstantial, not direct.
How do I handle the situation?
How do I present this to my boss?
Because I previously alluded to this suspicion, only for her to shrug it off at that time. She thinks that if I set up the security protocols good enough, then it doesn't matter that we have a thief working in the office.
Edit: I am not his boss, therefore do not have the authority to take action other than informing, but I am the SysAdmin and have the, albeit circumstantial, evidence.
professionalism termination
asked 3 hours ago
danFbachdanFbach
184
New contributor
danFbach is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
Paragraphs are your friend. So are summations. That's a dense read.
– Dark Matter
3 hours ago
Perhaps you should consider going to her boss, on the grounds that if she is using the same password everywhere then she does not understand the issues... At the very least ScriptBaby should get moved to another department... I would also suggest that you and one trusted other are the only ones to have the admin password... I would not consider your boss to the one...
– Solar Mike
3 hours ago
Welcome new user; while this is perhaps on topic, and a fun luvin' question - it si Simply Too Long. I would encourage you to just edit it.
– Fattie
2 hours ago
@danFbach - I put in a suggested "short version" for you. Do as you wish with it. Or, just leave them both.
– Fattie
2 hours ago
1
What country is this in? Does the suspect in question have an at-will contract? Seems like this is not only grounds for instant termination, but also likely involvement of the police.
– binarymax
2 hours ago
|
show 9 more comments
Shorter version:
We've been dealing with a credit card number scraping problem on our website for a couple of months.
I have evidence which points to a co-worker being the culprit.
The evidence is strong, but circumstantial, not direct.
How do I handle the situation?
How do I present this to my boss?
Because I previously alluded to this suspicion, only for her to shrug it off at that time. She thinks that if I set up the security protocols good enough, then it doesn't matter that we have a thief working in the office.
Edit: I am not his boss, therefore do not have the authority to take action other than informing, but I am the SysAdmin and have the, albeit circumstantial, evidence.
professionalism termination
asked 3 hours ago
danFbachdanFbach
184
New contributor
danFbach is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Shorter version:
We've been dealing with a credit card number scraping problem on our website for a couple of months.
I have evidence which points to a co-worker being the culprit.
The evidence is strong, but circumstantial, not direct.
How do I handle the situation?
How do I present this to my boss?
Because I previously alluded to this suspicion, only for her to shrug it off at that time. She thinks that if I set up the security protocols good enough, then it doesn't matter that we have a thief working in the office.
Edit: I am not his boss, therefore do not have the authority to take action other than informing, but I am the SysAdmin and have the, albeit circumstantial, evidence.
professionalism termination
professionalism termination
asked 3 hours ago
danFbachdanFbach
184
New contributor
danFbach is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 3 hours ago
danFbachdanFbach
184
New contributor
danFbach is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 2 hours ago
danFbach
asked 3 hours ago
danFbachdanFbach
184
New contributor
danFbach is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 3 hours ago
danFbachdanFbach
184
asked 3 hours ago
danFbachdanFbach
184
184
New contributor
danFbach is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
danFbach is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
danFbach is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
Paragraphs are your friend. So are summations. That's a dense read.
– Dark Matter
3 hours ago
Perhaps you should consider going to her boss, on the grounds that if she is using the same password everywhere then she does not understand the issues... At the very least ScriptBaby should get moved to another department... I would also suggest that you and one trusted other are the only ones to have the admin password... I would not consider your boss to the one...
– Solar Mike
3 hours ago
Welcome new user; while this is perhaps on topic, and a fun luvin' question - it si Simply Too Long. I would encourage you to just edit it.
– Fattie
2 hours ago
@danFbach - I put in a suggested "short version" for you. Do as you wish with it. Or, just leave them both.
– Fattie
2 hours ago
1
What country is this in? Does the suspect in question have an at-will contract? Seems like this is not only grounds for instant termination, but also likely involvement of the police.
– binarymax
2 hours ago
|
show 9 more comments
1
Paragraphs are your friend. So are summations. That's a dense read.
– Dark Matter
3 hours ago
Perhaps you should consider going to her boss, on the grounds that if she is using the same password everywhere then she does not understand the issues... At the very least ScriptBaby should get moved to another department... I would also suggest that you and one trusted other are the only ones to have the admin password... I would not consider your boss to the one...
– Solar Mike
3 hours ago
Welcome new user; while this is perhaps on topic, and a fun luvin' question - it si Simply Too Long. I would encourage you to just edit it.
– Fattie
2 hours ago
@danFbach - I put in a suggested "short version" for you. Do as you wish with it. Or, just leave them both.
– Fattie
2 hours ago
1
What country is this in? Does the suspect in question have an at-will contract? Seems like this is not only grounds for instant termination, but also likely involvement of the police.
– binarymax
2 hours ago
1
1
Paragraphs are your friend. So are summations. That's a dense read.
– Dark Matter
3 hours ago
Paragraphs are your friend. So are summations. That's a dense read.
– Dark Matter
3 hours ago
Perhaps you should consider going to her boss, on the grounds that if she is using the same password everywhere then she does not understand the issues... At the very least ScriptBaby should get moved to another department... I would also suggest that you and one trusted other are the only ones to have the admin password... I would not consider your boss to the one...
– Solar Mike
3 hours ago
Perhaps you should consider going to her boss, on the grounds that if she is using the same password everywhere then she does not understand the issues... At the very least ScriptBaby should get moved to another department... I would also suggest that you and one trusted other are the only ones to have the admin password... I would not consider your boss to the one...
– Solar Mike
3 hours ago
Welcome new user; while this is perhaps on topic, and a fun luvin' question - it si Simply Too Long. I would encourage you to just edit it.
– Fattie
2 hours ago
Welcome new user; while this is perhaps on topic, and a fun luvin' question - it si Simply Too Long. I would encourage you to just edit it.
– Fattie
2 hours ago
@danFbach - I put in a suggested "short version" for you. Do as you wish with it. Or, just leave them both.
– Fattie
2 hours ago
@danFbach - I put in a suggested "short version" for you. Do as you wish with it. Or, just leave them both.
– Fattie
2 hours ago
1
1
What country is this in? Does the suspect in question have an at-will contract? Seems like this is not only grounds for instant termination, but also likely involvement of the police.
– binarymax
2 hours ago
What country is this in? Does the suspect in question have an at-will contract? Seems like this is not only grounds for instant termination, but also likely involvement of the police.
– binarymax
2 hours ago
|
show 9 more comments
3 Answers
3
active
oldest
votes
You go to your boss and say, in this order:
- I have locked everything down so that an attack like that will not happen again
- Insider attacks are always harder to defend against. For example they might take advantage of knowing some of us use the same passwords for several things. Practices that are perfectly safe against outsider attacks can leave us vulnerable to insider attacks
- If you want to investigate the source of the attacks, I have quite a lot of data gathered already and can look into it further if it's important
- I am personally convinced precisely who it was, though I couldn't prove it in a court of law. Let me know if that's something you want to pursue.
These are the things that matter to the boss. The direction of the conversation after that is up to the boss, not you.
The reason for this order is so that the boss can wander on a tangent or end the conversation at any time and the most important stuff was still covered. So after the first sentence, the boss may just say "good job, thanks, bye now" and you at least led with your accomplishment. After the second sentence you have mentioned that this wasn't a general failing to protect from strangers, but at most a minor flaw in your preparedness, and planted a seed about just who it is that reuses their passwords like that. The last two sentences have specific prompts for the boss to tell you things because if you've been allowed to say this many sentences, you're not getting shrugged off and can ask for authority to investigate and report your findings.
answered 2 hours ago
Kate GregoryKate Gregory
109k43238342
Yeah, that is pretty much the opinion I've come too as well. However, after having been shrugged off so many times, I feel like the street corner guy with the cardboard sign saying "The End Is Near..." Thank you Kate, Appreciate the reassurance.
– danFbach
2 hours ago
add a comment |
You go to your boss, tell them everything you have, and the boss makes their decision.
There is no "innocent until proven guilty" here unless your boss wants to take the scriptskiddy to court and then to jail. The boss has in my opinion no choice other than firing the kid.
answered 3 hours ago
gnasher729gnasher729
88.6k40157279
Thanks, I'm of a similar opinion. Though, firing is not my choice to make. And lacking true "Digital Fingerprints," I do hold some reservations about making my case.
– danFbach
2 hours ago
add a comment |
The kid is the minor of the problems your company has. The kid can easily be dealt with. The boss shrugging it off is the more major liability here.
Your company is dealing with credit cards. Dealing with credit cards comes with a whole list of regulations. Which includes promptly dealing with security issues. Your company probably does not want the credit card companies refusing to do business with you.
If your boss is shrugging it off, you go to her boss.
answered 1 hour ago
AbigailAbigail
3,02021018
yes, I am aware of PCI regulations. I'm also aware that credit card scraping happens everywhere, from fortune 500 to mom & pop shops. We follow regulations and our set up is quite secure - My superiors just didn't believe an attack could come from within which is why they resisted sec protocol changes. Finally this week, I chose to disobey and enact them. I caught some grief, but they're still in place.
– danFbach
1 hour ago
TBH it sounds like the setup of the company you describe is a shambles. When you say "Even Petco has been attacked!" that is because they made mistakes within a mature, professional setup. In contrast, it sounds like this current company is a dumpster fire. You should go work somewhere better. Get more money, too!
– Fattie
1 hour ago
In terms of Abigail's answer. The credit card companies are: whores. There's no other word. If you check "LOOK THE OTHER WAY" in a dictionary, you get a photo of Credit Card Companies. If you buy one of those "LOOK THE OTHER WAY" motivational meme posters, it has a photo of Credit Card Companies. So, you can't look to them for quality standards.
– Fattie
1 hour ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "423"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: false,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
danFbach is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f130004%2fdealing-with-an-internal-scriptkiddie%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
StackExchange.ready(function () {
$("#show-editor-button input, #show-editor-button button").click(function () {
var showEditor = function() {
$("#show-editor-button").hide();
$("#post-form").removeClass("dno");
StackExchange.editor.finallyInit();
};
var useFancy = $(this).data('confirm-use-fancy');
if(useFancy == 'True') {
var popupTitle = $(this).data('confirm-fancy-title');
var popupBody = $(this).data('confirm-fancy-body');
var popupAccept = $(this).data('confirm-fancy-accept-button');
$(this).loadPopup({
url: '/post/self-answer-popup',
loaded: function(popup) {
var pTitle = $(popup).find('h2');
var pBody = $(popup).find('.popup-body');
var pSubmit = $(popup).find('.popup-submit');
pTitle.text(popupTitle);
pBody.html(popupBody);
pSubmit.val(popupAccept).click(showEditor);
}
})
} else{
var confirmText = $(this).data('confirm-text');
if (confirmText ? confirm(confirmText) : true) {
showEditor();
}
}
});
});
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
You go to your boss and say, in this order:
- I have locked everything down so that an attack like that will not happen again
- Insider attacks are always harder to defend against. For example they might take advantage of knowing some of us use the same passwords for several things. Practices that are perfectly safe against outsider attacks can leave us vulnerable to insider attacks
- If you want to investigate the source of the attacks, I have quite a lot of data gathered already and can look into it further if it's important
- I am personally convinced precisely who it was, though I couldn't prove it in a court of law. Let me know if that's something you want to pursue.
These are the things that matter to the boss. The direction of the conversation after that is up to the boss, not you.
The reason for this order is so that the boss can wander on a tangent or end the conversation at any time and the most important stuff was still covered. So after the first sentence, the boss may just say "good job, thanks, bye now" and you at least led with your accomplishment. After the second sentence you have mentioned that this wasn't a general failing to protect from strangers, but at most a minor flaw in your preparedness, and planted a seed about just who it is that reuses their passwords like that. The last two sentences have specific prompts for the boss to tell you things because if you've been allowed to say this many sentences, you're not getting shrugged off and can ask for authority to investigate and report your findings.
answered 2 hours ago
Kate GregoryKate Gregory
109k43238342
Yeah, that is pretty much the opinion I've come too as well. However, after having been shrugged off so many times, I feel like the street corner guy with the cardboard sign saying "The End Is Near..." Thank you Kate, Appreciate the reassurance.
– danFbach
2 hours ago
add a comment |
You go to your boss and say, in this order:
- I have locked everything down so that an attack like that will not happen again
- Insider attacks are always harder to defend against. For example they might take advantage of knowing some of us use the same passwords for several things. Practices that are perfectly safe against outsider attacks can leave us vulnerable to insider attacks
- If you want to investigate the source of the attacks, I have quite a lot of data gathered already and can look into it further if it's important
- I am personally convinced precisely who it was, though I couldn't prove it in a court of law. Let me know if that's something you want to pursue.
These are the things that matter to the boss. The direction of the conversation after that is up to the boss, not you.
The reason for this order is so that the boss can wander on a tangent or end the conversation at any time and the most important stuff was still covered. So after the first sentence, the boss may just say "good job, thanks, bye now" and you at least led with your accomplishment. After the second sentence you have mentioned that this wasn't a general failing to protect from strangers, but at most a minor flaw in your preparedness, and planted a seed about just who it is that reuses their passwords like that. The last two sentences have specific prompts for the boss to tell you things because if you've been allowed to say this many sentences, you're not getting shrugged off and can ask for authority to investigate and report your findings.
answered 2 hours ago
Kate GregoryKate Gregory
109k43238342
Yeah, that is pretty much the opinion I've come too as well. However, after having been shrugged off so many times, I feel like the street corner guy with the cardboard sign saying "The End Is Near..." Thank you Kate, Appreciate the reassurance.
– danFbach
2 hours ago
add a comment |
You go to your boss and say, in this order:
- I have locked everything down so that an attack like that will not happen again
- Insider attacks are always harder to defend against. For example they might take advantage of knowing some of us use the same passwords for several things. Practices that are perfectly safe against outsider attacks can leave us vulnerable to insider attacks
- If you want to investigate the source of the attacks, I have quite a lot of data gathered already and can look into it further if it's important
- I am personally convinced precisely who it was, though I couldn't prove it in a court of law. Let me know if that's something you want to pursue.
These are the things that matter to the boss. The direction of the conversation after that is up to the boss, not you.
The reason for this order is so that the boss can wander on a tangent or end the conversation at any time and the most important stuff was still covered. So after the first sentence, the boss may just say "good job, thanks, bye now" and you at least led with your accomplishment. After the second sentence you have mentioned that this wasn't a general failing to protect from strangers, but at most a minor flaw in your preparedness, and planted a seed about just who it is that reuses their passwords like that. The last two sentences have specific prompts for the boss to tell you things because if you've been allowed to say this many sentences, you're not getting shrugged off and can ask for authority to investigate and report your findings.
answered 2 hours ago
Kate GregoryKate Gregory
109k43238342
You go to your boss and say, in this order:
- I have locked everything down so that an attack like that will not happen again
- Insider attacks are always harder to defend against. For example they might take advantage of knowing some of us use the same passwords for several things. Practices that are perfectly safe against outsider attacks can leave us vulnerable to insider attacks
- If you want to investigate the source of the attacks, I have quite a lot of data gathered already and can look into it further if it's important
- I am personally convinced precisely who it was, though I couldn't prove it in a court of law. Let me know if that's something you want to pursue.
These are the things that matter to the boss. The direction of the conversation after that is up to the boss, not you.
The reason for this order is so that the boss can wander on a tangent or end the conversation at any time and the most important stuff was still covered. So after the first sentence, the boss may just say "good job, thanks, bye now" and you at least led with your accomplishment. After the second sentence you have mentioned that this wasn't a general failing to protect from strangers, but at most a minor flaw in your preparedness, and planted a seed about just who it is that reuses their passwords like that. The last two sentences have specific prompts for the boss to tell you things because if you've been allowed to say this many sentences, you're not getting shrugged off and can ask for authority to investigate and report your findings.
answered 2 hours ago
Kate GregoryKate Gregory
109k43238342
edited 1 hour ago
answered 2 hours ago
Kate GregoryKate Gregory
109k43238342
answered 2 hours ago
Kate GregoryKate Gregory
109k43238342
answered 2 hours ago
Kate GregoryKate Gregory
109k43238342
109k43238342
Yeah, that is pretty much the opinion I've come too as well. However, after having been shrugged off so many times, I feel like the street corner guy with the cardboard sign saying "The End Is Near..." Thank you Kate, Appreciate the reassurance.
– danFbach
2 hours ago
add a comment |
Yeah, that is pretty much the opinion I've come too as well. However, after having been shrugged off so many times, I feel like the street corner guy with the cardboard sign saying "The End Is Near..." Thank you Kate, Appreciate the reassurance.
– danFbach
2 hours ago
Yeah, that is pretty much the opinion I've come too as well. However, after having been shrugged off so many times, I feel like the street corner guy with the cardboard sign saying "The End Is Near..." Thank you Kate, Appreciate the reassurance.
– danFbach
2 hours ago
Yeah, that is pretty much the opinion I've come too as well. However, after having been shrugged off so many times, I feel like the street corner guy with the cardboard sign saying "The End Is Near..." Thank you Kate, Appreciate the reassurance.
– danFbach
2 hours ago
add a comment |
You go to your boss, tell them everything you have, and the boss makes their decision.
There is no "innocent until proven guilty" here unless your boss wants to take the scriptskiddy to court and then to jail. The boss has in my opinion no choice other than firing the kid.
answered 3 hours ago
gnasher729gnasher729
88.6k40157279
Thanks, I'm of a similar opinion. Though, firing is not my choice to make. And lacking true "Digital Fingerprints," I do hold some reservations about making my case.
– danFbach
2 hours ago
add a comment |
You go to your boss, tell them everything you have, and the boss makes their decision.
There is no "innocent until proven guilty" here unless your boss wants to take the scriptskiddy to court and then to jail. The boss has in my opinion no choice other than firing the kid.
answered 3 hours ago
gnasher729gnasher729
88.6k40157279
Thanks, I'm of a similar opinion. Though, firing is not my choice to make. And lacking true "Digital Fingerprints," I do hold some reservations about making my case.
– danFbach
2 hours ago
add a comment |
You go to your boss, tell them everything you have, and the boss makes their decision.
There is no "innocent until proven guilty" here unless your boss wants to take the scriptskiddy to court and then to jail. The boss has in my opinion no choice other than firing the kid.
answered 3 hours ago
gnasher729gnasher729
88.6k40157279
You go to your boss, tell them everything you have, and the boss makes their decision.
There is no "innocent until proven guilty" here unless your boss wants to take the scriptskiddy to court and then to jail. The boss has in my opinion no choice other than firing the kid.
answered 3 hours ago
gnasher729gnasher729
88.6k40157279
answered 3 hours ago
gnasher729gnasher729
88.6k40157279
answered 3 hours ago
gnasher729gnasher729
88.6k40157279
answered 3 hours ago
gnasher729gnasher729
88.6k40157279
88.6k40157279
Thanks, I'm of a similar opinion. Though, firing is not my choice to make. And lacking true "Digital Fingerprints," I do hold some reservations about making my case.
– danFbach
2 hours ago
add a comment |
Thanks, I'm of a similar opinion. Though, firing is not my choice to make. And lacking true "Digital Fingerprints," I do hold some reservations about making my case.
– danFbach
2 hours ago
Thanks, I'm of a similar opinion. Though, firing is not my choice to make. And lacking true "Digital Fingerprints," I do hold some reservations about making my case.
– danFbach
2 hours ago
Thanks, I'm of a similar opinion. Though, firing is not my choice to make. And lacking true "Digital Fingerprints," I do hold some reservations about making my case.
– danFbach
2 hours ago
add a comment |
The kid is the minor of the problems your company has. The kid can easily be dealt with. The boss shrugging it off is the more major liability here.
Your company is dealing with credit cards. Dealing with credit cards comes with a whole list of regulations. Which includes promptly dealing with security issues. Your company probably does not want the credit card companies refusing to do business with you.
If your boss is shrugging it off, you go to her boss.
answered 1 hour ago
AbigailAbigail
3,02021018
yes, I am aware of PCI regulations. I'm also aware that credit card scraping happens everywhere, from fortune 500 to mom & pop shops. We follow regulations and our set up is quite secure - My superiors just didn't believe an attack could come from within which is why they resisted sec protocol changes. Finally this week, I chose to disobey and enact them. I caught some grief, but they're still in place.
– danFbach
1 hour ago
TBH it sounds like the setup of the company you describe is a shambles. When you say "Even Petco has been attacked!" that is because they made mistakes within a mature, professional setup. In contrast, it sounds like this current company is a dumpster fire. You should go work somewhere better. Get more money, too!
– Fattie
1 hour ago
In terms of Abigail's answer. The credit card companies are: whores. There's no other word. If you check "LOOK THE OTHER WAY" in a dictionary, you get a photo of Credit Card Companies. If you buy one of those "LOOK THE OTHER WAY" motivational meme posters, it has a photo of Credit Card Companies. So, you can't look to them for quality standards.
– Fattie
1 hour ago
add a comment |
The kid is the minor of the problems your company has. The kid can easily be dealt with. The boss shrugging it off is the more major liability here.
Your company is dealing with credit cards. Dealing with credit cards comes with a whole list of regulations. Which includes promptly dealing with security issues. Your company probably does not want the credit card companies refusing to do business with you.
If your boss is shrugging it off, you go to her boss.
answered 1 hour ago
AbigailAbigail
3,02021018
yes, I am aware of PCI regulations. I'm also aware that credit card scraping happens everywhere, from fortune 500 to mom & pop shops. We follow regulations and our set up is quite secure - My superiors just didn't believe an attack could come from within which is why they resisted sec protocol changes. Finally this week, I chose to disobey and enact them. I caught some grief, but they're still in place.
– danFbach
1 hour ago
TBH it sounds like the setup of the company you describe is a shambles. When you say "Even Petco has been attacked!" that is because they made mistakes within a mature, professional setup. In contrast, it sounds like this current company is a dumpster fire. You should go work somewhere better. Get more money, too!
– Fattie
1 hour ago
In terms of Abigail's answer. The credit card companies are: whores. There's no other word. If you check "LOOK THE OTHER WAY" in a dictionary, you get a photo of Credit Card Companies. If you buy one of those "LOOK THE OTHER WAY" motivational meme posters, it has a photo of Credit Card Companies. So, you can't look to them for quality standards.
– Fattie
1 hour ago
add a comment |
The kid is the minor of the problems your company has. The kid can easily be dealt with. The boss shrugging it off is the more major liability here.
Your company is dealing with credit cards. Dealing with credit cards comes with a whole list of regulations. Which includes promptly dealing with security issues. Your company probably does not want the credit card companies refusing to do business with you.
If your boss is shrugging it off, you go to her boss.
answered 1 hour ago
AbigailAbigail
3,02021018
The kid is the minor of the problems your company has. The kid can easily be dealt with. The boss shrugging it off is the more major liability here.
Your company is dealing with credit cards. Dealing with credit cards comes with a whole list of regulations. Which includes promptly dealing with security issues. Your company probably does not want the credit card companies refusing to do business with you.
If your boss is shrugging it off, you go to her boss.
answered 1 hour ago
AbigailAbigail
3,02021018
answered 1 hour ago
AbigailAbigail
3,02021018
answered 1 hour ago
AbigailAbigail
3,02021018
answered 1 hour ago
AbigailAbigail
3,02021018
3,02021018
yes, I am aware of PCI regulations. I'm also aware that credit card scraping happens everywhere, from fortune 500 to mom & pop shops. We follow regulations and our set up is quite secure - My superiors just didn't believe an attack could come from within which is why they resisted sec protocol changes. Finally this week, I chose to disobey and enact them. I caught some grief, but they're still in place.
– danFbach
1 hour ago
TBH it sounds like the setup of the company you describe is a shambles. When you say "Even Petco has been attacked!" that is because they made mistakes within a mature, professional setup. In contrast, it sounds like this current company is a dumpster fire. You should go work somewhere better. Get more money, too!
– Fattie
1 hour ago
In terms of Abigail's answer. The credit card companies are: whores. There's no other word. If you check "LOOK THE OTHER WAY" in a dictionary, you get a photo of Credit Card Companies. If you buy one of those "LOOK THE OTHER WAY" motivational meme posters, it has a photo of Credit Card Companies. So, you can't look to them for quality standards.
– Fattie
1 hour ago
add a comment |
yes, I am aware of PCI regulations. I'm also aware that credit card scraping happens everywhere, from fortune 500 to mom & pop shops. We follow regulations and our set up is quite secure - My superiors just didn't believe an attack could come from within which is why they resisted sec protocol changes. Finally this week, I chose to disobey and enact them. I caught some grief, but they're still in place.
– danFbach
1 hour ago
TBH it sounds like the setup of the company you describe is a shambles. When you say "Even Petco has been attacked!" that is because they made mistakes within a mature, professional setup. In contrast, it sounds like this current company is a dumpster fire. You should go work somewhere better. Get more money, too!
– Fattie
1 hour ago
In terms of Abigail's answer. The credit card companies are: whores. There's no other word. If you check "LOOK THE OTHER WAY" in a dictionary, you get a photo of Credit Card Companies. If you buy one of those "LOOK THE OTHER WAY" motivational meme posters, it has a photo of Credit Card Companies. So, you can't look to them for quality standards.
– Fattie
1 hour ago
yes, I am aware of PCI regulations. I'm also aware that credit card scraping happens everywhere, from fortune 500 to mom & pop shops. We follow regulations and our set up is quite secure - My superiors just didn't believe an attack could come from within which is why they resisted sec protocol changes. Finally this week, I chose to disobey and enact them. I caught some grief, but they're still in place.
– danFbach
1 hour ago
yes, I am aware of PCI regulations. I'm also aware that credit card scraping happens everywhere, from fortune 500 to mom & pop shops. We follow regulations and our set up is quite secure - My superiors just didn't believe an attack could come from within which is why they resisted sec protocol changes. Finally this week, I chose to disobey and enact them. I caught some grief, but they're still in place.
– danFbach
1 hour ago
TBH it sounds like the setup of the company you describe is a shambles. When you say "Even Petco has been attacked!" that is because they made mistakes within a mature, professional setup. In contrast, it sounds like this current company is a dumpster fire. You should go work somewhere better. Get more money, too!
– Fattie
1 hour ago
TBH it sounds like the setup of the company you describe is a shambles. When you say "Even Petco has been attacked!" that is because they made mistakes within a mature, professional setup. In contrast, it sounds like this current company is a dumpster fire. You should go work somewhere better. Get more money, too!
– Fattie
1 hour ago
In terms of Abigail's answer. The credit card companies are: whores. There's no other word. If you check "LOOK THE OTHER WAY" in a dictionary, you get a photo of Credit Card Companies. If you buy one of those "LOOK THE OTHER WAY" motivational meme posters, it has a photo of Credit Card Companies. So, you can't look to them for quality standards.
– Fattie
1 hour ago
In terms of Abigail's answer. The credit card companies are: whores. There's no other word. If you check "LOOK THE OTHER WAY" in a dictionary, you get a photo of Credit Card Companies. If you buy one of those "LOOK THE OTHER WAY" motivational meme posters, it has a photo of Credit Card Companies. So, you can't look to them for quality standards.
– Fattie
1 hour ago
add a comment |
danFbach is a new contributor. Be nice, and check out our Code of Conduct.
danFbach is a new contributor. Be nice, and check out our Code of Conduct.
danFbach is a new contributor. Be nice, and check out our Code of Conduct.
danFbach is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to The Workplace Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f130004%2fdealing-with-an-internal-scriptkiddie%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Paragraphs are your friend. So are summations. That's a dense read.
– Dark Matter
3 hours ago
Perhaps you should consider going to her boss, on the grounds that if she is using the same password everywhere then she does not understand the issues... At the very least ScriptBaby should get moved to another department... I would also suggest that you and one trusted other are the only ones to have the admin password... I would not consider your boss to the one...
– Solar Mike
3 hours ago
Welcome new user; while this is perhaps on topic, and a fun luvin' question - it si Simply Too Long. I would encourage you to just edit it.
– Fattie
2 hours ago
@danFbach - I put in a suggested "short version" for you. Do as you wish with it. Or, just leave them both.
– Fattie
2 hours ago
1
What country is this in? Does the suspect in question have an at-will contract? Seems like this is not only grounds for instant termination, but also likely involvement of the police.
– binarymax
2 hours ago