|
We developed a secure email system that the [redacted] wanted for it's internal use. However, they wanted us to make sure that there was a backdoor so they could read other people's email outside the [redacted] environment. We refused to do this since the nature of the system meant it wasn't actually possible without a total redesign and rewrite (plus we didn't want to).
- I would love to change the world, but they won’t give me the source code.
|
|
|
|
|
Customers not paying their rental for our studio datafeed. It may seem obvious now that display systems that run from a studio should have some way of being disabled for none paying users, think of a Sky box. Still we had to introduce a secret, over air, update to do just that after a salesman reported that the display system was available on eBay and connecting it to a satellite data receiver was all it needed to work!
|
|
|
|
|
"No - I've never been asked to add a backdoor to my code"
Might want to change this poll option to say software and not code for obvious reasons.
One may have a backdoor to your software/system, but Shirley not to your code.
|
|
|
|
|
Because users, even trained users for sensitive applications, are not bright and Companies are downright stupid.
Storyboard:
1) You create an authentication and auditing system with unrecoverable passwords and customer-unique encryption keys upon request from them.
2) Customer proceeds to create their accounts.
3) Customer then burns all the hard copies of their passwords, doesn't communicate them to the IT, doesn't keep them in the reserved documents archive.
4) Customer proceeds to use a Neuralizer[^] to wipe any tace of said accounts clean from the mind of everyone, to be sure.
5) Customer then calls angry because now they are locked out of the machine and it is your fault and they are calling an attorney because they are losing entire days of production, and they cannot reasonably expect to wipe the user configuration and redo it from scratch or pay support to do it for them (because they sent to the training they paid for the temp subsitute who got fired 3 weeks later).
So... master password it is.
GCS d--(d-) s-/++ a C++++ U+++ P- L+@ E-- W++ N+ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- r+++ y+++* Weapons extension: ma- k++ F+2 X
|
|
|
|
|
When such master password are findable with reverse engineering your are in trouble.
Press F1 for help or google it.
Greetings from Germany
|
|
|
|
|
Not my decision + not my responsibility = no given.
The only protection to the master password was the use of characters not typeable with the on-screen keyboard in one case and not allowed via keyboard in others - you had to either use the machine with a keyboard attached or an additional tool.
Circumventabke, yes, but... refer to the first line.
GCS d--(d-) s-/++ a C++++ U+++ P- L+@ E-- W++ N+ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- r+++ y+++* Weapons extension: ma- k++ F+2 X
|
|
|
|
|
holy sh*t - damned managment ...
Press F1 for help or google it.
Greetings from Germany
|
|
|
|
|
I've worked on a few systems that had a button that let's you take over a user account.
These were always business accounts, and I could always find the same data in the database, but I was still told to never ever ever let the customer know we had these impersonation buttons
It was mostly so that if a user got an error we could impersonate their account and do the exact same action they did to hopefully see the same error.
In these cases the software already had this when I joined the team.
One time I've been asked not to encrypt passwords so we could easily retrieve passwords and log in as users (asked to me by an IT-consultant and ex-programmer, go figure).
This was for a service and we got a lot of complaints about missing data (ultimately, the problem was never the service, but users using wrong date filters or the business not supplying the data).
I flat out refused that one, there are far better ways for me to check whether a user should get data.
They ended up letting IT give out passwords to users and I later found out they stored these passwords in an Excel file and all passwords were "00000001", "00000002", "00000003", etc.
Finally, I generated a password and added a reset password button.
They now screenshot the entire screen, including username and (one-time visible) password directly to users
I can't seem to win this one, but at least when the database gets hacked/leaked/stolen they won't find any passwords
|
|
|
|
|
The closest I have come to doing that (so far) was including a secret "expert mode" in one system.
|
|
|
|