Intranet Security

Archived from groups: comp.security.firewalls (More info?)

I have been asked to try to find an instance where personal details appearing on an
Intranet have been used to compromise someone's security or safety.

The background is that someone was dismissed because he refused to provide personal
details (date of birth, etc.) to be published on an Intranet and refused to provide
details for security questions (mother's maiden name, etc.) on the grounds that this might
be misused either by someone with access to the Intranet or by someone hacking in.

His argument was that the information required could be used for identity theft.

I'm struggling to find a specific case. Can anyone help?
4 answers Last reply
More about intranet security
  1. Archived from groups: comp.security.firewalls (More info?)

    Studs Murphy wrote:

    > I have been asked to try to find an instance where personal details
    > appearing on an Intranet have been used to compromise someone's security
    > or safety.
    >
    > The background is that someone was dismissed because he refused to provide
    > personal details (date of birth, etc.) to be published on an Intranet and
    > refused to provide details for security questions (mother's maiden name,
    > etc.) on the grounds that this might be misused either by someone with
    > access to the Intranet or by someone hacking in.
    >
    > His argument was that the information required could be used for identity
    > theft.
    >
    > I'm struggling to find a specific case. Can anyone help?

    You don't say where you are, so it's diffcult to answer.

    In most civilised countries and some other member states of the UN there are
    rather strict laws against such publication without the express, written
    consent of the person involved. The publication would not come under civil
    but under criminal law, and no employer in their right mind would even ask
    for the information in the first place.

    In other places where such laws are not in place there may still be good
    grounds for a civil suit.

    Finally I fully agree that the publication of the information would
    facilitate identity theft: just try to think back to the security questions
    you had to answer for your eBanking stuff (mother's maiden name is quite
    typical). The social security number (+ date of birth) was already used to
    falsify records - just Google for it and you'll find quite a few examples.

    It sounds like someone was dismissed with insuficient grounds and your
    managers are trying to justify it post-mortem?
    --
    Mailman
  2. Archived from groups: comp.security.firewalls (More info?)

    On Sun, 16 May 2004 12:22:33 +0100, Studs Murphy
    <pleasedonntspamme@cos.dont> wrote:

    >I have been asked to try to find an instance where personal details appearing on an
    >Intranet have been used to compromise someone's security or safety.
    >
    >The background is that someone was dismissed because he refused to provide personal
    >details (date of birth, etc.) to be published on an Intranet and refused to provide
    >details for security questions (mother's maiden name, etc.) on the grounds that this might
    >be misused either by someone with access to the Intranet or by someone hacking in.
    >
    >His argument was that the information required could be used for identity theft.
    >
    >I'm struggling to find a specific case. Can anyone help?

    I can't really help you with your question however, it would seem to
    me that the person dismissed may well have a good case for unfair
    dismissal and it now appears the person/s responsible for dismissing
    him/her are trying to cover their asses.
    --
    webweaver@CATihug.com.au
    "Put the CAT out to reply"
    *I DETEST Spam - A Spam Hater since 1951*
  3. Archived from groups: comp.security.firewalls (More info?)

    On Mon, 17 May 2004 21:17:59 +1000, Avenger© spoketh

    >On Sun, 16 May 2004 12:22:33 +0100, Studs Murphy
    ><pleasedonntspamme@cos.dont> wrote:
    >
    >>I have been asked to try to find an instance where personal details appearing on an
    >>Intranet have been used to compromise someone's security or safety.
    >>
    >>The background is that someone was dismissed because he refused to provide personal
    >>details (date of birth, etc.) to be published on an Intranet and refused to provide
    >>details for security questions (mother's maiden name, etc.) on the grounds that this might
    >>be misused either by someone with access to the Intranet or by someone hacking in.
    >>
    >>His argument was that the information required could be used for identity theft.
    >>
    >>I'm struggling to find a specific case. Can anyone help?
    >
    >I can't really help you with your question however, it would seem to
    >me that the person dismissed may well have a good case for unfair
    >dismissal and it now appears the person/s responsible for dismissing
    >him/her are trying to cover their asses.

    If the person refused to fill out a security questionnaire, then there
    isn't much you can do. In todays environment, companies can require all
    sorts of things before hiring people, including security screening and
    checking credit reports.

    I understand the persons' reluctance to have his/her information posted
    on an intranet site for all (employees) to see, and I doubt that the
    company has the right to publish this information without the employees
    explicit permission.


    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  4. Archived from groups: comp.security.firewalls (More info?)

    On Mon, 17 May 2004 07:32:13 -0400, Lars M. Hansen
    <badnews@hansenonline.net> wrote:

    >On Mon, 17 May 2004 21:17:59 +1000, Avenger© spoketh
    >
    >>On Sun, 16 May 2004 12:22:33 +0100, Studs Murphy
    >><pleasedonntspamme@cos.dont> wrote:
    >>
    >>>I have been asked to try to find an instance where personal details appearing on an
    >>>Intranet have been used to compromise someone's security or safety.
    >>>
    >>>The background is that someone was dismissed because he refused to provide personal
    >>>details (date of birth, etc.) to be published on an Intranet and refused to provide
    >>>details for security questions (mother's maiden name, etc.) on the grounds that this might
    >>>be misused either by someone with access to the Intranet or by someone hacking in.
    >>>
    >>>His argument was that the information required could be used for identity theft.
    >>>
    >>>I'm struggling to find a specific case. Can anyone help?
    >>
    >>I can't really help you with your question however, it would seem to
    >>me that the person dismissed may well have a good case for unfair
    >>dismissal and it now appears the person/s responsible for dismissing
    >>him/her are trying to cover their asses.
    >
    >If the person refused to fill out a security questionnaire, then there
    >isn't much you can do. In todays environment, companies can require all
    >sorts of things before hiring people, including security screening and
    >checking credit reports.
    >
    >I understand the persons' reluctance to have his/her information posted
    >on an intranet site for all (employees) to see, and I doubt that the
    >company has the right to publish this information without the employees
    >explicit permission.
    >
    >
    >Lars M. Hansen
    >http://www.hansenonline.net
    >(replace 'badnews' with 'news' in e-mail address)

    I would agree Lars, here in Australia, we have very strict Privacy
    Laws which would prevent such information being published on the
    internet/intranet without an employee's consent or where it is legal
    to do so, without consent etc. To do so would violate those
    laws/rights and leave the publisher of the information (in this case
    the employer) open to civil and/or criminal actions of various kinds.

    I hope the original poster finds what he is searching for. If it had
    been me dismissed under the above circumstances, I think the employer
    had better have a good lawyer :o))
    --
    webweaver@CATihug.com.au
    "Put the CAT out to reply"
    *I DETEST Spam - A Spam Hater since 1951*
Ask a new question

Read More

Firewalls Intranet Security Networking