This consultant pilot fish is called in by a new client -- a banquet hall -- to troubleshoot the wireless network after a lighting storm.
"They had several wireless access points and two of them had stopped working," says fish. "The company computer admin -- his real job is a bean-counter -- said to use an AP from one part of the business to get another part of the business back up and running. Done.
"They also had a Pogoplug network-attached storage device that was connected to the network, and the power was turned off to it in the storm. I got it back up and running, and all was good in their world."
The admin also tells fish that guest users have access to the company's wireless network. There's no special guest network set up, so everyone is on the same network.
That doesn't sound like a good idea to fish -- the banquet hall is pretty solidly booked, which means every weekend it's packed with event guests and during the week it's full of business users at meetings or retreats. But fish has been hired to deal with the storm, not security.
Flash forward a month and a half: Fish is back to install more memory into the computers. While he's there, someone mentions that since his last visit, users can't access the Pogoplug from home any longer.
That's the whole point of the device, which lets users get at their files through the cloud as well as on the LAN, so fish looks into the problem.
It turns out that device was set up to get its IP address from the router, so that IP address changed after it was turned off and on again. It's easily fixed. That's the good news.
The bad news? "I found out they were using this device as a storage location for files and orders with credit card numbers," groans fish. "They were connecting to the device from their homes via a website. They didn't have the local IP address or password to access the Pogoplug so that I could see how it was configured, but I was able to locate the IP address and guess the password and was able to access the unit.
"So the bottom line is that all those orders and credit cards are accessible from any computer on the LAN -- including the guests that have access to the network."
Give Sharky access to your story.Send me your true tale of IT life at firstname.lastname@example.org. You'll score a sharp Shark shirt if I use it. Add your comments below, and read some great old tales in the Sharkives.
Get your daily dose of out-takes from the IT Theater of the Absurd delivered directly to your Inbox. Subscribe now to the Daily Shark Newsletter.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.