m*******l
发帖数: 12782 | 1 【 以下文字转载自 Programming 讨论区 】
发信人: Eloihim (真神), 信区: Programming
标 题: 這版的碼工每一個都弱爆了
发信站: BBS 未名空间站 (Wed Jan 16 09:54:54 2013, 美东)
看看強者怎麼做的。
http://www.theregister.co.uk/2013/01/16/developer_oursources_jo
Security audit finds dev OUTSOURCED his JOB to China to goof off at work
Cunning scheme netted him 'best in company' awards
By Iain Thomson in San Francisco • Get more from this author
Posted in Business, 16th January 2013 01:29 GMT
A security audit of a US critical infrastructure company last year revealed
that its star developer had outsourced his own job to a Chinese
subcontractor and was spending all his work time playing around on the
internet.
The firm's telecommunications supplier Verizon was called in after the
company set up a basic VPN system with two-factor authentication so staff
could work at home. The VPN traffic logs showed a regular series of logins
to the company's main server from Shenyang, China, using the credentials of
the firm's top programmer, "Bob".
"The company's IT personnel were sure that the issue had to do with some
kind of zero day malware that was able to initiate VPN connections from Bob'
s desktop workstation via external proxy and then route that VPN traffic to
China, only to be routed back to their concentrator," said Verizon. "Yes, it
is a bit of a convoluted theory, and like most convoluted theories, an
incorrect one."
After getting permission to study Bob's computer habits, Verizon
investigators found that he had hired a software consultancy in Shenyang to
do his programming work for him, and had FedExed them his two-factor
authentication token so they could log into his account. He was paying them
a fifth of his six-figure salary to do the work and spent the rest of his
time on other activities.
The analysis of his workstation found hundreds of PDF invoices from the
Chinese contractors and determined that Bob's typical work day consisted of:
9:00 a.m. – Arrive and surf Reddit for a couple of hours. Watch cat videos
11:30 a.m. – Take lunch
1:00 p.m. – Ebay time
2:00-ish p.m – Facebook updates, LinkedIn
4:30 p.m. – End-of-day update e-mail to management
5:00 p.m. – Go home
The scheme worked very well for Bob. In his performance assessments by the
firm's human resources department, he was the firm's top coder for many
quarters and was considered expert in C, C++, Perl, Java, Ruby, PHP, and
Python.
Further investigation found that the enterprising Bob had actually taken
jobs with other firms and had outsourced that work too, netting him hundreds
of thousands of dollars in profit as well as lots of time to hang around on
internet messaging boards and checking out the latest Detective Mittens
video.
Bob is no longer employed by the firm. ® |
|
