Thread replies: 12
Thread images: 4
Post No. 52233919
Hello /g/. The tldr of this is that my company is retarded and I'm not sure if I should alert the CEO (who's email I have and get chances to talk to face to face often) to it.
The longer version is that I work for a fortune 500 company with no computer sense. I'm not IT or anything (I'm just a salesman) but even I was able to fine stupidly obvious security holes that are less of holes and more of just plain not caring. Info from registers is sent in plain text over an open network to a central location that's ip is given on the screen every time the register turns on. Bios on registers is not locked, and remote access is on by default. The boot order is set to load from a server first but has the entire POS system stored on the hdd just in case. USB and what have you are not disabled. Nothing is disabled. The file system is locked but can easily be accessed by doing something that causes an error and then going to save error report. From there you inexplicably have access to the file systems of every other machine on the network and can save and edit their files. From this I learned that our computers are running windows XP and all of our POS is a mish mash of flash and Visual Basic. The network we're on communicates with the regular internet readily without protection and I even installed internet explorer on one of the registers. Now, I'm and idiot and I think that this is unsafe. The only thing that's stopping me from telling someone is possibly losing my job for messing with the computers. Wat do?