Decrepit Old Fool

Picture this: a Unix guru finds a Sun Ultrasparc server at the Goodwill store for $12.  How could he resist taking a look at it?  What would he find?

I found a lot. A scary amount. Whomever previously owned the box hadn’t cleaned up very well. The ultrasparc had been used to run oracle databases for several large companies that you all have no-doubt heard of. Yes, the databases were intact. But this is only the surface. Deep within the vaults of the /opt directory, I noticed a ‘backup’ directory. Turns out one of the admins for this box made a complete backup of his personal windows computer, including his Palm-OS-powered cell phone, blueprints for his house, family pictures, plain-text password lists for the companies he worked for, and the greatest gem of the entire collection: 1200dpi scans of his and his wife’s US passports. I mean, what can I say?
Elliott Writes: Sun Ultrasparc with 9 Ethernet ports

Wow!  A very unfunny assortment of data to leave lying around. Lucky the system was found by someone with a conscience.  After erasing the data Elliot went on to beef up the system with eight more Ethernet ports and NetBSD (it would make one hell of a firewall in this configuration – why buy a router when you have a *nix box with that many ports?  Very, very cool. )

I have written about this issue before, but that was about personally-owned machines.  It makes you wonder, what are the equipment-disposal policies of your company’s IT department?  And since there were several companies’ data on the machine, the same question applies to the data storage, offsite backup, or transaction hosting subcontractors your company uses.  I’m sure there’s something about this in the SarbOx law – individual network administrators could try to push awareness at the corporate level if the CIO is sans-clue.