18

More than 2 years ago I alerted management that the default password we use for client accounts (and two of the variations) were pwned in database breaches. Today we receive an all-staff email that management "has reason to believe this password may have been compromised" and that we needed to change it across the 1200+ accounts where it's being used (200+ clients, several accounts per client).

Is it unprofessional to send a few "I told you so" memes and gifs?

Comments
  • 8
    Unless you have very understanding bosses I think it could result in problems.

    Unfortunately most do not like to be reminded of their failures to react in time.
  • 7
    just keep that email to cover your ass
  • 6
    @Voxera they tend to have a good sense of humor, it's just irritating as shit that I gave them the information and sources more than 2 years ago and suddenly now we "think" there is a problem.

    No one wants to tell me though what made this an issue now or what happened to make them think there was an issue. My job is to proactively avoid these sorts of situations, when I'm ignored and told it isn't a big deal, or "we'll cross that bridge later" it's hard to not be a little frustrated about it.
  • 11
    @sylar182 On the one hand, I think it's good to remind them that you have said this all along because you had been ignored and this may improve your future standing.

    On the other hand, bosses don't like to have their authority being undermined. Communication has, among others, a factual level and a status level, and when you do a "told you so" on the factual level, they may take it on the status level where it would be an attack so that they would see themselves forced to retaliate.

    My solution for such a problem is to seek out boss in private so that he at least won't be forced to admit failure in face of the whole staff. And then not make it a "told you so", but rather a request that my voice be heard in the future, given the current evidence so that this won't happen again.

    In other words, selling yourself rather as a future solution than a smack. Also, this is more in line with your career outlook.
  • 1
    @Fast-Nop very good said.

    It's tempting for your ego to smash "i was righ!t" at someone but think about the effect? As Fast-Nop said use it for your advantage and not for your short term ego boost.

    read some Sun Tzu - Art of War and some Nicolo Machiavelli the prince.
    https://en.wikipedia.org/wiki/...
  • 1
    @heyheni Totally supporting the literature reference. Their ideas are so good that people even tend to mistake it for social behaviour.
  • 6
    Yes. It is *VERY* unprofessional.

    But if you really want to show them your tongue, do it in a corporate language. An email with:
    - your 2 yo email as an attachment
    - some source/screenshot/etc confirming your statements in the atrached email hold true
    - text that says:
    "this breach has been escalated 2 years ago, yet no actions have been taken to my best knowledge. Since this is an old breach, it might be worth auditing access logs dating since the initial breach to today in order to investigate whether these credentials have been used by any outsiders and what potential harm could have been done since."

    in a company each communication must add some value to the communication chain. A "ha ha, told you so" only adds a cobfirmation you are an amateur who should not be allowed to do comms and should be strictly supervised at all times.
Add Comment