New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
What do you do when an ex employer won't remove you from access?
So, over the last few weeks, I've been trying to get ahold of @BlueVM about removing me from shit that I don't need to have access to. I still get emails from 'Uptime Monitor', I still get physical mail for reactosvps.com and am still the physical address listed in whois, and though I've not tried it and don't plan to, I'm pretty sure that the rallias user is still valid to SSH into.
What do you do when an ex-employer ignores your requests to remove access?
This discussion has been closed.
Comments
What do we, people usually do? Post it publicly and name ex employer at forum of course! Not really...
@Rallias Keep trying to contact your former employer (including a mailed letter with tracking, in case something ever happens). Also, contact each entity that is sending you information (inappropriately) and inform them that you are no longer associated with/employed by said company and to stop contacting you.
He ignored me, so I posted somewhere he couldn't ignore.
Realistically, so long as such access is open, there's the potential that I get accused of malicious hacking of some sort, which is something I would never do.
Just leave it, block the emails if possible or filter them straight into trash, if SSH is still available forget it and leave it alone.
If they won't remove you, that's their fault.
I know, that's why I responded the way I did. Usually we expect this from clients to get ignored issues solved faster. Even I did it in past, I believe. But ex employee.. that's new one.
Anyway, @ATHK above gave you good advice. Elegant solution to move on without unnecessary drama.
As far as you're not going to access stuff again simply ignore, create a email filter and reject all emails or simply mark them as spam or send to trash.
As an ex-employee you are still expected to maintain a professional public relationship with your previous employer. Not doing so only puts yourself in a poor light, and makes you less employable. Not that you're looking for a job, but if you ever were I'm sure that many employers have now discounted any chance of ever scheduling you for an interview. Hopefully you don't see this as a dig at you, but as a bit of outside perspective.
The problem is, he's already falsely accused me of hacking to friends of mine. I want to make sure he has no potential openings were I can slip in so that there is no credential to such an accusation.
sue them, they'll hurry to take your name off everything
Well said. Rallias should try and delete this thread before it's too late.
that conception is SO blindly un-accurate, it will only take away employers that think about their employees as potential legal problems, and those are the worse. If you are evaluating a person for their relation with their previous employers, then you shouldn't start off thinking that it was the employee who made a mistake, because 99% of the times it's other-wise, but being an employer for too lung will make you forget 'bout that.
this kind of conception is related to LinkedIn policy of not adding "rating" systems for enterprises and employers, because if they did, the whole world would see how BAD of an employer someone can be.. The system is wrong, and we all notice it. But if you're an IT professional you shouldn't worry 'bout those kind of things, those are just guys with money who think they know everything, and most of the time they don't know S**t, and that's why they hire us..
I understand where you're coming from and respect your ability to remain calm during controversy, but think about it this way. What if your upstream provider contacted your friends and blatantly accused you of selling img.bz2 files of your client's relinquished dedicated servers?
I understand that potential employers will think less of me because of my past and my reputation, which is the primary reason my resume hasn't landed in your email inbox. I use publicity as a tool for the means towards an end.
In this case, the tool is publicity, the end is the end to any possibility of credibility of any accusation of hacking.
Erm... you going a little off the deep end buddy?
I had a situation where I had my ex-employer to sue me for hacking, and he told me things like my reputation was gonna get ruined and blablabla, first of all, he didn't prove anything, I won the trial without dong anything and after that, he got a letter from the state, for him to return all the taxes he was evading. So everything goes back when you do wrong, and if you did right, just stay calmed and don't let them talk stuff about you, because if they really wanna say you hacked them they should go get a lawyer and try to prove it, not be complaining like little girls for a candy in front of other potential employers, that's called being an ass. And serious employers will take that kind of blabla as what it is, just words.
They aren't using email distribution groups or company email accounts for notifications?
I think you missed Incero's point. It's all about conduct. It's not about being 'right' on a public forum or garnering better publicity. At the end of the day, word travels off-the-record between employers on what actually happens so this thread serves nothing for setting the truth straight. All it does is reinforce people's perception on how you react to adverse challenges - which right now isn't pretty from an employer's POV.
I think you miss the point of my post.
"I don't care about my reputation."
I agree, thumbs up for that, employers that evaluate those kinds of things will also get mediocre employees who don't shine for the quality of their work but for how good the lick their bosses feet, which makes a very mediocre business model too.
>
http://xenosystems.net/revenge-of-the-nerds/
There is also a thing called pissing on your bosses feet, and calling it "sunshine". As we all know sunshine is good right??
Mun
Maybe next time use new accounts for each employer. So that you can abandon them after employment is finished.
Hey, I'll be the first to admit the sun don't shine down there.
I have pinged J.Johnston on skype about this thread. He is away right now, but at least he will get the message.
Mun
It doesn't appear that way from what you're writing but that might just be something lost in translation.
Since this really isn't an ego trip, then just write a formal written letter like @user123 suggests. Normally, be cordial without burning bridges - but most importantly, highlight the security vulnerabilities that these oversights might impose so that they can avoid making the same mistakes in the future. As you've encountered, just asking for removal without 'lighting the fire' might not be sufficient if they're busy for any multitude of reasons. Word it in a fashion that impacts THEM, NOT YOU.
At the end, remind them that your contract is closed and that liability does not extend beyond the contract. These emails addresses and credentials, while properly monitored for security during the contract, are no longer subject to the same requirements hence the strong recommendation for their removal.
But you've burned this bridge. I'd still write it up formally, mail it and then just move on.
I think the best solution would have been to send a letter with tracking as someone suggested.
For example, tomorrow I go to my former employee to leave a note and get a registration number for it. You will be covered in that case, but he will still be able to claim you hacked him, because that means entering without authorization, you have no more authorization even though your credentials probably still work.
Even checking if they work still will be, legally speaking, hacking, and no judge will believe you when you will say you only checked to see if your credentials are still working.
If we talk only about some emails, that is no problem, just make a filter to delete them automatically.
Personally, if I was running recruitment for a business and Rallias was a prospective employee and I saw this then I would appreciate the reason why he has had to go as far as naming the company.
This thread hasn't done any bad to Rallias, all it has done is highlight @BlueVM and their blatant disregard for security on their systems.
It's been SO long since I had a boss for the last time...
Demand letter from lawyer
Bomb his house, kill his puppies
But he doesn't have puppies.