As previously posted, I work for a VAR (value added reseller). It is my job to go from company to company designing data centers and the supporting infrastructure, whether it be systems, network, storage, security, cooling, power, etc. As a result I enjoy an "insiders" relationship with a good deal of manufacturers and producers of hardware and software solutions. Many of the leading names in the industry are frequent partners of mine.

As a result of these relationships I am have the luxury of training from my partners. It was one such partner that is the subject of this blog post. I was registering for training. Now, this training isn't free so obviously I have to figure out how to pay for it. After consulting the powers that be I was told put it on a credit card and expense it, no problem right?

Wrong.

The transaction is to be conducted via email with this partner (who shall remain nameless)..

My credit card, cvv2, home address, etc etc, everything but the kitchen sink so to speak

via email.

I have spent a good deal of my career preventing this type of activity, and to just be given an excel spreadsheet and told to email my credit card info was just a bit unsettling.

Sigh, when will the lessons be learned? Am I the only one that thinks this is horribly wrong?

I have a belief about security, and it's that one of the biggest obstacles is the beer o'clock rule. Just like all the hackers of the world, all the users of the world like beer. There is nothing more annoying than someone or something getting between you and your beer. What do you do when something gets between you and your beer? You get that something the hell out of the way!

The mentality that drives people to send credit cards via email is derived from thinking about that ice cold beer sitting in your fridge. "How can I get there fastest? Should I take the extra few minutes to encrypt this file, or can I just send it in the clear? After all, encryption is difficult and it's not my information. I mean what do I really care about this other persons credit card number? I just want to get to that beer..."

Am I saying that beer is at the root of all network security issues? Interesting thought, but I don't think I want to tackle that one in this post.

I'm just wondering if anyone out there listens to all those screaming, HEY STUPID STOP DOING THAT!