Feeds

The Bastard formerly known as Roger

Name. Rank. Operating System

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Episode 14 BOFH 2001: Episode 14

I'm stuck in an office with a couple of glorified beancounters who want to know how we do things here, and why.

The Boss was no help in the matter, displaying all the spine you'd expect from an invertebrate when the idea was passed to him.

"But they're Financial and Technical Security Auditors! - You can't REFUSE to see auditors!" he blurts.

"Of course you can!"

"You can't - it wouldn't pay for us to get a bad Rep in their report."

"At least we'd have consistency across reports," I respond, pointing out the silver lining.

. . .

Half an hour later I'm sitting across a table at mission control from a beancounter/geek who works for some large multinational beancounter outfit with a padful of questions and stacks of time (at a huge hourly rate) to kill.

I don't like it.

"OK, we'd just like to kick this off with an overview of your current topology and systems. Now, what was your name again?"

"I'm afraid that's commercially sensitive information," I respond cheerily.

"Pardon?"

"It's commercially sensitive. If I tell you and it gets into the wrong hands, who's to know what slave-trading agency would be on the phone the next day trying to headhunt me."

"We COULD find that information out from your Phonebook."

"I'm not in the phone book. No-one in Systems Admin is."

"From the nameplate on the outside of the door then!"

"There isn't one."

"FROM YOUR PAY DETAILS!!"

"I'm a contractor - A company in other words."

"OK, From your Boss!"

"He's new and doesn't know."

"From your Co-Workers then!"

"They wouldn't tell you. Even if they DID know my real name, which they don't."

"We take security seriously here," The PFY adds, wandering in.

"Well we have to call you something!"

"Yes. I prefer 'The Systems Administrator formerly known as Roger'"

"So your name's Roger then?"

"No."

"Your name WAS Roger?"

"Nope."

"So why are you calling yourself the Systems Administrator.. etc"

"Oh, so I can identify myself with a single character from the Symbol font."

"Which one?"

"I don't know its name. Do you have a laptop on you?"

"No."

"Then I'll have to draw it."

..ten minutes later...

"Now, what operating systems do you run?"

"Oh, I'm afraid that's commercially sensitive information...."

. . . Two hours later . . .

"So let's see, you can't tell me anything about you, your company, your work, the specifics of your computing resources, where they're located, your disaster recovery plans nor even where nearest fire exit is - because it's all commercially sensitive information?"

"That's correct."

"Why is the fire exit commercially sensitive again?"

"Because a headhunter might be waiting outside it to make me an offer I can't refuse. See, they set the fire alarms off knowing which way I might leave the building. And get me. Happens all the time in big companies."

"So why is there a Fire Exit sign over the door to that fireproof safe over there?"

"Throw off industrial spies," The PFY chimes in, nodding knowingly.

"Yyyessss," the geek finally says, reaching for the phone.

Ten minutes later The Boss arrives, having been sent by a Royal command from somewhere on high.

"Now what's this about 'Commercially Sensitive Information?'" he asks.

"He won't tell us his name," the geek narks up. "He say's it's commercially sensitive."

"And personal information as well," I respond. "My contract states that you can't actually force me to reveal personal information."

"He won't tell me what Operating Systems you run either, nor what types of server you have."

"Why not?" The Boss asks, testily.

"He says it's commercially sensitive information."

The Boss' eyes narrow at this statement, so I head him off at the pass.

"It's simple," I blurt. "I tell them what OS and machines we're running, then they'll ask me about security and what external access methods we have and how they're penetrated. Before you know it, they'll be wanting to know about who routinely penetrates the firewall from within, how they do it, and where they go when they do. I'd then be forced to reveal details of non-web-cached browsing that management believes isn't logged. Which could be, uh, COMMERCIALLY, sensitive."

"Ah! Yes, yes, I'd have to agree! Because if people knew our browsing histories they might be able to, uh.."

"..leave messages on the websites concerned encouraging key members of management to defect to a rival company," I complete.

"Oh Yes, that's it!" The Boss gasps.

Once more, geek two reaches for the phone...

"..leave messages on the websites concerned encouraging key members of management to defect to a rival company.."

"Oh Yes!" the Head of IT gasps.

. . . Five minutes after that. . .

"..leave messages on the websites concerned encouraging key members of the Executive to defect to a rival company.."

"Ah Yes!" the Assistant CEO gasps unhappily.

. . .

"This'll all be reflected in my report to the board!" the beangeek blurts threateningly, hoping to sway someone in the chain of command. "You can't hide things just by saying they're commercially sensitive."

"Funnily enough, that's what the guy who did the audit last year said."

"Did he? I don't remember seeing it."

"Well you wouldn't. It was commercially sensitive. So we locked it in the safe over there."

"He only had ONE copy!?"

"So to speak. Course, It was in his head at the time."

The PFY adds to the overall threat by shutting the door and pulling the roller blind down over the viewing window..

. . .

"Ah.. Well perhaps I was a little hasty.." the beangeek cries, mid-moment-of-clarity. "Perhaps you DO take systems security seriously."

. . .

"You didn't really shut someone in the firesafe last year did you?" The Boss asks.

"Of course not! But it's the same story I used for last year's guy!"

"So what - or who - is in the Fire safe then?" the Head of IT asks suspiciously.

"Oh, I'm afraid that's commercially sensitive information."

It really is easy when you know how. I should be a politician... ®

BOFH is copyright © 1995-2001, Simon Travaglia. Don't mess with his rights.

Security for virtualized datacentres

More from The Register

next story
It's Big, it's Blue... it's simply FABLESS! IBM's chip-free future
Or why the reversal of globalisation ain't gonna 'appen
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
CAGE MATCH: Microsoft, Dell open co-located bit barns in Oz
Whole new species of XaaS spawning in the antipodes
Microsoft and Dell’s cloud in a box: Instant Azure for the data centre
A less painful way to run Microsoft’s private cloud
AWS pulls desktop-as-a-service from the PC
Support for PCoIP protocol means zero clients can run cloudy desktops
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.