Bastard Security Troubleshooter

Taking the pIIS

  • alert
  • submit to reddit

Remote control for virtualized desktops

Episode 21

So the PFY and I rock on into work after lunch one day, pausing only to drop the pint glasses off with Security, noticing as we pass T%he Boss hobnobbing with the Head Security bloke.

I don't like it.

In fact it's high on the list of things that I don't like, nestled between slave traders and the Austin Princess as a mode of transport. (But still waaaay down the list from OS2 fans...)

The only time The Boss ever hobnobs is when he wants something, and the only thing he could possibly want from the Head of Security, (apart from pointers on how to sleep with his eyes open), is information generally related to security i.e. who's been sneaking into the cloakroom and writing "Kick me" on the back of his anorak before he jumps on the tube home.

It seems obvious now that I'm going to have to ditch the visitor swipe card and Impact Marker that have served me so well...

Ah well.

We glide back to Mission Control in time to find the Head of IT wandering about the place with a distracted look on his face.

"Ah!" he blurts as we enter. "Just the persons!"

In between "Beancounters" and "Personnel Disorganisers" on the list is also "IT Managers - pleased to see you". It doesn't bode well.

"Listen, I've got this proposal here which I'd like you two to have a quick shufty at, and tell me if it's accurate, and if the major conclusion is justified?"

He hands over a piece of paper which is obviously the handiwork of the boss. Of course, the coffee ring on the bottom is his de facto Seal of Office and a dead giveaway, but the grammar and lack of punctuation nail the lid firmly down.

I glance over the document, (which would still only be a C+ paper in an "English as a Second Language" course) and it all falls into place.

The Boss has, because of the spate of IIS vulnerabilities in the recent past, raised the issue of contracting a "Security Officer" to make sure our site is up-to-scratch on the anti-intrusion front.

I read on as he puts the slipper into The PFY and I when we're down by saying we can't possibly keep pace with the vulnerabilities in the software we support with our other workload.

ACTUALLY, I'm hurt! After all the effort I put into exploiting the problem noted in the latest CERT document to slap a photoshopped-up image of him in flagrante with a sack of potatoes!!

No-one appreciates an artist.

"I think we're perfectly capable of keeping the systems secure!" I blurt.

"So secure that an animated picture of me in a tutu managed to replace the corporate logo three weeks ago?" our Manager snaps.

I'd forgotten about that. Now THAT was craftsmanship.

"It slipped in before a patch for the server software was available" I cry, "I..."

"I don't want to HEAR it!" he interrupts. "It wasn't reported for a week, and then it wasn't removed for another three days!! What sort of system is that?"

I figure that the answer "A system that waits for the PFY to come back from holiday so he can have a laugh" isn't the answer he's fishing for, and decide to keep mum...

Ah well...

Two days later the Security Troubleshooter arrives, complete with Khaki Safari Suit. Very Old School Cloak and Dagger.

"Hello chaps," he says, at the end of The Boss's whirlwind tour of the office and Mission Control. "I take it you're the people I should be talking to about the config of the Firewall and Web servers in the first instance. Can you make a meeting... tomorrow, at say... 9am to go over that?"

"9am," I murmur out load, not really wanting to break the habit of a lifetime and come in early... "What about 10:30?"

"No, no - bright and early - on a limited time budget and all that. 10 till 11 tomorrow I'm meeting the In-house security to go other points. 9am sounds good."

"You can get stuffed," I respond, never being an exacerbater, despite what The PFY calls me when he thinks he's out of earshot...

"I beg your pardon??!"

"I said I'd be chuffed!" I respond.

"Excellent, and where should I put this?"


"I said he should stick it in his OFFICE!" I say to The Boss in response to his summons, "Why, what did he think he heard?"...


"..and Nessus had detected several glaring vulnerabilities in some of the lesser known web services, an anonymous ftp site with write access to the world which appears to be stuffed with porn, and finally a mail service which responds to any email message with a virus.."

"That would be the one we use when we have to supply an email address to any service which claims it doesn't add your contact details to any list" the PFY adds.

"Yes," he responds dryly. "Anyway, as a result, I have secured the servers concerned, applied all the latest server an OS patch levels. I've also cleaned up the immoral and illegal content"

"My porn archive!" The PFY gasps sadly.

"All on backup tapes," I console him. Speaking of consoling, I also console the consultant, using a real console.

"Sorry about that" I murmur, picking the 19inch monster off his foot. "Dreadfully clumsy of me. Meant to return it to its owner earlier in the day after the Police returned it."

"Police?" he responds, true to form ."Why?"

"Oh stocktaking. You know, staff theft. We get a lot of it around here - almost every day if we're honest. Someone backs their car up to the disused Service Bay by the freight elevator and slips off with one piece of equipment or the other."

"And what happened with the prosecution?"

"Well, to have an airtight case, someone has to actually WITNESS them stealing it, and I'm not hanging around in an abandoned service pit all bloody night."

"What about CCTV?"

"No point, the service bay is supposedly never used."

"Right then, I'll do it! I've infrared kit I bought back from Nigeria. I'll have your proof in no time!!"

Two days later..

"..and he never came back?" The Boss asks.

"No, he mentioned something about Nigeria and Malaria, and that was that."

. . .

"I feel a bit sorry for him," The PFY blurts.

"Nonsense!" I respond, pointing at the IR CCTV monitor. "Look, he's found those old pot noodles. That should keep him going another day! And he's still got 1/2 a cup of urine left. LUXURY!"

"I still..."

"OK, well we are a bit strapped of things to do. Tell you what, you can choose what you want to do, let him out before he goes insane, OR, restore your porn archive?"

"I'll get the backup tapes..."

Ah well. ®

BOFH is copyright © 1995-2001, Simon Travaglia. Don't mess with his rights.

Secure remote control for conventional and virtual desktops

More from The Register

next story
The cloud that goes puff: Seagate Central home NAS woes
4TB of home storage is great, until you wake up to a dead device
Fat fingered geo-block kept Aussies in the dark
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
Intel offers ingenious piece of 10TB 3D NAND chippery
The race for next generation flash capacity now on
Want to STUFF Facebook with blatant ADVERTISING? Fine! But you must PAY
Pony up or push off, Zuck tells social marketeers
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story


Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.