Feeds

BOFH: Oh Bondage, Up Yours!

DNS hijack

  • alert
  • submit to reddit

Application security programs and practises

Episode 7

More wonders from the House of BOFH™

BOFH 2002: Episode 7

So I'm sitting at my desk reading an online computing rag when The Boss trundles in.

"Could you add this name to our website please?" The Boss asks, handing over a glossy brochure with the Company's name emblazoned all over it, complete with the website address of our competitors.

"That's not our domain name," I murmur, pointing to the offending text.

"Yes, it's a good idea isn't it? We advertise our stuff with the opposition's site address, and then we get all their customers because all their people will come to our site!!!"

"They'll come to OUR site?"

"Yes! It's this idea a guy in marketing had. If we use their name, but tell our web server to talk to anyone who wants to get to their website - we'll get all their customers!!!"

The savouring process begins.

"So let me get this straight - We use their website address and get all their customers to our website?"

"By telling our server to pretend to be their server, yes."

"And this would work how?"

"The same way it did when you told our server to pretend to be the 'www' and 'jobs' servers. You know, virtual site, or whatever."

"Ah, Of course. But wait! I've got a better idea - Why don't we pretend to be Microsoft.com - and then we'd get all their web traffic - and that's bound to be a stack more than we'd normally get! And then, when people automatically go for one of those patches to make Windows less secure, we can advertise to them!"

"Do you think it would work?!" The Boss gasps.

"As well as the first plan!" I respond.

Before I get a chance put the slipper in repeatedly, he's off to assemble the Marketing Crew to tell them of his latest plan.

The PFY gives me a withering look which can only mean he thinks I'm digging a hole to fall into..

Half an hour later I'm starting to think that maybe he's right. The Boss is back with a huge list of dotcoms that the Marketing Dept has come up with that we could use to further our products.

"Cisco.com - very good, Yahoo and Hotmail - excellent, yes, it looks like you've got a good list here. You realise that they're likely to complain.."

"Really?"

"Oh yes. And then it's legal problems - us having nothing to do with that industry - no end of hassles. Same for government sites."

"Oh," The Boss burbles sadly, no doubt wondering how he can break the bad news.

"Although I suppose you could use all the sites that get a stack of traffic, but have a less than happy existence with the legal system."

"But you said that we can't use Microsoft."

"No, I was thinking Porn sites."

"Porn sites?"

"Yes, Porn Sites. They get a stack of traffic and have a less-than-happy existence with legal authorities."

"Do they get that much traffic?"

"Well from our site alone the porn industry gets more hits than our website gets from the rest of the world."

"Really."

"Yes! I can show you the logs if you like! You'd be surprised who's looking at wha.."

"That won't be necessary," The Boss chips in guiltily. "So which sites should we use?"

"The popular ones, obviously."

"And they are?"

"Oh I don't know, I'd have to go and look to see which have a lot of content."

"How long would it take?"

"Oh, hardly any time at all - two, maybe three days."

"I've got installations to do!" The PFY blurts, not succeeding in masking his annoyance.

"I think that the installations could wait a while," The Boss responds.
10 minutes later..

"THREE DAYS OFF TO BROWSE PORN!" the PFY cries. "I LOVE MY JOB!"

"I think you're missing the point," I respond. "We're trying to find sites that would be used to promote the company, which means that you'll be grading sites on the following criteria: The number of visitors; Originality and breadth of content; Specialist Content and quantity of content. Once you've rated the sites on these scales you would TELL ME ABOUT IT TOO BECAUSE I LOVE MY JOB AS WELL!!!!"

..Three days later...

"..And unfortunately, it transpires that you can't pretend to be a site which is already set up, as the DNS won't direct enquiries to your machine simply because you pretend
to be that site!"

"This is terrible!" The Boss blurts. "So we can't even use our opposition's site name after we printed all that promotional material?"

"No."

"So the whole thing's been a complete waste of time."

"Pretty much. Although we do have a comprehensive list of the best free porn sites in the world"

"Hmmm. Well I suppose we might be able to use it for some marketing purpose. May as well fire me an email message listing them."

"I DONT THINK so!" The PFY interjects.

"Look I don't have time to argue with you, just send me the message so I have something to prove that I wasn't wasting your time for three days."

"50 quid."

"That's preposterous! I'm not going to pay for research that you did on company time. And charging fifty pounds for it is ridiculous."

"Indeed it is," I cry. "It's worth at least 100! What with all those Teen, Bondage and Webcam sites you found yesterday."

"Bondage sites?" The Boss mumbles.

10 seconds later...

"And tell all your friends.." I say as The Boss leaves the office, while giving The PFY his cut.

"Fifty quid bonus!" The PFY blurts happily.

"I think you'll find it's 100 quid."

"No, just 50!"

"50 now, but 50 more when The Boss wants me to turn off website blocking (with our new updated list) in about 10 minutes."

"It's like a dream, isn't it?" he responds. "Only better." ®

BOFH is copyright © 1995-2002, Simon Travaglia. Don't mess with his rights.

Bridging the IT gap between rising business demands and ageing tools

More from The Register

next story
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Attack of the clones: Oracle's latest Red Hat Linux lookalike arrives
Oracle's Linux boss says Larry's Linux isn't just for Oracle apps anymore
THUD! WD plonks down SIX TERABYTE 'consumer NAS' fatboy
Now that's a LOT of porn or pirated movies. Or, you know, other consumer stuff
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.