Feeds

The Bastard goes email snooping

Easy if you try

  • alert
  • submit to reddit

Gartner critical capabilities for enterprise endpoint backup

Episode 12 BOFH 2002: Episode 12

"But how do we

KNOW

that they're not reading our email?" a geeky type from payments asks The Boss over an evening beverage at the company bar.

"Because the software doesn't let them" The Boss replies, dipping a tentative toe in technology for a second.

"Yes, but how do we know that they don't change that software to allow them to do it anyway?" he persists.

"Numbers," The PFY chips in sagely.

"Numbers?"

"Yes. There's what, 600 people working here - all getting email from people all over the country and the world. To look at their email, we'd have to go through each and every mailbox checking all their messages. We just wouldn't have the time to do it!"

"Yes, but you could if you only wanted to read ONE person's mail."

"Well I suppose we COULD, but we'd have to have some sort of reason. You know, something that would make us wonder what a person is hiding..."

"Right, yes, OK! Well I suppose that covers it! Drinks anyone?" he responds hastily.

***MENTAL NOTE TAKEN***

... The next day dawns, and even The Boss is showing an interest - wanting to know if the person in question has a skeleton or two in the closet...

"..and what you're looking for is files which look like they should be there, but really are out of place. Like.... THAT ONE!" The PFY explains, pointing at a folder on the screen.

"PAYSHD.ZIP! Won't that be a Pay.... Schedule file or something? Hardly worth looking into.."

"That's just what he wants you to think..," The PFY murmurs disparagingly. "But your average beancounter doesn't even know his trouser zip exists, let alone Winzip. No, this is progress! 20 megs of premo smut I'd wager!"

"You don't know that!"

"Know it - no. But after a while you get a nose for these things. That baby is just out of place. But don't take my word for it >clickety< >click<. Ah-HAH!"

"What? It's just an encrypted zip file?"

"Yes indeed, and encrypted file, full of smut!"

"It could be ANYTHING!"

"Yes, you're right. Our user has an encrypted ZIP file, which contains an encrypted zip file - and there's nothing suspicious about that..."

"He might just be being cautious."

"Oh, I think you're right there. But lets just see. First, unencrypt the contents >clickety< using his >clickety< NT password."

"I thought passwords were stored encrypted!!!"

"Normally, yes, but for our users, no,"

"Why not?!?"

"It'd make their using their email harder for a start."

"You login to their accounts and read their email!!!?!?!"
.
"Of course not!"

"Oh!"

"No, we use the ADMIN tool to read their email - it's much faster."

"So how having their password it make email reading easier?"

"Oh, well, we can login as them and SEND email - you know, to get more email to read. For instance, I might send one from you to that woman from personnel you were chatting up last week - suggesting a quick candlelight dinner somewhere."

"YOU SENT EMAIL FROM MY... What did she say?"

"No no, I was just using it as an example."

"Oh."

"Mind you, I wouldn't develop a nervous twitch in your eye when you're talking to that big bloke from stores as he's definitely... not interested."

"!" he half gasps.-0

"Sorry about that, just testing the interface."

"But my email is electronically signed with that key you got for me!"

"Indeed it is, but THAT key in turn is signed by an authority just a whisker away from being what's known as a 'trusted' authority."

"A whisker?"

"Well.. more like a beard."

"Which company was that then?"

"Trusty Amal's Key Registry Services. Two quid for a 64-bit key issued for 50 years!"

"Isn't 64 thingies a little bit.. insecure?" The Boss asks remembering something from technology nursery school.

"In the banking world, yes, but for your correspondence, no."

"Why not?"

"Well it's a risk reduction thing."

"How does it reduce risk?"

"You don't have to take the risk that someone will torture it out of you some day. Sort of a proactive escrow."

"So you were thinking of me the whole time?"

"Of course."

The Boss decides to cut his losses here and move on.

"So why are we continuing looking through this user's files if we've found something?"

"Well, it was too easy. And when you're a sad beancounter type, you're sort of expected to spice up your life with a couple of pictures of Barbara Cartland taking on a midget wrestler or two. No, this guy's really hiding something.."

"Like what?"

"Oh something that he doesn't want anyone to know about. Cutting Edge Porn, Dirty Stories, A Train Spotter mailing list!"

"Isn't that illegal?!"

"I don't know about the first two, but I'm fairly sure the last one is, and we should be able to find out.... >clickety< veerrrry shortly, as he's used the same password twice."

"What is it?" The Boss gasps.

"It's a pay Schedule file - amounts, people, etc. What a bust."

"So what was he hiding?"

"Well there are several different train timetables in his inbox.." I murmur.

"I'll call the cops!" The PFY says.

Two hours later the police have left, after being most unhelpful. Of course they questioned the bloke concerned, but with the liberal laws these days, people can get away with trainspotting without charge. Personally, I blame the government.

Still, The PFY and I while away the intervening hours thinking up ways to cement The Boss's relationship with that bloke in stores, while the bloke concerned (after the first message anyway) whiles away the hours thinking up ways to cement The Boss in stores.

It's a funny old world. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
The Return of BSOD: Does ANYONE trust Microsoft patches?
Sysadmins, you're either fighting fires or seen as incompetents now
Microsoft: Azure isn't ready for biz-critical apps … yet
Microsoft will move its own IT to the cloud to avoid $200m server bill
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
Flash could be CHEAPER than SAS DISK? Come off it, NetApp
Stats analysis reckons we'll hit that point in just three years
Oracle reveals 32-core, 10 BEEELLION-transistor SPARC M7
New chip scales to 1024 cores, 8192 threads 64 TB RAM, at speeds over 3.6GHz
Object storage bods Exablox: RAID is dead, baby. RAID is dead
Bring your own disks to its object appliances
Nimble's latest mutants GORGE themselves on unlucky forerunners
Crossing Sandy Bridges without stopping for breath
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.