BOFH: What do you mean the system's being audited?

Thrown to the wolves

  • alert
  • submit to reddit

Protecting against web application threats using SSL

Episode 12

"So if we go to your website and build this software, download and deploy it through a group policy over our domain - the machines will all report on the OS, software and version information that they have installed?" the PFY asks.

"Yes," Sonya, our friendly root-of-all-evil sales rep says, with the Boss nodding happily in the background.

"And the information will be stashed in a database so that we can get pretty reports for our managers - and no one else?"

"No one," evil says.

"And you're not going to use it to just have a peek to see if we're violating our software licenses for your products?"


"Not even so that you can tell how many people are using someone else's software instead of yours?"


"Not even to tell which software you should be developing in the future?"

"Not even then."

"Not even to tell which companies you should be buying in the future?"


"Not even if it saved your company millions and millions - and millions - of dollars?"

"No, it's a client service," our rep says - in the same tone of voice the proctologist uses when he tells you that you'll hardly notice the maglite and tree felling wedges he'll be using in the next procedure.

"Not even if Beelzebub himself asks for it?"

"Still no," our rep says.

"...Liar, liar pants on fire!" the PFY responds.

"Look," the Boss snaps, wading into the argument. "This is a fantastic opportunity for you to offload some of your more onerous tasks. They're doing it to help you! You can install this program and then when we need information about what software we're running, what we should be buying, and what needs upgrading, we can just go to their website and look - and it's all up to date!!"

"It's a waste of time. And an invasion of our privacy," the PFY says defensively.

"I think you're just exaggerating - it's a wonderful opportunity for us, and I'd like you to at least trial it. If we don't like it we can just uninstall it later. We'll take a look at it and see if the information it provides us is worth the effort."

...half an hour later when Mission Control empties...

"This is bad!" the PFY mumbles, pacing about the place. "Really bad!"

"What do you mean bad?" I ask. "We'll deploy the app, it'll come back and tell us that we have about 600 machines and maybe we'll discover that we need to get a few licenses for stuff which shouldn't in theory be running."

"What about if it came back and told us that we had about 2,000 machines?"

"No, it doesn't look at license keys issued, it looks at actual machines."

"That's what I mean," the PFY says, looking around furtively.

"What do you mean?"

"Well, you know when that bloke from across the road needed some help in setting up their domain a couple of years ago?"


"And you know how I did most of the donkey work for him..."

"Uhhmm, if you say so."

"You know, bought and installed the domain controllers, bought the client licenses, bought and installed the CALs for all their office prod..."

"You didn't!" I gasp.


"You joined them to our domain with the site license."



"I...think we have bigger problems."

"What do you bloody mean, WE? WE implies some form of partnership - consultation - profit sharing."

"Well if this is just about the money..." the PFY begins.

"That's right," I nod.

"And not about the harsh personal consequences that might befall you as the signatory of the site license documents and chief administrator of the systems concerned..."

"You bastard! You had this all worked out didn't you?"

"No, no, it was just luck that you were the one doing the signing this year. As opposed to the planning that went into ensuring that the ownership of the OU concerned was you - which will probably show up when I click the deploy button," the PFY says, finger hovering over his mouse.

"Okay, okay. Truce," I say. "It's a simple problem - deploy the app tonight, then drag a DC over to their building early tomorrow. Isolate them from the world and tell them there's been a network outage and they won't get the software or show up on the scan."

"That'll only buy us a couple of hours - we need at least four hours apparently."

"If you need an extra couple of hours, set a skip bin on fire and fan the smoke into the ventilation system - then break a stack of sprinkler heads inside after everyone evacuates," I say, recalling an old favourite.

"I suppose it's a plan."

...the next evening...

"Did you see the place across the road had a full blown evacuation today?" the Boss asks as the PFY enters Mission Control, pausing momentarily upon seeing Sonya back in the office.

"Really?" I say. "I was out collecting some gear from offsite."

"Bid scene," the Boss burbles. "Anyway back to the review - so we're pretty much A-OK for licenses and our software's mostly up to date. There was just the one problem."

"Problem?" the PFY asks.

"Yes, a bit of...well...piracy going on."

"Piracy? I thought the tool wasn't going to be used as a stick to beat us with?" then PFY snaps.

"It's not," the Boss says. "I called Sonya in because someone's installed a stack of games on a couple of machines and Simon suggested she could tell me if she could help me track them down."

"YOU suggested?" the PFY says, looking to me.

"Well yes," I say innocently. "Because of course piracy is everyone's problem."


"Yes," the Boss says. "Sonya was able to find out that the license keys used were ones available on a pirate website."

"But the good news is," I say. "That they're not work machines - they are personal machines, and shouldn't even be plugged into the network. These machines in fact."

I point to a box with a couple of portable gaming rigs which look as impressive now as they did when I stole them from the PFY's front room this morning.

"And we were just discussing that since the machines have no identifiable owners there's no one to be referred for prosecution."

"Oh," the PFY says, masking a measure of relief.

"And as there's no identifiable owner Simon felt that perhaps Sonya's company might want to clean the machines up and donate them and some software to a suitable charity..."

"Did he?" the PFY seethes.

"And he suggested that you might be able to donate some of your time to helping erase them..."

"I don't thi..."

"Hey - why don't we check with the hardware vendor to see if the warranty card was filled out?" I suggest.

"Oh I suppose I can do it now," the PFY says.

"Isn't it great when everybody wins?" I ask.

Choosing a cloud hosting partner with confidence

More from The Register

next story
Wanna keep your data for 1,000 YEARS? No? Hard luck, HDS wants you to anyway
Combine Blu-ray and M-DISC and you get this monster
US boffins demo 'twisted radio' mux
OAM takes wireless signals to 32 Gbps
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Google+ GOING, GOING ... ? Newbie Gmailers no longer forced into mandatory ID slurp
Mountain View distances itself from lame 'network thingy'
Apple flops out 2FA for iCloud in bid to stop future nude selfie leaks
Millions of 4chan users howl with laughter as Cupertino slams stable door
Students playing with impressive racks? Yes, it's cluster comp time
The most comprehensive coverage the world has ever seen. Ever
Run little spreadsheet, run! IBM's Watson is coming to gobble you up
Big Blue's big super's big appetite for big data in big clouds for big analytics
Seagate's triple-headed Cerberus could SAVE the DISK WORLD
... and possibly bring us even more HAMR time. Yay!
prev story


Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.