Feeds

BOFH: Operation bean the beancounter

Pre-emptive strike

  • alert
  • submit to reddit

Application security programs and practises

Episode 25

"Okay, so where are we at?" I ask the PFY as I review plan 32 beta.

"Right then," the PFY responds with the ruthless efficiency of a seasoned professional. "32 Beta is a GO! At oh seven thirty and I printed 12 copies of >shuffle< this >shuffle< picture to various printers around the building."

"Ah," I say distastefully. "Nasty. It's a bit sledgehammer-when-a-tack-hammer-would-do isn't it?"

"It's all to do with efficiency," the PFY says. "Nothing says pervert like farmasutra."

"And you';ve printed it with this header info?" I ask.

"Some yes, some no. Some refer to the user's home directory and some will appear to be printed directly from the website."

"I see. And you've dropped this picture into his home directory?"

";That and several others from the series."

"The series?" I shudder.

"Oh yes," the PFY says, shaking his head sadly.

"And?"

"I've modified the file access times so they look like they were downloaded just after morning tea yesterday and modified the web log entries to back that up."

"And?"

"And what?"

"It's hardly incriminating is it?"

"I... sure it is!"

"No. He could fall back on the 'it must have been a virus' defence, or the 'I think something went wrong with my peer-to-peer app'. Look, pop down to Boots, grab a large packet of tissues and a tub of moisturiser. Chuck half the tissues and half the moisturiser out and make sure the moisturiser jar is nice and greasy. Appearance is everything. Then slap it into his desk drawer, third one from the top."

"Third from the top?"

"Yeah, he's a beancounter. The top one will be full of pens and the one below it will be full of reserve pens and stapler refills. The others will be empty. AND?"

"And what?" the PFY asks.

"The website?"

"The website? OH, yes, the website. I've established a history of posts to a blog over the past two days under an alias of his surname backwards, expressing my abiding interest in meeting other men with a love for... the animal.. kingdom. So to speak."

"Okay, so it's all systems go then!" I blurt.

"Or not!" the Boss snaps, creeping into Mission Control from where he must have been hiding.

"Or not what?" the PFY asks innocently.

"Or not... to frame someone."

"Eh?"

"Your plan, to print pictures like this >shuffle< to frame one of our accountants. THIS GUY ONLY STARTED YESTERDAY - he can't have annoyed you already!"

"It's a pre-emptive strike," the PFY explains. "He's bound to do something."

"No, he's not!" the Boss gasps, reeling from the unfairness of it all.

"He is," I counter. "He was brought on with the brief of examining asset management, inventory control and depreciation."

"But maybe he's not interested in you!"

"...Azariah," the PFY adds.

"Eh?"

"Nothing, just a bit of antipodean humour. But we digress, because of course he's going to be interested in us - IT assets are some of the most poorly recorded around because beancounters traditionally didn't know whether you were buying an item in its own right or an item which was part of an item."

"Huh?"

"In our asset database will be graphics cards from thousands of years ago when 32 Meg of onboard memory was worth more than Posh Spice's underpants on eBay. And they were typically issued an asset number because of their book value, then slapped inside a machine with it's own asset number. When the machine was binned, it was written off, but the card wasn't. Same with large monitors, disk drives, etc."

"Which will in turn will mean," the PFY continues. "That we'll get all the asset inventory and depreciation track down work which will take weeks of wandering around the building checking stickers, working out what we have and don't have..."

"...Trying to remember what you've stolen you mean..." the Boss suggests, unkindly.

"Alternatively, it's far simpler for us to plant the seed that all beancounters are secretly perverts with a fetish for donkeys."

"So you're going to send out a stack more of these are you?"

"Why not?" I ask. "We'll keep framing beancounters until the company stops appointing them."

"Of course not, no that's just dealing with the symptoms, the real problem is the inventory system."

"And your solution to that is?"

"Plan 32 Alpha, totally destroy the asset database."

"It's backed up," the Boss says.

>BZEEERT< >BZEEERT< >BZEEERT< >BZEEERT< >BZEEERT<

"Not any more," the PFY.

"It's on RAID!"

>Clatter< "Not with that disk removed it's not."

"But it'll still work with one disk removed."

>Clatter< "But not two."

"It will if you put it back in."

>CRUNCH<

"Not now it won't."

"It you put the other disk back... >CRUNCH<"

"Oh dear," the PFY says, putting his hammer down. "We appear to have lost the asset management system."

"I... suppose it's pointless asking you to have a look at my laptop then?"

"Of course not!" the PFY gasps, picking up the hammer again. "Bring her in - it may have depreciated so much you need a new one..."

Eight steps to building an HP BladeSystem

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
SHOCK and AWS: The fall of Amazon's deflationary cloud
Just as Jeff Bezos did to books and CDs, Amazon's rivals are now doing to it
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
BlackBerry: Toss the server, mate... BES is in the CLOUD now
BlackBerry Enterprise Services takes aim at SMEs - but there's a catch
The triumph of VVOL: Everyone's jumping into bed with VMware
'Bandwagon'? Yes, we're on it and so what, say big dogs
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.