Feeds

BOFH: The secret gentlemen's club

Never say never again

  • alert
  • submit to reddit

Mobile application security vulnerability report

Episode 8

It's mid afternoon and the PFY and I are sneaking around the building in pursuit of the IT director because he's acting funny...

[READER: DEGAUSS NOW FOR FLASHBACK REALISM!]

...10 minutes ago...

"Right, so you just want this signed then?" the director asks, scribbling blindly at the bottom of the page. "Okay, now if you'll just excuse me..."

"Thanks," I say, realising he wasn't the least bit interested in what he was signing. "Oh! and I just remembered that we needed to get a batch of LTO4 tapes."

"Uh-huh, well I'm sure you can bring that to me later."

"No hang on, I can fill the P/O out now," I say, grabbing a blank purchase order from a tray on the desk.

"Tell you want - how about I sign it and you just fill it in at your office?"

"Sure."

>scratchy< >DASH<

[READER: DEGAUSS AGAIN!]

...Present day...

Now, I'm not one to check a gift horse for cavities, but after an IT director signs what's effectively a blank cheque without batting an eyelid the PFY and I want to know what's up...

"Entering the boardroom," the PFY chirps over the walky-talky.

"So he's in there?" I say, when I get there moments later.

"Yep."

"Who else went in there?"

"No one."

"Hear anything?"

"Nothing," the PFY says, opening the door...

...to an empty room ...

"He's gone!"

"Are you SURE you saw him go in here?" I ask.

"Positive!"

"So there must be some other way out..." I say, checking the carpet for... "THERE!"

"Where?"

"There - see there's a wear pattern in the carpet which ends there. There's a door there. And that - that's not a blanking plate, that's a prox reader!"

"Wow!" the PFY says, holding his card up to the reader. "Nothing!"

"I'll try mine," I say... Nothing. "Wait a minute, what about if I try..."

>bip< >bip< >hummmm<

"What card was that?" the PFY asks as we step into a small alcove. The door humms closed behind us and a fan above us whirrs into life. "This is like a bloody airlock!"

"Indeed," I agree. "The card was a diagnostic one that happened to fall from the wallet of our alarm and lock installer."

"Just happened to 'fall' did it?" the PFY asks sarcastically as another door hums open in front of us. "Bloody hell!"

I concur with the PFY as we enter a well-lit office-sized white room with a couple of armchairs, a small table and a selection of today's newspapers. At the other side of the room, another door with a red light glowing above it.

"This is like a Bond movie!" the PFY gasps "What's behind the door, do you think?"

"Let's find out shall we?" I say, trying the handle. "Locked - and no prox reader. But wait, if I slide the card between the lock and the back of the door frame...” >click<

"Oh," the PFY says, disappointedly as we enter the next - smaller - room and the door >clack

"Yes, a bit of a disappointment,", I admit as we find the room contains only a small handbasin and a cupboard with a selection of men's toiletries. "You know, I think this might be a..."

>FLUSH!<

"...executive toilet," the PFY finishes disappointedly. "I thought they only had these in B-grade sitcoms."

!!!

>click<

"What the hell are you doing in here!?" the director snaps as the door >clack

"I could ask you the same thing!" I say.

"I have a KEY for this room," he responds, waving a card at me. "Given to me by the CEO himself. It's a huge honour to get access to this room - half the board don't even know it exists!"

"And how'd you come to get one?"

"I... helped the CEO with a sensitive matter."

"Not the sensitive matter that the PFY and I were working on a couple of weeks back - recovering the images from a digital camera card?" I ask.

"I..."

"So TECHNICALLY it should be us using this and not you?" the PFY asks.

"Oh you'd never get access to this place, it's worse than a gentlemen's club," he responds. "There's rules! Put one foot wrong and you're out! But if you're in, the world's your oyster - you're fast-tracked for success!"

"I see," the PFY says. "So how do we get out?"

"What do you mean?"

"We seem to be locked in."

"You shouldn't be in here in the first place - it's all computer controlled. You've probably upset it. But I'll just try >Gush< >Whirrr< >Click< There!"

"Ah," the PFY says as we exit to the large room. "You have to wash your hands before the door opens."

"Yes," the director says, pointing at the exit. "But that door's supposed to open at the same time."

"So we are locked in?" the PFY says, looking at the ceiling. "I could trip the fire alarm, which'll probably open the doors."

"NO!" the director blurts. "If there's any upset - however small - they'll find out from the card that I've been in here and I'll be blackballed."

"Let's think of this logically," I say. "The place isn't on the normal access network and has some form of door control logic. I'm guessing that the controller is local to this room, so scan the place for an access panel..."

"Found it!" the PFY says seconds later after moving an armchair. "Let's have a look then... Ah, the door logic's based around a PIC! Those are the input lines, those are the outputs and they're the power transistors."

"But can you open the door without raising an alarm?"

"Yeah - if you give me some time - but all this talk of toilets and everything, I'm bursting!"

"Use the toilet!"

"I can't, THAT door's locked!"

"I... use.. the basin then," the Director says. "But you must NEVER tell anyone!"

"Ok."

>click< >clack<

Two minutes later...

>click< >clack<

"So you're ok then?" the director snaps hurriedly.

"Yeah.. but uh... do any of you have any paper?"

"Oh, he's passed out!" I blurt. "Skip the donkey work, power the controller down and it'll probably fail open."

>prod< >click< >clack< >whirr< >humm< >humm<

Out not a moment too soon either, as the CEO skulks past us towards the boardroom..

[READER: DEGAUSS FOR FADE OUT]

Bridging the IT gap between rising business demands and ageing tools

More from The Register

next story
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
FLAPE – the next BIG THING in storage
Find cold data with flash, transmit it from tape
Seagate chances ARM with NAS boxes for the SOHO crowd
There's an Atom-powered offering, too
Gartner: To the right, to the right – biz sync firms who've won in a box to the right...
Magic quadrant: Top marks for, er, completeness of vision, EMC
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.