Feeds

BOFH: A safe bet

Bet your ass they wish to proceed

  • alert
  • submit to reddit

Mobile application security vulnerability report

Episode 1

"It's a Christmas miracle!" the PFY gasps, opening the safe door after our extended Christmas break to find... nothing.

"Hardly," I say, reaching down to the floor of the safe to retrieve a business card from amongst the coins and cards than no doubt fell out of the Boss's wallet. "Secure Safe Services. Protected Storage experts. 24 Hr on call."

"He had someone in to open the door!" the PFY swoons.

"Yes they did," our Boss snaps from the doorway behind us. "I managed to reach Directory Enquiries and get an answer before my cellphone battery died – and even more unbelievably the first person I called was willing to come out to sort the problem out. And I think you know what this means..."

"I won't be needing the roll of carpet, the company van and half a can of odour neutralising air freshener?" the PFY queries.

"No..."

"That the tape safe isn't airtight like the manufacturer claimed?" I ask. "Nor does it block radio signals."

"Yes... But no."

"What then?"

"You're for the high jump!" the Boss snaps. "That's attempted murder!"

"What is?" I ask

"Trying to lock me in the safe over the holidays!"

"Nonsense!" the PFY says. "You shut yourself in the safe after having heaps of lagers and sending out that email about playing hide-and-seek on the last day."

"What email?"

"Trust me," the PFY says. "In no time at all there'll be email messages from you to the IT staff about a hide-and-seek marathon on the last day."

"And if you're not careful there'll be emails from you to the HR staff about a hide-the-sausage marathon on the last day as well!" I add.

"People would have said something!” the boss snaps back.

"Not if they didn't know they'd got a message. Like if it's sitting in their Junk Email folder. Until they get a message from the systems people asking them to check it for messages 'that might have got misdelivered over the break'.”

"There's no proof!"

"Not yet - but then we're not talking court-of-law here, we're talking court-of-public-opinion. In a court of law they're looking for proof that you definitely did something, whereas in the court-of-public-opinion they're just looking for a hint that you might have done something – to fuel the rumour of you being a perverted sleaze with a fetish for enclosed spaces..."

"There's no proof I sent the messages, though."

"Oh you mean like computer forensics?" I say. "Then you haven't seen the PFY's tools for tampering with timestamps and injecting questionable phrases and image data into unallocated regions of a hard drive. Not to mention the one for manipulating the Exchange server to insert messages at certain times – from target machines. They're works of art. Honestly, as 'evidence generation' goes it's so compelling you'll be wondering yourself if you don't have some hidden tendencies that need a bit of over-voltage to sort out.."

"So... what are you proposing?"

“I'm proposing we put all these 'misunderstandings' behind us and start the year with a clean slate. We forget all that happened last year and start afresh this year."

"I... suppose so," the Boss concedes.

“And so I assume that you'll have to make some revisions to the statement that you no doubt made to security at the end of last year?”

“I... Yes.”

“Something along the lines of a terrible misunderstanding when you were feeling a little tired and emotional and that you're really sorry if you made any unfounded allegations out of jealousy and spite.”

“I... OK.”

“Now, perhaps?” I say, picking up the phone receiver and handing it to him

Five minutes later the call is made. With a little bit of help from the PFY and myself the Boss manages to concoct a story to appeal to Security's neadertal intellect (ie an EastEnders episode) about a cocktail of fear, jealousy and high alcohol lager forcing him to make some rash statements that now, in the light of day, he regrets.

“So that's it then?” the Boss says. “No fake email messages?”

“Scout's honour. In fact, I'm feeling so good about it, I won't even keep all the crap you dropped in the bottom of the tape safe last year.”

“Ah yes, that. I'd better get it as it has my gym membersh... >nudge< >SLAM<

“I thought you said start the year with a clean slate?” the PFY asks.

“The year started two weeks ago. Now gimme a hand wrapping the safe in tinfoil before Directory Enquiries can answer...”

Bridging the IT gap between rising business demands and ageing tools

More from The Register

next story
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
FLAPE – the next BIG THING in storage
Find cold data with flash, transmit it from tape
Seagate chances ARM with NAS boxes for the SOHO crowd
There's an Atom-powered offering, too
Gartner: To the right, to the right – biz sync firms who've won in a box to the right...
Magic quadrant: Top marks for, er, completeness of vision, EMC
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.