Feeds

BOFH: A safe bet

Bet your ass they wish to proceed

  • alert
  • submit to reddit

Application security programs and practises

Episode 1

"It's a Christmas miracle!" the PFY gasps, opening the safe door after our extended Christmas break to find... nothing.

"Hardly," I say, reaching down to the floor of the safe to retrieve a business card from amongst the coins and cards than no doubt fell out of the Boss's wallet. "Secure Safe Services. Protected Storage experts. 24 Hr on call."

"He had someone in to open the door!" the PFY swoons.

"Yes they did," our Boss snaps from the doorway behind us. "I managed to reach Directory Enquiries and get an answer before my cellphone battery died – and even more unbelievably the first person I called was willing to come out to sort the problem out. And I think you know what this means..."

"I won't be needing the roll of carpet, the company van and half a can of odour neutralising air freshener?" the PFY queries.

"No..."

"That the tape safe isn't airtight like the manufacturer claimed?" I ask. "Nor does it block radio signals."

"Yes... But no."

"What then?"

"You're for the high jump!" the Boss snaps. "That's attempted murder!"

"What is?" I ask

"Trying to lock me in the safe over the holidays!"

"Nonsense!" the PFY says. "You shut yourself in the safe after having heaps of lagers and sending out that email about playing hide-and-seek on the last day."

"What email?"

"Trust me," the PFY says. "In no time at all there'll be email messages from you to the IT staff about a hide-and-seek marathon on the last day."

"And if you're not careful there'll be emails from you to the HR staff about a hide-the-sausage marathon on the last day as well!" I add.

"People would have said something!” the boss snaps back.

"Not if they didn't know they'd got a message. Like if it's sitting in their Junk Email folder. Until they get a message from the systems people asking them to check it for messages 'that might have got misdelivered over the break'.”

"There's no proof!"

"Not yet - but then we're not talking court-of-law here, we're talking court-of-public-opinion. In a court of law they're looking for proof that you definitely did something, whereas in the court-of-public-opinion they're just looking for a hint that you might have done something – to fuel the rumour of you being a perverted sleaze with a fetish for enclosed spaces..."

"There's no proof I sent the messages, though."

"Oh you mean like computer forensics?" I say. "Then you haven't seen the PFY's tools for tampering with timestamps and injecting questionable phrases and image data into unallocated regions of a hard drive. Not to mention the one for manipulating the Exchange server to insert messages at certain times – from target machines. They're works of art. Honestly, as 'evidence generation' goes it's so compelling you'll be wondering yourself if you don't have some hidden tendencies that need a bit of over-voltage to sort out.."

"So... what are you proposing?"

“I'm proposing we put all these 'misunderstandings' behind us and start the year with a clean slate. We forget all that happened last year and start afresh this year."

"I... suppose so," the Boss concedes.

“And so I assume that you'll have to make some revisions to the statement that you no doubt made to security at the end of last year?”

“I... Yes.”

“Something along the lines of a terrible misunderstanding when you were feeling a little tired and emotional and that you're really sorry if you made any unfounded allegations out of jealousy and spite.”

“I... OK.”

“Now, perhaps?” I say, picking up the phone receiver and handing it to him

Five minutes later the call is made. With a little bit of help from the PFY and myself the Boss manages to concoct a story to appeal to Security's neadertal intellect (ie an EastEnders episode) about a cocktail of fear, jealousy and high alcohol lager forcing him to make some rash statements that now, in the light of day, he regrets.

“So that's it then?” the Boss says. “No fake email messages?”

“Scout's honour. In fact, I'm feeling so good about it, I won't even keep all the crap you dropped in the bottom of the tape safe last year.”

“Ah yes, that. I'd better get it as it has my gym membersh... >nudge< >SLAM<

“I thought you said start the year with a clean slate?” the PFY asks.

“The year started two weeks ago. Now gimme a hand wrapping the safe in tinfoil before Directory Enquiries can answer...”

Eight steps to building an HP BladeSystem

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
SHOCK and AWS: The fall of Amazon's deflationary cloud
Just as Jeff Bezos did to books and CDs, Amazon's rivals are now doing to it
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
BlackBerry: Toss the server, mate... BES is in the CLOUD now
BlackBerry Enterprise Services takes aim at SMEs - but there's a catch
The triumph of VVOL: Everyone's jumping into bed with VMware
'Bandwagon'? Yes, we're on it and so what, say big dogs
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.