Feeds

Nasty BOFHses. It burns us! It burns...

What's that, Boss? Speak up, would you?

  • alert
  • submit to reddit

Protecting against web application threats using SSL

Episode 7

"Where's my car park gone?" I ask Security as I wander into the building in a very irritated manner.

"What car park?" Security asks

"My Car park. Basement level 2. Right beside the lifts. Now apparently somewhere inside a large concrete room."

"Oh, that. Well we can't really talk about that."

"How about a hint?"

"I... Well.,. It's the new Secure room and Security Centre."

"Secure room?" I ask.

"Yes, the Corporate panic room. Where the board members would retreat to in the event of a terrorist attack."

"Terrorists? Who the hell's going to attack this place?"

"Dissidents. The disenfranchised!" he nods. "We're a target."

"You mean... al Qaeda?" I ask, using the words that can add a zero to the end of a security budget with the flimsiest of supporting evidence.

"Yes. And others!"

"Really? Remind me... why would they attack us again?"

"Because they hate freedom!"

"Of course. And this company represents freedom in what way?"

"I... uh... well we might be a strategic target."

"We're less strategic than the public toilet down the street - but I do appreciate the cunning involved in scamming a new office by pretending that the corporate big wigs would be able to use it in the event of a terrorist attack."

"They can!" Security assures me. "It's state-of-the-art stuff. In the event of an emergency the lift automatically goes to level 6, does IRIS recognition of board members, then delivers them to the secure room, which then goes into 48-hour lockdown, nothing in or out."

"They'd starve!" the PFY says, wandering into the conversation with a set of car keys and a disgruntled expression. "Is that where my car park's gone?"

"Surely you must have noticed it before now?" Security asks. "They've been building it for weeks."

It's a damning indictment of my attention to company detail. Not only did I miss out on Security's presentation to the board to approve who-knows-how-much for a new hidey hole, I didn't even notice a large construction taking place in my own building! I really should drive to work more often...

"Anyway, they wouldn't starve" he continues. "It's a fully functioning panic room with enough food and supplies to accommodate eight people for at least a week. A lot of companies are doing it."

"They'd never last a day. They'd get sick of each other and leave," the PFY opines.

"They can't. The first 48 hours are complete physical lockout which can't be overridden. Then they can use the external cameras and sensors to decide if they want to extend the lockout for another 48 hours, then another 48 hours, and so on. If there was only two people in their they could stay there for weeks," says the Security bod.

"They'd still have access to the internet, and phones, and stuff?" the PFY asks, obviously contemplating – as am I – being in complete isolation from users whilst tucking into board members' food and beverages. Then there's the overtime and meal allowances that we could claim...

"Uh-huh," Security says. "They ran a bunch of data cables from the basement a couple of days ago, which was when the cabling guy tried to lock himself in - so they've disabled that until the big demo."

"The big demo?" I ask.

"Yeah, four of the board members are going to do the 48 hour lock-in as a promo for the safe room design company."

"With a pantload of food and booze, movie channel and all the comforts of home?"

"Uh-huh. The design company is paying for the whole thing and all they have to produce is a video diary."

Part of me is a little bit concerned I didn't exploit the "heightened danger" crap before this. I really have been off my game recently. The rest of me is just annoyed about missing out on that lock-in thing.

Two days later and the lock-in has begun. With all the hoopla that's surrounded it you'd think they were embarking on the first manned exploration of space. The board members' entrance has all the pomp and circumstance of The Right Stuff.

"This is not a good thing," the PFY says, as he rolls out the plans of the bunker once the actual lock-in has been triggered. "It's pretty impressive. I can't see any way that we can break in - the walls are three armoured tilt-slab layers thick with an oxygen-activated polymer cement in between that fills any cut that's made between the layers. I thought we could just cut the power cables but they've got a standalone generator with enough fuel for three weeks running."

"Yes, It really would make an excellent Batcave," I say, thinking fondly of the chunk of building the PFY and I once kept as our own. "If only there was a way to both prove it to be a bad idea and discourage reuse. If only..."

"!" the PFY gasps, seeing I already have an idea.. Ten minutes later in the basement level 2...

"Every plan has a flaw," I say to the PFY, "and a quick perusal of the plans yesterday uncovered it. Why do we never put server rooms in basements?"

"Flood risk," the PFY says. "But the place is sealed! We could flood the entire two basement levels and it would be fine. Besides, they'd turn the water off before it got that bad.

"We could" I say, "but we don't need to. Behold the comms distribution board for the bunker. Behold this very large stilson wrench!" >CRASH< >CRASH< >CRASH< >CRASH<

"Yeah, so?" the PFY says, "so they have no way of communicating with the outside world. Big deal."

"Behold my large and ugly stilson wrench," I say, walking over to a darkened corner of the basement. "BEHOLD this large and ugly valve." >SQWARK< >SQWARK< >SQWARK<

"They've got enough water to last them for weeks," the PFY says.

"Oh, this valve doesn't stop water coming IN," I murmur to the PFY "This valve stops waste water going OUT."

"And by waste water you mea... Oh you didn't!" the PFY gasps.

"Didn't what?" I ask. "Didn't isolate the building from the sewer so that the new lowest point for six levels of effluent is in that room? Didn't pay the cafeteria chef 100 quid to have a 'Johnny Cash 10th anniversary memorial chicken Vindaloo' as the meal of the day?"

"The Ring of fire!" the PFY gasps in hushed tones.

"I've not calculated the volume of the room, but I'm fairly sure it won't get higher than knee level."

"I..."

"Thigh if enough people go back for seconds." And the rest, as they say, will be history.

Choosing a cloud hosting partner with confidence

More from The Register

next story
Wanna keep your data for 1,000 YEARS? No? Hard luck, HDS wants you to anyway
Combine Blu-ray and M-DISC and you get this monster
US boffins demo 'twisted radio' mux
OAM takes wireless signals to 32 Gbps
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Google+ GOING, GOING ... ? Newbie Gmailers no longer forced into mandatory ID slurp
Mountain View distances itself from lame 'network thingy'
Apple flops out 2FA for iCloud in bid to stop future nude selfie leaks
Millions of 4chan users howl with laughter as Cupertino slams stable door
Students playing with impressive racks? Yes, it's cluster comp time
The most comprehensive coverage the world has ever seen. Ever
Run little spreadsheet, run! IBM's Watson is coming to gobble you up
Big Blue's big super's big appetite for big data in big clouds for big analytics
Seagate's triple-headed Cerberus could SAVE the DISK WORLD
... and possibly bring us even more HAMR time. Yay!
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.