Announcement

Collapse
No announcement yet.

IT Security & BOFH- a fun combination

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • IT Security & BOFH- a fun combination

    For IT security, ganging up with the data protection people is fun.

    For this recipe, you will need:
    2 evil bastards, 1 BOFH flavour, 1 security flavour.
    1 numpty, any brand will do, but sales types are often the easiest to bait.
    1 spare laptop, containing every app the numpty will need, pre-installed.
    1 understanding boss, primed and ready to defend.

    *When numpty reports a laptop problem, offer to come right over to look.
    *Take your spare laptop to their desk, ask them to log in here to check their account is OK.
    *When logged in, drop spare on desk, pick up "their" laptop and prepare to make off.
    *At this point, you should hear a whining noise, complaining about "their" stuff, which, if you whip them up into a foam, they will claim is absolutely essential to the business, nay life itself.
    *Add two drops of liquid smug, and ask why such "essential" stuff is kept on this laptop not in the places it is supposed to be kept, namely the CRM/content store/whatever you have, and has no backup, no resilience, no failsafe. USB sticks don't count as they will keep that in the same bag as the laptop...
    *Whatever excuse is offered, ask when that was reported, signed off and approved, and by who, since they are now responsible for the problem.
    *Offer to garnish their explanation to the risk/compliance/line manager, adding that if the laptop was stolen not broken, they'd have been up the creek royally, and they now have a working laptop.
    *Leave to stew for the time it takes to fix the laptop.

    SERVED.

    This only really works in big companies, when your boss has your back, preferably after numpty's boss has been told about the problem, and inevitably has told IT (you) to fix it.

    It's also only worked once, as word spreads fast. But it's fun.

  • #2
    Yessss, the bastardry is delicious.
    PWNADE(TM) - Serve up a glass today! | PWNZER - An act of pwnage so awesome, it's like the victim got hit by a tank.

    There are only Four Horsemen of the Apocalypse because I choose to walk!

    Comment


    • #3
      Quoth Jay 2K Winger View Post
      Yessss, the bastardry is delicious.
      ...and now I've got a new sig.
      Fool me once, shame on you. Fool me twice, you speak with the Fraud department. -- CrazedClerkthe2nd
      OW! Rolled my eyes too hard, saw my brain. -- Seanette
      she seems to top me in crazy, and I'm enough crazy for my family. -- Cooper
      Yes, I am evil. What's your point? -- Jester

      Comment


      • #4
        Wait, you mean this isn't SOP for IT guys?

        Dang, I've been giving it away for free all this time....
        The Rich keep getting richer because they keep doing what it was that made them rich. Ditto the Poor.
        "Hy kan tell dey is schmot qvestions, dey is makink my head hurt."
        Hoc spatio locantur.

        Comment


        • #5
          Quoth Geek King View Post
          Wait, you mean this isn't SOP for IT guys?
          Well, yes, but the recipe is exacting. Do it wrong, and sales numpty will have sales boss order you to do what they ask, not what they need.

          Remember the rules of evil,
          1) Don't.
          2) Don't get caught.

          Comment


          • #6
            Why not set a group policy to prevent saving locally?
            I will not be pushed, stamped, filed, indexed, briefed, debriefed, or numbered. My life is my own. --#6

            Comment


            • #7
              Quoth bunrotha View Post
              Well, yes, but the recipe is exacting. Do it wrong, and sales numpty will have sales boss order you to do what they ask, not what they need.
              Followed, roughly a month later, by a very angry sales boss calling your boss and demanding that you be fired because you replied to a (in the opinion of sales numpty) perfectly reasonable request to recover an essential file whose only copy was on sales numpty's laptop (that got stolen) with "that's impossible".
              Any fool can piss on the floor. It takes a talented SC to shit on the ceiling.

              Comment


              • #8
                Quoth Captain Trips View Post
                Why not set a group policy to prevent saving locally?
                That would be ideal. But, you sometimes get (l)users that bitch when the server is being worked on...and they can't get to their "important" documents. Same (l)users will sometimes insist that they don't want coworkers to be able to access their stuff.

                I work with someone like that. Sarah is notorious for not saving her crap on the server. Er, did I mention that she's managed to kill 3 computers since being hired? Every now and then, her computer starts throwing out BSODs, and I have to mess with it. Pain in the ass, because I have to search the entire drive for her "important" documents, transfer them to the server, and then restore her computer to its pre-BSOD state.

                Annoying as hell because...

                1. The server is more secure.
                2. The server's data is backed up every night to a mirror.
                3. The server is backed up twice a week to DVD-RW.
                4. I'd rather spend my time doing actual work, instead of looking for obscure documents that are never used, and rarely looked at.
                Aerodynamics are for people who can't build engines. --Enzo Ferrari

                Comment


                • #9
                  Quoth protege View Post
                  That would be ideal. But, you sometimes get (l)users that bitch when the server is being worked on...and they can't get to their "important" documents. Same (l)users will sometimes insist that they don't want coworkers to be able to access their stuff.
                  This is when management should do what it's supposed to do...
                  No trees were killed in the posting of this message.

                  However, a large number of electrons were terribly inconvenienced.

                  Comment


                  • #10
                    Quoth BeeMused View Post
                    This is when management should do what it's supposed to do...


                    Oh that's the funniest thing I've hear this month so far.
                    I AM the evil bastard!
                    A+ Certified IT Technician

                    Comment


                    • #11
                      At my work, they sent an email that said something to the effect of "all documents you need must be backed up via CrashPlan."

                      I took this to mean I should have no qualms about backing up things like my outlook archives and my case folders, both of which can get very, very large. After all, I was highly annoyed when my external drive (where I keep said stuff) failed and I had to re-download all the tech-info files for my active cases...
                      Supporting the idiots charged with protecting your personal information.

                      Comment


                      • #12
                        Quoth wolfie View Post
                        Followed, roughly a month later, by a very angry sales boss calling your boss and demanding that you be fired because you replied to a (in the opinion of sales numpty) perfectly reasonable request to recover an essential file whose only copy was on sales numpty's laptop (that got stolen) with "that's impossible".
                        Sadly, yeah. That's when in an ideal world, IT boss whips out the paperwork and case history, and indulges in a bit of institutional terrorism*. "So, the numpty was told on X date and you over-rode it, which means that you, oh salesdroid-in-chief, authorised a deviation to corporate policy outside your domain, without consulting somebody who knows about this stuff, and now it's bitten you in the arse. You are not pinning this on me, or my staff. You can do one, and I will be filing a report to the CIO about failure to abide by controls. You know he loves witch-hunts." Sadly, most managers won't play that game, unless they're a week from retirement.

                        *Institutional terrorism is playing exactly by the (normally unworkable) rules. You know how the pre-cursor to a strike is often a work-to-rule, and how disruptive that can be? Imagine what happens if you follow each and every policy and rule to the letter, including reporting everything you should report, doing every piece of paperwork and check you ought to do, doing nothing that's not prescribed and required, refusing to go against any policy or rule, rule lawyering everything, and generally playing the system against itself. Great way to annoy managers, but if you play, you must play impeccably well as they'll be looking for infractions to hang you with.

                        Comment


                        • #13
                          Quoth bunrotha View Post
                          *Institutional terrorism is playing exactly by the (normally unworkable) rules. You know how the pre-cursor to a strike is often a work-to-rule, and how disruptive that can be? Imagine what happens if you follow each and every policy and rule to the letter, including reporting everything you should report, doing every piece of paperwork and check you ought to do, doing nothing that's not prescribed and required, refusing to go against any policy or rule, rule lawyering everything, and generally playing the system against itself. Great way to annoy managers, but if you play, you must play impeccably well as they'll be looking for infractions to hang you with.
                          A former CW called that 'malicious obedience'
                          Smile, or I'll smack you silly!
                          At what age does a vampire become a crazy old bat? :[

                          Comment


                          • #14
                            Quoth vikingchyk View Post
                            A former CW called that 'malicious obedience'
                            Or as His Grace, The Duke of Ankh, Commander of the Ankh-Morpork City Watch, Lord of Ramkin Hall, The Blackboard Monitor, Sir Samuel Vimes would put it:

                            "Obeying orders to the letter, with gleeful malignity."
                            PWNADE(TM) - Serve up a glass today! | PWNZER - An act of pwnage so awesome, it's like the victim got hit by a tank.

                            There are only Four Horsemen of the Apocalypse because I choose to walk!

                            Comment


                            • #15
                              Quoth vikingchyk View Post
                              A former CW called that 'malicious obedience'
                              TVTropes calls it "Bothering by the Book".
                              "Crazy may always be open for business, but on the full moon, it has buy one get one free specials." - WishfulSpirit

                              "Sometimes customers remind me of zombies, but I'm pretty sure that zombies are smarter." - MelindaJoy77

                              Comment

                              Working...
                              X