Layer 8

Security is fundamentally about people, and everything we know about people is relevant to security. -- B. Schneier

BSOFH:  Security’s in the air.

Hardly anyone comes into my office, and if they do, they don’t stay for long.

My boss barrels halfway through the doorway, and then stops short as if he’s suddenly run out of leash.  “My god, what is that … smell??”

“Lunch,” I say through a happy mouthful.  “Gyros with onions, garlic, extra tzatziki, extra onions, more garlic, and garlic.”

“That’s enough to kill every werewolf within fifty miles of here!”

“Garlic is a vegetable,” I reply loftily, “and should be consumed in appropriate amounts.”

“But it’s not the garlic by itself.  What else is making it smell so bad in here?”

“Oh, that’s probably my new pine tar soap.  How do you like it?”

“Horrendous,” he says, and starts to make his exit.

“Would you rather I come to your office?” I offer.

“NO!!  I’ll send you an email,” he shouts over his shoulder.

Pretty soon he’ll give up trying to talk to me at all.

* * * * *

Another foolhardy visitor is soon there to disturb my lunch hour.  “Hi, are you the security officer?”

“Yep, that’s me.”

It’s a whiny intern, probably not more than 20 years old.  “I need you to fix my computer’s lockout policy.  It locks up after ten minutes, and it’s driving me crazy.”

“Work more,” I reply heartlessly.  “Then it won’t lock up.”

“But … I can’t even go to the bathroom without having to log back in!”

“Stop taking that one-handed literature in with you, and it won’t take so long.”

He turns pale, and without another word, walks out.  It was a lucky guess on my part, but it usually works with guys that age.  I make a mental note to go visit his workspace the next time the hallway cameras show him heading for the men’s room.  The old cat lady in the cubicle next to his is gonna get a love letter she’ll never forget.

* * * * *

I polish off my gyro wrap and start on the chocolate mints, just as an instant message pops up on my screen.  It’s from one of the HR recruiters, and it contains a very detailed, indecent suggestion.  I know it’s not meant for me; it’s for his newest conquest down in Accounting.  Management told me I couldn’t log instant messaging, but they never said I couldn’t create screen names that were common typos of coworkers’ existing screen names. 

“OMG totally,” I send back to him.  “Cant wait you big STUD!!1”

I turn my attention to the new programmer on the 5th floor.  She’s from MIT, and makes sure everyone knows it.  There’s nothing you can tell her about application development that she won’t either ignore or try to pretend was her own idea to begin with.  She managed to get her first build released without putting it through security testing, since she has her management believing that she walks on water.

But what they don’t know, but I do, is that she’s hosting half of the production code on her own workstation so that she can “tweak” it as she goes.  I use my domain admin powers to tiptoe through her C: drive, and replace a few choice files with ones of my own.  Pretty soon the VP of marketing is screaming for her head because our company logo has turned into … well, let’s just say an advertisement for the domain goat.se.  Release control, b33tch.  Use it.

It’s almost quitting time.  I take the latest draft of my new HIPAA c*mpliance policy, run it through Babelfish to translate it into French, then into German, then Japanese, then Urdu, and then back to English.  Right in time to take it upstairs to the executive C-suite and drop it off at the CEO’s assistant’s desk.  While I’m there, she starts to ask me about some lame problem having to do with her browser not letting her “log on to the Internets,” but then she thinks better of it after I stand next to her for five more seconds.

On my way out of the building, I drop my pager in the trashcan used by the smokers.  All of the SQL server passwords are set to expire at midnight, and it’s going to be a busy time for the sysadmins and DBAs.  They keep saying that security isn’t necessary, so I’m sure they won’t need my help dealing with the fallout.  I just hope they have a good stock of 22-character passwords ready, though, to comply with the new complexity settings I talked our auditors into requesting.  When you don’t show up for audit meetings, you wind up with a few surprises later on ...

Posted by shrdlu on Sunday, September 16, 2007
(5) CommentsPermalink blogmarks Favicon del.icio.us Favicon Digg Favicon Fark Favicon Furl Favicon Google Bookmarks Favicon StumbleUpon Favicon Technorati Favicon TailRank Favicon
Page 1 of 1 pages