Security fail #2: badge problems solved the old fashioned way

Back at my old job, we had a “Configuration Center.” It was an area that was dedicated to unboxing and building/deploying new desktops and laptops for an agricultural/construction equipment manufacturer.  When a good portion of the downstairs area was remodeled, our entryway got a magnetized security door which was opened by our access badge on the outside and a via a metal panel on the inside which was activated by touch capacitance.

One day after the remodel, everyone else was either out to lunch or deploying computers and I had to get in ASAP – and of course, I forgot my badge inside.

The doors were secure enough, but there was a gap on the hinged side.  Seeing this, I grabbed a wire hanger from a nearby office, bent it at an angle and slid through the opening by the hinges…I then turned it and tapped the panel – then heard a satisfying *click* as the door unlocked.  I had to do this a number of times (yeah, I’m forgetful) during my tenure there.

The sad thing is that door was monitored via camera by the on-site security group, and they were right down the hall (like 30 feet) from us.  Did we ever get questioned as to why we were getting in the room that way?  Nope – far as I know, the door is still set up that way.

Picture Source [Elsie esq. (CC)]

Security fail: This is a a story right out of “Get Smart.”

We had a printer repair contract with a company that did work for Uncle Sam. The new building there was to be a secure facility when it was completed. In about the center of that facility, was a room it had a raised computer floor and TWO hand print activated doors to go through to get into it. You walked up a ramp, the guy palmed the outside detector, the outside door opened, you went in to a tiny room, the door closed, he palmed the inside detector and the inside door opened. For the time it was cutting edge technology. Cutting edge technology that often failed.

On my first visit to install a printer, I was lead to the “computer room” and he palmed the detector. The outside door opened. We went inside, the outside door closed. He palmed the inside detector and nothing happened. several attempts later, he said “…this happens a lot.” grabbed the computer floor carpet square grabbers, lifted a floor tile up, we crawled to a location marked on the floor, pushed up the panel in the “secure” room, I installed the printer and we exited the same way. The thing that got me was, as we were exiting, he said “Usually they BOTH fail and we have to crawl all the way out to the door in the ramp.”

The ramp is also made of computer floor pop-out squares. You can crawl in and out past BOTH palm print reading doors.

Secure. Yea.

Of course when it went online, you were preceded and followed by armed guards who yelled “UNCLEAR” every step and there were flashing yellow lights all over the place indicating that there was an unclear on the premises.

Talk about feeling like a leper.

- Thanks Riley, sorry for the delay in posting this! – Rob

Lessons in IT: When IT pros go bad

#1: Tell someone else who knows what they’re doing before you fire someone who can damage the company.

A former job, right before I was hired the previous IT manager did a little sabotage after leaving (They think he was looking for contract work, but still illegal and immoral). They found the problem, fixed it, and changed all the passwords. He also deleted all his files from everywhere. Fortunately the new IT manager knew he was going to do that and backed up everything a couple of weeks before he quit.

#2: Always back up your network device configs (or really, always back up your data).

When our Network Admin left, he changed all of the password on the firewalls and switches, which we had to reset and reconfigure. He was an utter d-bag who got mad because he was being replaced. The reason he was being replaced – Changing the owners account password as a prank, it sure went over well.

#3: Compensate your employees and quit with the sexism already.

You know I did work with someone who did a similar thing. She programmed Cobol and was good, I mean really good. I learned a lot working next to her for about a year. The management was all male and white, this was the year 1993. They treated women badly and she was no exception. Overworked, under paid, no respect. You get the pic.

So she toils away and works her butt off putting up with BS the whole time. Finally a good job came through at another programming shop and she took it. Gave them a full month’s notice. Worked diligently until the last day. Told them to call her if they had any trouble, she documented pretty good, we had walk-thrus in those days. No documentation meant your code did not get out of the test environment. So, any decent programmer could figure it out given time.

She said call me if anything goes wrong or you want some advice after I’m gone. The dumb-ass manager would definitely need it because he did not understand her worth to the company. She gave them a # to dial to get her but it went to a Dial-A-Prayer hotline.

via: [Spiceworks Community]

Picture Source: [Sean MacEntee (CC)]

 

The ‘smack technique,’ it works for computers too…

Back in the 90′s I was working for a large manufacturing corporation. In these days, we were still transitioning over to ethernet from token-ring, and as such, we had a token-ring gateway sitting on the shelf of our room. This actually was a PC running software on an IBM Model 30…this was in the days of Pentium 90′s, so even back then, a Model 30 was dated technology.

One day early in my tenure there, my manager wanted to show me how robust the token-ring gateway was…so, as a demonstration, he flipped the power to the gateway off, waited a few moments, then flipped it back on again. To his surprise, the entire network segment did not come back up as expected.

He sat at his desk performing all sorts of network diagnostics, and just couldn’t determine what was going on.  I mentioned to him, “You know, this thing doesn’t sound the same as before when you shut it off…it’s a lot…quieter.”

Turns out I was right: this computer had been powered on for years (which in itself, is a testament to the robustness of the IBM gateway software and hardware)…as such, the drive motor had worn so much that the brushes didn’t provide enough (forgive me for my lack of electronics knowledge) “torque” to get the drive spinning.

My manager walked up to the PC, gave it a hard SMACK against the side of the case, and the drive spun up, ever-so-slowly, but eventually made it up to speed. He flipped the power off and back on quickly enough so the drive didn’t spin down totally and the network segment was back up and running within a minute.

Needless to say, that thing was replaced the following weekend.

Picture Source: [Random McRandomhead (CC)]

Slow and steady wins the race?

Republished with permission from the Daily WTF:

A few kilometers left on Ruta Nacional 128, a brief stop at a control policial, a short trip down the unpaved Calle 33, and just like that, Sergio was at his destination. It was a top-secret Argentinean Government Facility.

Now, before you get all excited, let me say that this was not the fun type of Top Secret. There were no alien spaceships, super weapons, or mind control devices. No, there were just maps. Lots and lots and lots of maps. Sergio’s job was to help digitize them.

Being the youngin that he was, Sergio’s role wasn’t to analyze, design, or even program the requirements. That’s what Highly Paid Consultants are for. Sergio’s role was to work with end users for the day and help support the system that the HPC’s had already built.

The System was an amalgamation of scanners (there were two large-format ones), printers (several laser and one giant plotter), workstation galore, servers (scanning, printing, file sharing, etc), and of course, a whole bunch of government-employed cartographers.

As Sergio learned from his brief tour, one team was dedicated entirely to Scanning. They’d carefully slice up the large 6’-by-4’ maps into pieces that would fit in the scanners, scan the map pieces in to the file server, tape up the originals, and then return it to the archives.

Another team was dedicated entirely to Digital Slicing. Even with top-of-the-line 1996-hardware, the files generated by the hi-res scanner were far too big to be used and needed to be split into smaller chunks. So, this team would spend their days taking files from the share drive, slicing them up in Photoshop, and then put the resulting 10-20 files on another share drive.

And there was the Indexing Team. Actually, a more apt name would be Gustavo, the retired military sergeant. Despite being in his late 50’s, Gustavo could easily tear a phonebook in half with his pinky fingers and was not a bit modest about his massiveness. He was a gentle guy (so they said) and spent his days hunched over a workstation, creating the spreadsheet that would serve as index for the tens-of-thousands of digitized map files.

Out of all of the cartographer’s jobs, Gustavo’s was the most tedious. And it sure showed; he had an almost indescribable aura of despair. To create an index of a directory of files, Gustavo used the following process:

  1. Take a screenshot of the Windows Explorer file list with the Print Screen key
  2. Paste the screenshot in a new image inside Photoshop.
  3. Crop the image to the file names only.
  4. Save the image.
  5. Open the cropped image inside an OCR program and run the optical recognition.
  6. Copy the resulting text to an Excel Spreadsheet
  7. Scroll down the Windows Explorer vertical scrollbar to the next page or choose another folder
  8. Repeat

Now, up until this point, Sergio had witnessed a lot of inefficiency. Couldn’t they buy a bigger scanner? Couldn’t they use a tool to split up the files? Couldn’t they at least write a script to generate file lists? He had to speak up.

“Hmm,” Sergio broke in, “surely you can do this much quicker!” Gustavo glared back at Sergio and slowly shook his head. Without saying a word he offered up his seat and motioned towards Sergio in a so-you-really-think-you-can-do-better sort of way.

Sergio took a seat and started typing. He went to the DOS command prompt and typed in a single command:

dir *.tif > filelist.txt

Sergio opened up the file and started narrating as he worked. “See, you’d open the file like this, copy the text over to Excel like that, and then just run the data split command. There ya have it!”

He slowly turned back to Gustavo, half-expecting to be showered with praise and gratitude. Instead, he saw a completely terrified face. The usually stoic, geriatric hulk just stood there, mouth agape, as if he had just witnessed his own horribly painful death.

And that was when Sergio realized something. He had accomplished in thirty seconds what would take Gustavo a full week to do. That’s not so good for a useless guy in a useless government position, and certainly not so good for a young know-it-all’s health and well being inside of a top secret government facility.

Before Gustavo’s fear blossomed into anger, Sergio quickly closed the DOS prompt and jumped out of the chair. “Err, umm,” he stuttered, “I guess you can manage, though” He added, as he hastily walked away, “just let me, uh, know…”

After Sergio’s support day had ended, he headed back home, hoping that his “dir” secret never made it past Gustavo’s desk. He had to return a few months later for support and happened to walk past Gustavo’s desk.

Gustavo was still there, hunched over his workstation, still doing his Print Screen trick. Sergio nervously nodded hello and Gustavo glared back, still not saying a single word. It was okay, though; they had an understanding. The “dir” secret was safe with Sergio.

via: [The Daily WTF]
Picture Source: [Soupmeister (CC)]