- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
I know of no country on the planet apart from Best Korea where a private company can't build themselves a gaming server if they want to. They don't even need to use junk. They can gasp use the customer's used-to-be-own money to buy brand new high end parts (after they have provided the customer with the requested service/product, of course).
Sure, it eats into profits (although in this case very little profit, just electricity/bandwidth since the employees aren't doing anything with their time), so if you only motivation in life is money, perhaps somewhere else might make more sense for you.
Admin
That being said, one should always be alert for the type of criminal activity you are describing.
Admin
someone set us up the bobm
Admin
Just because the top slot is labelled "1" doesn't mean it's filled first. The rack can still be filled bottom up; the frankenserver had to be at the top, however, because it was being hidden by the false frontage of the cooling unit that is at the top.
Admin
Admin
Nothing seems to have changed over the years. I used to work in Investment Banking IT over 12 years ago and one day I followed one of the infrastructure guys into the engine room. I spotted a rack with a label on it saying "Big 1". I asked what machine that is and my colleague replied "Oh, don't tell anyone, this is where we have the mp3-collection.". The perks of the infrastructure department: massive pipe and control over the firewalls. Those were the days.
Admin
That was probably all made up by the anonymization. The gist is "there was a weird server where it wasn't supposed to be."
Admin
Reminds me of the days working at a FedEx data center.
Nearly 1,500 Solaris SunFire servers and this one little 'Linux' server who was running inside the shell of one. Contained on this box was one QuakeWorld Team Fortress (MEGA-TF) environment with hundreds of maps. All of the SAs, managers, network and development teams, at different FedEx sites would engage in a huge PvP war and it was up to the NOC team members to keep an eye on the box to make sure all was well.
I miss those days.
Admin
I remember that when we leave one of my previous company, we had a server named "Warcraft".
No, that's not a game server... It's a standby-production one that holds all kinds of important function like secondary email server, secondary fax server, secondary web server that would be automatically failoverred when the main one is defunc.
Dunno if there would be clueless staff who dump it because of that name... afterall the whole IT team left in one go and we just left some paper documents and we have no way to know whether the new comers have spent time to read them.
Admin
Well that's one way to make sure the monkeys leave the automated build server alone.
Admin
Admin
Admin
You're! Even bad English speaker like Nagesh know this.
Admin
I'm glad he found his notebook and pen unmuted.
Admin
So some employees took some obsolete spare parts and assembled a computer from them, which they then use to play computer games from home.
As ethically questionable actions go, this seems pretty low on the list. The parts would presumably have been thrown away anyway, so it's not like they're stealing something that the company wanted to keep. Indeed, they haven't removed the parts from the building, so if there was a need for them for some actual company work, they could just dismantle the game machine to pull the parts. If they're accessing it from home, that's presumably non-work hours. So where's the ethical violation? That they took up a few cubic feet in the server room for their game machine? I guess they're using some bandwidth, maybe that ends up costing the company something.
I'd put this on the same level as, "Two employees spent 20 minutes chatting about sports instead of working" or "Employee used company-owned pen and piece of paper from company-owned notepad to make a shopping list".
If my boss happens to read this, let me emphasize that I am speaking purely hypothetically here. Personally, I would never dream of taking a company-paid-for paper clip home, or of spending working time reading thedailywtf.com.
Admin
Well, you're assuming that he didn't recognize the caller's voice. Or, I suppose, that voices over the phone are distorted enough that someone could be impersonating a known employee.
But even assuming he was in a proper security mindset and was suspicious, how would it help a hacker for him to reboot a server? I can certainly see being suspicious of requests that could readily lead to a crime. Like, if someone calls and says he forgot his password and please reset his password and tell him the new value, I'd be very cautious about complying with such a request even if I thought I recognized the person's voice. Or if someone asked me to take a piece of valuable equipment outside and meet him in the parking lot with it so he can take it home, I'd be reluctant to do that unless there was some established company practice for borrowing equipment, etc.
I suppose anything odd COULD be part of a crime. But anything routine-sounding could be part of a crime, too. Indeed, if I was going to steal from my employer or vandalize company property for some reason, I would think I'd go to a little effort to make everything look routine, precisely so that I did not attract attention.
For that matter, if you do something calmly and confidantly enough, few people would be suspicious. I recall once I was banging away on my computer as usual when a stranger walked up and told me that the company was upgrading all the computers. So he loaded a number of our computers on a cart and wheeled them out. My only question at the time was what I was supposed to do about the data on my hard drive, to which he replied that they would be copying everything on our hard drives to the new computers. After he left it occurred to me: How do I know this guy actually works here and that he isn't a thief who just stole half a dozen computers, and we all helped load them on a cart so he could carry them out! Of course he came back an hour or so later with the new computers, it was all legit. But why did we just take that for granted?
Admin
This is the funniest troll I have ever read, no lie. It almost got me for a second. It's just so delightfully meta!
Admin
Social engineering requires taking account of the possibility that you won't succeed at first try. If your initial request is, say, to have the admin password reset, then a failed attempt gives the whole game away. So ask for something else first, and when that request is granted you know you've got your victim hooked.
Rebooting the server is the first request. His willingness to do it shows he believes the hacker's false identity. The hacker, having successfully requested a more significant task, can then go on to request an apparently less significant one - such as resetting his "forgotten" password.
Admin
Rebooting the server is the first request. His willingness to do it shows he believes the hacker's false identity. The hacker, having successfully requested a more significant task, can then go on to request an apparently less significant one - such as resetting his "forgotten" password.
First, you will notice reading the story that Jeff did not 'identify himself as an employee'. He didn't identify himself at all, so presumably, it was someone that Ryan identified from voice, and thus presumably was someone calling that he worked with all the time. So pretending that this could have been some hacker calling up is absurd...Ryan knew damn well who it was.
Second, Ryan was the graveyard shift in charge of the server room, which meant rebooting servers was his job. This wasn't someone calling up asking for something outside of Ryan's scope, or some request to do something weird...Ryan is supposed to sit there and take 'out of the blue' calls (from recognized people) to reboot servers that have fallen over.
Now, he'd been asked to reboot a server that did not, apparently, officially exist, and was well hidden. Which was very odd, but it was a server in the server room, and thus entirely under the scope of his job.
The only caveat is the the email guy is asking him to reboot a server that, as far as he knows, isn't an email server. Of course, it could be a email server, he has no idea. He does know it can't be one of the critical servers.
At this point, Ryan either has some crazy conspiracy theory that requires some very important server being hidden physically and documentation-wise, which rebooting will somehow break, and the trusted email admin is actively attacking the company with his unwitting help, leaving a very obvious trail back to the email admin (As opposed to him walking into the server room and breaking CORPSRV1818 secretly, or just sabotaging, duh, the email.)...or there's simply some random unimportant server in a very odd place that Ryan doesn't know about which has stopped working.(1) One of those is only the choice of people with paranoia delusions.
Admin
No wonder their pathetic attempts at social engineering fall down flat. When real social engineers see a mail server they use a femail client. And vice versa.
Admin
Reminds me of the time my team upgraded a certain nation's Air Defense operations centre many, many years ago. It was the first time their system had an intranet (instead of point-to-point async connections), several days before commissioning and 'go-live' we found that the techs had installed Wolfenstein and were running it during the nightshift. Needless to say, that got deleted fairly quickly!
Admin
TRRRWTF is that they called it position 1. By any decent indexing system, it should be 0.
Admin
Haha, we call ours the "collaboration server".
Admin
mmmm... quake while we did always have netquake and qw servers at my jobs in the past, my favorite was the public facing qw server we had running at my high school.
Admin
He says in Rack N, row 1.
Admin
reminds me of a scene in the comic strip "Retail" where a worker took a bunch of surplus chairs and tables and set up a private coffee shop on the roof of the store...