What were they doing with an expensive photo capable printer in 1989?
With the gateway to the weekend upon us, it is time to crack open the On Call files once again to enjoy a tale from one of those brave engineers at the front line of the tech world. Today's story is from a reader we'll call "Sven" and, for a change, is almost an anti-on call since it concerns what can happen when the all- …
Yeah, us too.
We found that it was necessary to bugger the printer a bit and smear Vaseline on the digicam lens to get 'em to look like real African IDs but, once you get it right, there's a shitload of cash to be made ensuring the right person gets elected in that part of the world.
Yes, but it may depend on the business, remember how much expensive was a color printer in 1989, plus the hardware/software to use it. Maybe they were also developing other kind of software, that would also justify the digital camera, another expensive device for the times.
Yet coupled with tracking cash deliveries, and a missing base station, makes you think... <G>
This company wouldn't have been based in Swindon somewhere to the North near the Moonrakers pub would it?
Perhaps even sharing a building with another branch of the same company that did offshore surveys (Positioning equipment being the common thread here) & the staff car park opposite Marconi.
Most of that year was spent on board ships & rigs, enjoying Cornwall & the Isles of Scilly & its pub's, so I have no knowledge of what went on in their half of the building during my frequent absences or indeed when I was there, but it wouldn't surprise me to learn this was the same place.
There are legitimate uses for high quality printers in business other than printing "holiday pics".
Lots. But printing holiday pics only gets expensive if your on some particularly stupid maintenance contract where the person signing up agreed to take a copier worth £2k in it's box from the manufacturer in exchange for paying 10p per sheet, making a single box of paper cost 10p * 2500 sheets = £250 per box of paper printed. Print 8 boxes of paper, and the copier has paid for itself for the maintenance company!
Companies with this sort of negotiating skill and financial acumen (usually only found in government or really big companies) then do either metaphorically or literally hire armed guards (at additional cost) to keep the usage on their colour printers down.
Meanwhile, in companies with working calculators you just go and buy your own copier outright or on lease and run it on compatible cartridges (usually around £20ish, unless your particularly bad at just saying "i'm buying that elseware" and doing it if the supplier tries to screw you.)
Most copiers do 20-30k sheets per cartridge. Let's assume the low end of the cartridge size for sake of argument, shall we?
£20 = 2000 pence 2000p/20,000 sheets = ~0.1p per sheet. Even if you assume that your printing equal amounts from 4 cartridges (Cyan, Magenta, Yellow, BlacK) that takes us up to the heady heights of 0.4p for the toner. Paper is more expensive; at £2.90 per ream of 500 sheets that's 0.58p per page. So a colour sheet costs at max £0.098 per sheet. Yes, that's almost, but not quite one penny per sheet.
As a result, our company policy on using work equipment for personal use can be summed up as "not in work time please, otherwise we don't care unless your doing large print runs; in which case please ask first". The "please ask first" thing because if somebody wants to print 500 multi page stapled leaflets using the finisher unit for their school's sports day or whatever then we'll happily do it if we can get away with adding our company logo and "$companyname supports $event in our local community" somewhere as prominent as we can get away with. Like the frontpage, and footer of every page.
We get free brand advertising, (ok, costs <£20; meh? 2 people discussing it for half an hour would cost more than that!) and the event get free leaflets.
Users happy. IT Happy. Marketing happy. Beancounters happy. Management happy. Local community happy. The entire thing pays for itself as soon as a single customer gets influenced by it.
Win win for everybody concerned with a minor modicum of sense in purchasing as it's obvious that the cost (both financial, management time and good will from staff) of trying to prevent the users from occasionally costing the firm a tiny, derisory sum would be so disproportionate as to be outright absurd. It also encourages staff to work with each other, rather than around each other as in the article where the boss figure ends up spending hours of work time that he is getting paid for to find a way of circumventing security measures to get a few pictures printed!
It's unbelievable how much time is diverted from doing something useful into pointless, petty authoritarianism by people who then seem to have no idea why their work environment ends up a toxic mess.
When I worked for Xerox they had a Hell color scanner (not profanity but a German company) and a complete manual dye transfer color printing system. I did Christmas cards on it (25 copies), about 20 minutes a copy. Everything was timed for the various dyes (Cyan, Magenta, and Yellow) so you were kept really busy cycling the negatives through the various dyes and printing them on the final product.
Produced some better than photographic quality pictures though.
Instead of using logic, just make it even more illogical and make it so each time that you print, you have to add the project id that you are charging the printing to and the password, so all gets logged and those overpriced prints are attributed to your project.. and at that point as a project manager you wonder if it would be cheaper to buy a printer and pay it with your project funds.. (yes, it is, and no, you are not allowed to do it).
I don't know where you got your numbers; when I was in college in the late 1990s, the late 1980s vintage Color LaserWriter they still had tooling away in there, the cost was probably close to 25 cents per page for color. The color toner was not cheap, and the printer was not particularly efficient with toner usage. I guarantee you were not going to print color for 1 cent (or 1 pence) per page on something of that vintage.
Not having to deal with the printer mafia (those maintenance companies that do nothing except send bills) is also a big advantage.
But don't forget to only get a printer that has toner in a plastic tube, not the lexmark replace-it-all multifunctional, for instance.
Most copiers do 20-30k sheets per cartridge
Love to know what copiers you are talking about. I've worked with lasers from SOHO to huge corporate, since the very first LaserJet - HP, both KMs, Canon, Gestetner, and others I've forgotten about, and never seen a machine that got more than 2,000 pages from a cartridge.
Love to know what copiers you are talking about.
Pretty much any floor standing photocopier since the nineties? random example pulled from a hat:-
The bigger the machine, the bigger the cartridge. The bigger the cartridge, the cheaper it gets. Counter intuitive, but a photocopier is cheaper to run than a desktop laser. The bigger the rollers, the larger surface area they have. The larger the surface area, the longer the rollers last in service. Twice the size in diameter is much more than that in surface area.
As to which lasers print as many as 2k sheets per cartridge: I just checked what HP's standard desktop laser at the moment is and it's this:-
HP Color LaserJet Pro MFP M281fdw
With this "high capacity", eg "not half filled" cartridge:-
Says it does 2500 sheets. And I wouldn't touch a desktop laser with a bargepole precisely because they are so pathetic with print yields, and expensive maintenance hogs When it comes to printing, bigger is better.
And buying cartridges in bulk can lead to surprising price reductions; suppliers will go well below the RRP for the business if you order a quarters worth of cartridges at a time. (and when I say well below the RRP, I have seen suppliers go under half the RRP without squealing particularly loudly, leading me to think that they were still making a comfortable profit on the trade price)
Just to add, a second hand office colour copier of eBay cost me less than buying a new desktop laser. It came with a couple of spare toner cartridges, but enough left on the installed ones that I've not yet needed to use them.
For our usage pattern, maybe half a dozen sheets a week, with the occasional several hundred pages leaflet run, it costs us effectively nothing. Plus it does A3! It probably costs more in electric keeping it on standby than it does in paper/toner. Whereas an inkjet would dry up between uses and need a new set of inks every time due to repeated cleaning cycles..
If you've got the floor space, yes, bigger the better!
Not quite as bad, but in an office I used to work in, which dealt with some sensitive stuff, every door throughout the building had an electronic lock activated by a proximity card, and all movement was logged and checked regularly, and only certain staff were allowed in certain parts of the building. At the side of each door on the inside, were safety release buttons which disabled the lock, so that should the computer controlling the locks ever fail, people would not become trapped. Use of these release buttons other than in an emergency was a disciplinary offence.
The Chairman of the company had a nice plush office in the building, and the door to the office also had the same locks, but he wasn't in the office every day, just made occasional visits. EVERY BLOODY TIME he came into the office, he used to use the safety release buttons as he walked round the building, unlocking all the doors so that he didn't have to bother with his proximity card.
...were safety release buttons which disabled the lock...
The company I worked for leased a newly built building (actually, built to their spec) that had similar electronic door locks that you opened with proximity cards. All good and well, except for the fact that it had no override/safety release buttons, nor battery back-up for the locks, with the result that in the case of a power failure, no-one could go through any door. It just so happened that we were in the midst of two-hour rolling black-outs (or load-shedding schedules, as it was called at the time) that could strike at any moment (they later implemented scheduled times for load-shedding, so one could prepare).
The first time I was caught behind a door (luckily for me on the opening side), I saw that a thin piece of sturdy material (like a credit card or a thin piece of metal) could open the lock by sliding it behind the bolt and then just moving it downwards. So I permanently kept one of those metal covers that one found on the backs of computers that covers the expansion card slots in my pocket. It also helped that all the doors on the floor I worked on opened inward, so it was a cinch to get out.
Cue the uproar when I in all innocence mentioned (in a meeting) that the building was not secure, since one of the back doors could be opened from the outside in a similar way (this was before it became general knowledge that I was the go-to guy to open locked doors). No-one would believe me, as the installers/suppliers had assured them that this system was ultra-secure and that there was no way anyone could go through a door without using a card and that all movements through doors were logged. The logging system, however, could only log card presentation events, not actual opening of locked doors without using a card.
They only believed me after I gave a live demonstration that it took all of five seconds to open any of those super-secure doors.
AC for obvious reasons (even though this took place more than twenty years ago).
Two obvious issues with that one :
1) no manual release would have dreadful consequences if a fire broke out and shorted the power before everyone could get out
2) they forgot to consider all possibilities of manually opening the doors, such as something to prevent the bolt from being moved outside of an order from the proper process
Thankfully, the company that made those doors only end up being ridiculous. They could have ended up being charged with manslaughter and someone would have gone to jail for a long, long time. Which would have done nothing for the people who had died.
and someone would have gone to jail for a long, long time
Perhaps in the UK. Unlikely in the USA. After all, both Ford and Chevrolet have made vehicles that their manglers demonstrably KNEW were unsafe. (This was proven by "smoking gun" memos produced in court that showed it was cheaper to pay off the family members of their victims than fix the problem). People were killed by these unsafe vehicles.
The corporations ended up paying some cash out in the lawsuits, but I don't recall anyone getting banged up for it. I strongly agree that those managers should have been imprisoned, and not for manslaughter, but for first degree murder because they knew in advance people would die due to their malfeasance. They just didn't know who. I see little difference in the "ethics" of those managers and someone who plants a bomb in a public place. Bombers usually don't know exactly who their victims will be, either. The manglers could perhaps be even worse from an ethical standpoint, since they're murdering innocent killing people for their own profit, rather than some misguided political cause.
Of course, any county district attorney who brought such charges could expect to face a "dream team" of top gun lawyers from all over the nation. The defendant would almost certainly be granted (high) bail, but the corporation would likely foot the bill, so they'd be free until the trial was over and they were found guilty.
Meanwhile, the trial would be delayed for years by one pre-trial motion after another. The district attorney who brought the charges would likely have to run for re-election before the trial started. His opponent in that election would likely receive some VERY sizable campaign contributions from many hard-to-trace sources. After the election, the new district attorney would probably determine there was insufficient evidence and drop all criminal charges.
See also, Goodyear knowingly selling unsafe tires.
We had something similar and when it was pointed out TPTB had all the doors fitted with thick metal plates around the lock so you couldn't slip anything past the bolt.
We recently had a audit by a security team ahead of a government contract and, in passing, I happened to mention we had a couple of cupboards with combination locks that were unusable because no one knew the combination... it took them 10 mins to open the first and another 5 for the second!... only thing found inside was a roll of preprinted labels
(we still don't use them because of the faffing about getting them open... what with the dodgy eyesight and DTs from years of debauchery)
We used to have PIN locks on the doors here until one night when the boss came back for something and 2 ne'er do wells walked straight in afterwards. They then walked straight into the main showroom where they proceeded to steal absolutely nothing until one of the girls who was working late came in via the other door to see them in there.
Anyway, instructions went round to change the codes on all the doors because clearly they must have known the code or worked it out, until I pointed out that you could open all the doors just by sliding a thin screwdriver down the back of the locks from the outside to pop them open. Now we have a proper proximity system on all doors, that also lock the main doors in case someone comes back at night and leaves it unlocked behind them.
@AC "electronic door locks that you opened with proximity cards. All good and well, except for the fact that it had no override/safety release buttons, nor battery back-up for the locks, with the result that in the case of a power failure, no-one could go through any door."
Not sure if you're in the UK, but if you are/were I'd draw your attention to The Regulatory Reform (Fire Safety) Order 2005, paragraph 14.2.(f)
(f)emergency doors must not be so locked or fastened that they cannot be easily and immediately opened by any person who may require to use them in an emergency;
The doors you mention don't meet the legislative requirement (even if you could get them open with your handy tool). I know you were talking 6 years before this legislation came into force, but it's worth knowing. At the current "paulf & co" the fire alarm and evacuation provision is, to use the technical term, a Shit show, so I've been doing some necessary digging to check what the law says. In the UK the emergency release for access controlled locks looks like a "Fire Break Glass" point but is green instead of red.
If you were in The Land of the Free(tm) then all good, carry on.
I used to work for a security consulting company, where government work required quite a bit of physical security. This meant things like proximity cards everywhere, with a man-trap at the main entrance, and cameras covering all but the washrooms. There was also this eerie background mumbling noise from speakers, to make it harder for other building tenants to listen to conversations.
We had a couple fun incidents that come to mind, with being located in the inner city. Once, a couple of inebriated glue-sniffing gents managed to tailgate as far as the man-trap, where they got stuck. No way in or out, no windows, and just enough room for the two of them. Eventually they noticed and used the blue fire-style pull station that was used for emergency egress, while also setting off the alarm. Needless to say, our people had a great time checking out the camera footage later.
A couple others got into a basement break room, since the windows turned out to be not built to spec. The outer glass could be broken of course, but the plastic sheet on the inside could also be pushed in at the bottom to get in and drop down. They proceeded to ransack the place, leaving blood everywhere due to the broken glass on the way in. One was hanging on to the ceiling projector and trying to yank it off, when he saw the camera. They did manage to get out, but it took a while because that plastic sheet had again flexed back into place, not leaving anything to grab it by.
A few years ago I stepped outside our front door and closed the door behind me and realised I was wearing the Wrong Trousers, the ones without my house keys in there. The door had a key operated dead bolt and a Yale lock. The Yale had engaged.
Fortunately I had access to my garage workshop. There was of course a strip of wood protecting the lock but a chisel pried that out far enough to insert a metal card scraper. I had to tap it with a hammer to move the bolt of the Yale but it worked. I tapped the strip of wood back into place and learned my lesson.
Now we have a modern metal framed mutli-point locking door with one key and you have to actively lock it when going out. Wrong trousers? Nae Bother, just pinch the key from inside the door. The one with the old French Franc drilled as key fob.
Oh and the garage workshop has a working lock on it now. Thinking of hiring an SDS drill and installing one of those bollard stops to prevent the garage door opening. Need to drill the concrete pad to install it.
I presume your door doesn't have a hole through which letters are delivered. You're advised not to keep a key next to the door anyway. For instance, an unwisely allowed visitor could swipe it. But the letterbox and a long twisty wire can be used to find and extract your keys.
I suppose that by now they also could post a flying drone into the house to fly around doing such things, and more.
I think I got mice because I left the door open in hot weather, although authorities say they're good at finding or making gaps for their entry. They don't need much at all.
When I was working in Site Services Department of a large electrical manufacturing company, we shared the site with four other companies. I was in charge of the locks and keys for our quarter of the site, so if anyone wanted to change offices, they had to come to me to issue them the key to their new office and take their old key back in exchange. This became rather monotonous, as offices were always being changed. One day, I had a faulty padlock to deal with, so I went to visit Site Security, who had the master keys for all four companies, and borrowed their barrel removing key. While I had it in my possession, I took a photocopy of it before returning it. Later that day, I sorted through all my spare keys until I found the closest match, and, after silver soldering a blob on the end where the actual barrel removal wards were, filed it to an exact replica of the original. Then, if someone wanted their office moved, all I had to do was swap the two barrels over, which took moments, and then straighten the paperwork, which took longer. I still have that barrel key, but unfortunately, the buildings are no longer standing, the whole site had been flattened and turned into a housing estate and an out of town shopping experience. A/C for obvious reasons, even after all these years.
So LockPickingLawyer , that is how you got started.
One of the most stupid things I did as a child in the University (yes, I was amazingly straight), was to once open a lock using some photo film and a piece of wire to help the team access some equipment. Yes, they were grateful, but from then on I was marked, and not in any good way.
We had an alarm system and the boss decided he wanted a card entry system as well... And it should be connected to the alarm system.
The first person to arrive in the morning would present their card, the alarm would be automatically disabled and the door opened. It then kept a count of how many people came and went. The system then automatically set the alarm when the last card was logged out and the count was reduced to 0. If somebody forgot to log out, the system would automatically turn the alarm on at 9 in the evening - which meant, if you were working late, you'd have to log out just before 9 and wait until after 9 to re-enter the building.
Staff were told that they had to log in themselves and log out, they couldn't hold the door for anyone else. Amazingly, the system worked well, until the boss forgot his card one day, but he came later and left after everyone else...
At the building I work in, alarm is armed as of 6pm on weekdays, and all weekend.
Card access to the building during normal hours, augmented by an additional code entry on a pinpad during the alarm hours.
The alarm auto-arms 60 minutes after being disarmed, and the 60 second spoken warning over the loudspeakers scared the crap out of me the first time I had to be in the office in the middle of the night.
Fortunately all you had to do was tap you card to any door reader.
Back in the 90s I was working security at Northern Telecom.
Back then they were a big MOD contractor making all sorts of highly sensitive military comms equipment some of which found its way to the first Gulf War.
Now to enter the office building out of hours you needed a swipe card and key code.
Pretty good for the day you would think however when we did our rounds one of our jobs was to check peoples desk for documents marked SECRET or above and put them into the safe.
We often found TOP SECRET documents left on peoples desks, often open and the muppets even left their windows open even on the ground floor.
Times and tech may have changed but the idiots remain the same.
"We often found TOP SECRET documents left on peoples desks, often open and the muppets even left their windows open even on the ground floor."
90s as well, secret/TS stuff as well.
Instructions were different: last dude in the offices would gather all documents off the offices and shred them (it was a secure shredder, not the office stuff you usually find). We were a tad lazy on the instructions until some high ranked kicked our balls hard.
The next evening, me and my mate applied the instructions by the book. Some idiotic conscript had forgotten his identity card with the whole set of usual documents lying on the office. We nonetheless followed the orders.
Funny was his face the day after. Good times.
At certain places where I have worked (hint: armed guards at the entrance), clearing the desk before evening departure was mandatory, it's called the Last Man Out process. Everything had to go into those nice cabinets with Mark IV dial locks (that's enough hints) at the end of the day, and the lock codes were changed every four weeks or so (no, no, really, no more hints).
Only, our team of rogues had one guy who spend many lonely nights at sea so bored out of his skull that he worked out how to open those locks*, and he was usually our first man in. Thus, come Monday-after-a-change, our cupboards were already open for work, annoying the chap who went round delivering the new codes (he didn't arrive until 10am in our section, and we didn't have that sort of time to waste).
That said, he was a good sport about once he got over the initial shock and it turned into a bit of a running joke.
* There's also a Matt Blaze tutorial on it somewhere.
Anyone remember the new fancy "white elephant" building in Paignton?
I was visiting and working late one night with my laptop.
Then - all the lights went out and I was left in the dark!!!
So after that every 20 minutes I had to swivel around in my chair with outstretched arms so the building didn't think I was dead and turn the lights off again.
Well isn't today a blast down memory lane...
I still have the Nortel mug from their recruitment event in the Rougemont Hotel (I lost, threw or gave away the perspex pyramid paperweight recently) that I found myself in (Having left the positioning company - Wimpol, for Racal in Seaton, quitting there when the writing was on the wall, taking another job (& let go after Y2K)) rubbing shoulders with colleagues who had stayed to the bitter end.
I stuck with IT rather than electronics & didn't pursue that avenue of of employment as that Paignton branch of Nortel was always going through repeated cycles of hire & fire to the best of my recall from BBC Spotlight\Today South West.
For those still wondering what the name of Sven's employer was - I think you will find it's in all probability to be Datatrak, whose name & logo were on all Securicor vans & indeed used to deliver our cash wages to Racal.
I remember the beautiful Art Deco frontage hiding the massive factory behind. I visited quite a few times and talked on the phone too.
I worked as an Engineer/Sales Engineer/Trainer/Liaison/Manager for a Japanese Fibre Optic supplier.
They bought LOTS of our FO sub-assemblies and equipment to build their products.
(possibly £1-2 million over 2 years?)
I grew up in Devon, and it was great to get a panic call or other request to go down there, from SW London, to sort out some problem, shoot the shit and see if they were in the market for some new stuff.
I knew 3 managers, on different lines/products and gave a little training and basically bent over backwards to give them Top Service (actually we did that for all our customers)
I got on well with them, nice guys, and blow me down, all 3 suggested I hand in my notice and come and work there.
I was sorely tempted. Never had an attempt at poaching quite like that before.
It would have been ideal. But my existing job was also good. I decided not, thankfully.
Nortel worldwide almost completely shut down soon after.
Over expansion and recruitment of anyone? (maybe why they were interested in me lol)
And the Telecoms Crash.
We bought some of our equipment back, when they nicely asked (all part of customer relations).
(Value £100k). I think Alcatel or Pirelli bought that at a reduced price.
The boxes weren't even opened from our original delivery months before.
Did I go and collect it? I have a vague memory of some storeroom.
Funnily enough, one of my colleagues spotted some of our/their stuff on eBay a few months later at ridiculous knock-off price.
We tipped off the surviving manager.
Sadly, I have no memory of the locks or general security arrangements.
I suspect it wasn't great with the Boom Town Business and many new employees.
5000 at peak, in Paignton?
From memory Paignton peaked at 4000. That site also caused the biggest headache for our IT manager when the company I was working for bought the plant from Nortel, about the same time they bought the old Marconi plant up near Northampton (Caswell, where they used to build Spitfires during WW2, and a mobile phone deadspot in part due to it's location, in part due to all the buildings being made from ironstone and being rather effective Faraday cages). Anyway, back to the IT manager. Paignton's document control system ran on Linux, and to say he despised anything that wasn't made by Microsoft would be an understatement.
That's not a vulnerability, tape monkey, it is a facility.
And it's still very much the same sort of scenario in VAIOSystems ...... TOP SECRETS shared freely with No Earthly Access to Future Commanding Control Assets ..... Core Virgin Sourced Suppliers.
With Ship Loads of Fabulously Wealthy Tales to Tell to All About SMARTR IntelAIgent Systems Service Full Disclosure Non Agreements, very popular in Intelligence Immunity and Impunity cases requiring at best, all necessary virtual savvy.
What's not to like. IT and AI are a Live Operational Virtual Environment in Future Command with Present Control.
And now you all too know what is no longer TOP SECRET. Enjoy and Ponder on Real Strange News which one might reasonably expect to pretty much see nearly everywhere, where Tomorrow is Phormed by Breaking Monumental News ......... Unbelievably True Fact.
Some say that is Holy Hallowed Ground Zero ..... altho most all know just to think it is more than enough too. Amen/Allahu Akbar to that.
Yup had swipe cards installed on doors here yonks ago, 2 hours after going live the MD said they were to be disabled during office hours.
Our door releases (The green "Breakglass") have those annoying alarms on, although someone did work out how to get around that. Take the plate off the back of the maglock and pull the cable out (Queue every Mag lock being changed location and now knocking out anyone tall).
(It would have been of no possible use to me.)
Those units did go places: lots of test drives to gather data on how well the tracking worked in practice. This being pre-GPS, it was also before the standardised gps libs to do the complex maths of tracking, and relied instead on terrestrial beacons.
Upvote 'cos you just one-upped me.
This post has been deleted by its author
I'm now certain I was there too.... see my earlier post further up the page.
Offshore side or the other side?
I recall announcing on a frequent basis around 4.30pm every workday, "Cry havoc & let loose the dogs of Marconi" as they finished 30 minutes before we did.
The guy that hit the HT on a laser rangefinder with the covers off & threw it out of a fortunately open window onto the concrete path outside, thus ensuring that whatever the original fault was, it wasn't ever going to work again.
One of my colleagues who sank\lost a ROV on a training trip (It was recovered).
I worked for a company where the support contractor reset all passwords to 12345, "to make support easier", and disabled the user's ability to change their passwords.
They also left all of the users' Exchange accounts with OWA access from the Internet. Yes, anybody who could guess that "Fred Bloggs" username was fbloggs and they knew the OWA address (mail.example.com/owa) would probably have hit the jackpot with a simple brute force attack on the first attempt!
My first act, when I joined the company, was to disable OWA and ActiveSync for everybody, set the accounts to require a password change at next logon and sent an email around. Then turned OWA back on for those users that needed it, after they had changed their passwords.
On the thought of weird OWA security problems, way back when I had an air-conditioning meltdown in the server room, and the servers cooked (no environmental monitoring until after this event). Only lost a couple of drives and no data, but cutting off the VMware hosts cold (sorry) caused a weird permissions corruption.
Basically it gave Authenticated Users read access to all the mailboxes on Exchange 2003. If you could login as yourself, you'd be able to read anyone's email.
It was a couple of months before I noticed (and I checked through the IIS logs to make sure nobody else had discovered it). Took the permissions back off again, but that was an odd one.
Air con? Luxury, mate!
The company had the server room at the top of the building (3rd floor), south facing, big windows. No AC.
I warned them when I started that they needed an AC in the room. But the servers had run the last 5 years without problems (and without being cleaned out). The first employee there in the morning opened the big window and turned on the fan!
I tried to get the servers put in the cellar, where it was a bit cooler, but that was rejected.
I bought an electronic thermometer with remote sensor and stuck the sensor in the middle of the rack, it topped out at 68°C in the middle of the summer! Surprisingly, we only had one server crash (you have to admit, the HP servers are built tough). I then got permission to get a maintenance firm in with an air compressor to clean out the machines and blow all the dust away - my white shirt was black by the time we had finished.
The CEO agreed that AC was probably not such a bad idea. Then he got the offers in, there was enough in the budget for his office, but the server room was too expensive...
I've heard a story (maybe apocryphal, probably on the interwebs somewhere, but entirely plausible) about a pen-tester who was contracted by a car dealership for security testing. A few days later, and without much difficulty, he was able to drive a brand new Porsche out of the showroom in the dead of night. The car salesmen were outraged - at him - but I can't remember if he had his contracts all signed and secure. I hope he did.
I remember watching a TV show many years ago where a professional car thief was given 60 seconds to open the door of a locked car and get the engine running. His expression was interesting - a whole minute? He jiggled the car door handle and then got a slim jim or similar tool and opened up the car door. He then climbed in and looked around wondering what the gimmick was. He then adjusted the seat - shrugged his shoulders, knocked out the lock and started the car still wondering what the gimmick was. He could have done the entire thing in less than 10 seconds if he wasn't puzzled about being given a full minute to do the job.
... we were given pagers to carry "for emergencies". I turned mine on when I got to work, and off again when I left work. My reasoning was that I wasn't being paid when I was off work, therefor they had no right to try to contact me. Needless to say, management wasn't very happy with my interpretation. They called HR, to get me to see reason or to fire me. HR took my side (!!!). Long and short of it, everybody with a pager wound up with an extra dollar per hour for each and every hour we were required to be on call when otherwise off duty.
A couple years later a few of us were presented with DynaTacs ... we all said "more money, please". This time, we were compensated $1.75/hr. For awhile there I was collecting for both the pager and the phone. It was quite lucrative, added up to a hair over $18,000/yr in mid '80s dollars. Fortunately Upper Management liked me more than the mid-level idiot who ran our division ...
Shortly after the Working Time Directive came into force I moved from engineering into IT. As the factory ran 24/7 they decided to implemented on-call procedures, that basically meant a slight payrise for every day you had the on-call phone with you. As the WTD also stipulated minimum hours rest before working again it also meant that anyone being called during the night were allowed to arrive back at work late the next day, a minimum of 11 hours in fact. This was in effect regardless of how long the call was, or whether it required a physical presence at the factory. As I was in charge of the rota and lived closest I managed to be on-call 2 out of every 4 weeks, with the other 2 weeks split between another 2 techies. For some reason though the majority of calls always came in at 2:15 in the morning, and were usually fixed in 5 minutes over the phone. Which meant not having to be back at work until 1:30pm and still finishing work at 5:30pm, for the same pay as if we'd been in at 9am, plus an hours extra overtime pay (on top of the on-call rate, any time was rounded up to the nearest hour and charged at the overtime rate for the day, 1.5x for the week and 2x for the weekend) for the call.
Once they realised the terms that had been agreed HR weren't happy, but there was nothing they could do as no one in the IT department were going to agree to those terms being renegotiated.
I worked with a guy who was on-call. A major alarm went off around midnight but the NOC guys were obviously asleep. Rory got called at 6am, just as he was pulling on his leathers for the ride to work, and he rode in being paid time-and-half and got to go home a couple of hours early in compensation.
And the alarm had cleared itself by the time he arrived!
Worked in a company once where there was no domain policy to force users to change their passwords at all, or password complixity required. Even when we had to reset their password we were told to not force them to change on next logon. On top of that the IT manager kept an Access database with all the users account details, with passwords and they had to inform us when they changed it as well as what they changed it to, though there were a great many of them that were still set to the default password.
Working for a small zombie company (that's already been a star of On Call) the MD / CEO / salesman / pain in my arse once announced we all needed to list our desktop and server passwords on a piece of A4 that was to be put in the (only) (unlocked) filing cabinet in our office.
He got quite narked when we gave him an alternative suggestion for it's location. Probably because it would have made his cycle home quite uncomfortable.
Best one ever, password was "numbersandsymbols", because "Your password must contain: numbers and symbols".
I don't know what is worse. The fact the user took the instruction literally, or that the system was not enforcing the requirements.
(I was typing it out for them, to change/reset at their desk, because they had trouble even typing correctly).
We can set a password but force the user to change it immediately after use. We use random alphanumeric and mixed case in a certain layout, but not silly punctuation. Let's say Abcd123f is the example.
Then if you can allow but not enforce the user changing their password, set it to not one such example, but six one after another.
I mean, they could and probably would keep it on the Windows desktop in Notepad, but one has tried.
That is something that annoys me with Office 365, I can't set a secure password on that. Every time I try to set it using my standard password generating method, it tells me that the passwords are too long (they are only about 25 - 30 characters long) and exceed the 15 - 16 character maximum that Microsoft allows!
exceed the 15 - 16 character maximum that Microsoft allows!
When I created my TechNet account in 1999, I tired using a very secure password (would still be reasonably secure now) but it kept being rejected. Took a while but I finally figured out that if you kept the password to 8 characters or less then it would accept it. Guess Mirodorks haven't changed.
In our office the doors have a proximity reader on one side and a 'press to open' button on the other (to allow easier exit). This works fine except during some building work where we somehow ended up with a corridor where you could press to open the door from the outside of both ends of the corridor. Meaning to exit the corridor at either end required a card. Cue lots of people accidentally leaving their card at their desk, pressing the button to enter the corridor and finding they couldn't get out the other end, and nor could they go back the way they'd come. Luckily there was a bypass - if you smashed the glass on the fire alarm it released the doors and you could escape.
Somehow it took the company about three weeks of fire alarms before they sorted this out.
I remember working for one firm (about six years ago) who took security uber seriously: swipe cards to get through doors, no tail-gating, staff locations logged etc. etc. etc.
The only exception to this was when it was hot, in which case one of the back fire doors was left open and pretty much anyone could have wandered in or out.
Similar, except this one was mid level management using the emergency exits
They didn't want them open for ventilation in the 40° factory conditions of course but felt it was ok to use them to pop a group smoke chinwag every 15 min in the non cam covered zone of the outer car park.
They of course had fitted alarms on the doors to keep the cattle from opening them and each VIP had a key to turn them off as they saw fit.
It was quite a game locking said doors after they passed through to the outside while also turning the alarm back on for next time they went out. And they invariably forgot their badges and had to bug the main receptionist to let them back in after a refreshing walk around the outskirts of the complex.
I recall a data center [Metrotech, Brooklyn] that had a set of 'man trap' access card controlled doors at either end of a corridor. Right next to the corridor was an ADA [American's with Disabilities Act] compliant door that was just propped open during the day.
I used to work for a company that issued gift vouchers - both 3rd party such as M&S, as well as our own proprietary voucher which were treated as if they were cash, and we actually printed by the country's leading banknote producer. The came in various denominations (£1, £5, £10 and £20) and each was individually serialised - just like banknotes. They also had the usual high security features such as intaglio printing, watermarks, holograms etc.
We only kept those due to be issued on each day on the premises, with our main stock held in a secure vault by a leading security company, who would deliver the vouchers needed on a daily basis in a security van.
We kept track of which vouchers had been issued to each of our clients, down to the individual serial number, and knew exactly how many unissued vouchers were in the vaults, and what was on order from the printer.
We also knew which vouchers had been redeemed as the retailers sent them back to us and we then paid them for the redeemed vouchers.
At one point we started getting vouchers sent to us for redemption that according to our systems had never been issued, and should still be in the vault. Investigations (including by the police) showed that one of the "vetted" workers at the security company had helped himself to more than a few grand's worth of vouchers from the bottom of the stockpile, assuming that we would not find out about it for some time. He then sold them on to his mates for about 50p in the pound.
We had to reimburse the retailers for the vouchers that they had accepted in good faith, but ended up getting it back from the security company's insurers.
My last employer had over twenty different premises, the guy in charge of security related stuff gave me a personal 5 figure code for the all of the burglar alarm systems so that I could enter the different premises, he said keep this number to yourself, don't tell it to anyone.
I can never remember numbers like that and had a cryptic reminder on my phone, I went to one place with one of the maintenance guys and discovered my phone battery was absolutely flat, it had completely failed. The maintenance guy keyed in his 5 figure code and it was the same as mine when I saw it, it turned out the security manager didn't understand the system so once he had got the initial pass number he gave it to everyone.
I recall working at a site in London - nice shiny location, pretty high value activity.
The usual on day one: handshakes and hello at reception w security guards, wave at camera for badge, badge issued w lanyard
Tuesday I fall out of bed a tad late and rush to get there in time - only to discover on entering the building that my new entry badge is in my other jacket. And the security guards are different, so they haven't seen my face. Bummer.
Oh well, I successfully tailgate instead, and I keep doing that for the next 3 weeks (but now w badge in pocket in case one of the guards finally decides to challenge me - which never happened).
The problem for them: I was securing one of the companies in that building - this accidentally made a nice extra chapter in the report.
They put proper access gates in not long after - it wasn't the only high value company in that building..
A previous company I worked for deployed RSA tokens globally for two factor authentication to meet client security requirements.
We discovered the hell desk in one of the larger offices had altered the procedures for deploying tokens to users to reduce "problems" - rather than users setting PIN codes, the hell desk manually set the PIN codes to the expiry date on the back of the token so that users/hell desk staff would have a convenient reminder if they ever needed it.
When the problem was explained to the hell desk staff, those that had changed the procedure were unconvinced by the need to follow the exact instructions. Initially it was explained that it defeated the purpose of a two factor authentication system and no longer met a significant clients requirements, potentially resulting in a loss of the contract. This didn't work. Smaller words were tried in the hope that it may improve the understanding, but with little additional success. As the discussion progressed, questions were raised over the parentage of certain hell desk members and the scores that said members might be able to obtain in intelligence tests.
After management were involved, certain hell desk staff choose to work in alternative environments where their ability to follow instructions and utilize their unique skills were appreciated. Or something like that.
That reminds me of this little gem from a few years back: https://www.theregister.co.uk/2013/02/27/outsourcing_job_common/
Then again, revocation of a Token is easier than revocation of an iris scan or other biometric data.
Which brings up this one: http://funnyfarmcomics.com/index.php?date=2019-08-13
I worked for a transportation and warehousing company for a while and everyone in the IT dept who wasn't a mainframe developer, had to spend time on the Helldesk, including compulsory on-call overnight. I pointed out that the Helldesk on-call analogue mobile phone (just to give you an idea of the timeline) did not receive signal in my village a few miles up the road from the HQ. They didn't seem worried. I enjoyed 2 years of receiving the on-call wages supplement, without receiving a single call. I don't think that the Helldesk received many calls at night, otherwise there would have been complaints that the calls were not answered.
I had told the IT Directory that I could not receive calls, so my conscience was clear.
I had a similar issue years ago when the service company I worked for switched from pagers to mobile phones. I would have one bar of signal when in my driveway, but once in my house it was "No Service".
I even offered to carry a pager in lieu of the phone, but corporate had canceled the contract with the pager company, so that was a non-starter. And for whatever legal reason, the answering service we used was not permitted to have our home phone numbers. I could have left the company phone in my truck and forwarded the calls to my home phone, but the idea never occurred to management and I never suggested it. 8^)
Every so often we would get a new manager, and before long he would bitch about me not answering after-hours calls. I would happily point out the memo in their desk regarding my lack of service, and suggest switching cell providers. Since that decision was well above their pay grade, the issue was promptly dropped and I would go back to nights of uninterrupted sleep.
A friend of mine used to work for a big catalogue company in London, he was issued with a pager in the days before Mobile Phones and said the pager only worked in the London region.
He spent most weekends in Yorkshire well out of the area, he said if he didn't phone in they would page the next person on the list so no problems and he got paid for being on call. If queried he claimed must have been in a bad signal area.
Years i waited for him to get his comeuppance, never happened.
There was a time I was getting all the after hours calls for the DBA department I worked for because the other two people who were supposed to be on the rota persistently neglected to pick up the phone. My boss actually had the nerve to say that his excuse was he had *one* phone in his house and it was at the other end of the house from his bedroom.
I had bought an AT&T answering machine that was a wonderful electro-mechanical tank of a machine so I wouldn't have to answer nuisance calls from my landlord's junkie son (who always wanted to take a ride into a certain town for "supplies" but who had no car of his own) and while pissing around with it one night I discovered that if I whistled into the microphone when recording an outgoing message, when played back the machine read the whistle as the end-of-greeting signal.
Numerous ideas were put into effect once I had discovered this. I had, for example, a Tascam four track portable recording studio and a couple of Roland synths so recording outgoing messages made "during tornadoes" was easy. Also satanic greetings made by recording in reverse. Good times.
But for redirecting Production Control calls to my lazy good-for-nowt colleagues I used another discovery; that if I hit the "memo" button (so I could use the answering machine as a dictophone) and lifted the receiver, I recorded the dial tone on the outgoing message tape.
So I replaced my normal answering machine greeting with ten seconds of dial tone (terminated with a whistle so those few in the know could leave a message).
The first night I deployed Plan Make The Other Buggers Do Their On Call Rotation I thought the poor machine would melt. Phone would ring, answer and the caller would hang up. All accompanied by the pinball machine noises he transmission of the answering machine made as the mechanical gubbings activated the levers and springs and motors and gawdknows what else made the magic happen. I swear I could see the thing moving as it went through this pantomime. Then the caller would assume he(or she) had misdialed, or got a bad line, and ring again. Repeat to taste.
From their end it sounded like: pick up the phone and get a dial tone. Dial and hear the cached touch-tone beeps play, connect and then apparently hang up.
It took three days before PC understood I was No Longer At Home when it wasn't my turn and that they would have to persist with the other lazy gits, and for said lazy gits to understand that if they didn't answer their fucking phones from now on, they would be in line for a royal bollocking tomorrow from the very easily angered man we worked for - who had already fired one bloke for answering "I don't know" instead of "I'll find out and get back to you" - because I was done doing all the after hours call out.
I'd still be using that machine today but the console buttons were less well made than the rest of the machine and it had to be retired when they wore out.
Used to work at a company where server room access was restricted to a few trusted individuals, getting access for new staff could be a nightmare.
One day we found the door propped open because the building manger was "too busy to chaperone" the external maintenance engineer in there, so he was left alone with millions of customer details on the servers.
Needless to say TPTB kept this quite during the ISO27001 audit.
Many years ago I was in the military and had access to certain very secure areas. I was an enlisted pleb and I worked with many officers - some of whom really believed that simply because they had different chowder on their shoulders that they were innately more intelligent, handsome, valuable and important than anyone else with less chowder.
One fine day a particularly obnoxious example of above individuals was moved from one department to another and someone "forgot" to add his clearance to the new list after removing him from his old department. Since I knew he had been transferred I checked the access list that was secured behind a quite impressive door, found him not cleared and refused him access. He went ballistic of course, being the special person he was, and tried to force his way past me. I was quite impressed by the response time of the security team. My coworker hit the alarm as I was taking the officer to the ground and the officer and I had the business end of fully automatic rifles pressed against the back of our heads in less than a minute.
When the incident was investigated I got a nice little pat on the back from the Colonel in charge of the division and the offending officer was transferred again - somewhere he didn't need the security clearance that was stripped from him. Good times.
I had just finished putting a rebuilt (and quite a bit more powerful) engine into the Colonel's Corvette. Might have had something to do with it. ;)
Also I was the go to guy for just about anything that needed fixing - from PDP 1124s to pneumatic control systems, hydraulics, mechanical and A/C. He knew I would stay and keep systems running even if it took all night. One of the few jobs I've had where going above and beyond got noticed - until that Colonel retired and reality set back in.
When my father was commander of a submarine base in Australia there was a very secure building that he was not cleared to enter. He sometimes entered when he had to without any trouble.
A senator was visiting and wanted a tour of this secret facility so my father escorted him. The guards at the door immediately drew their side arms and said, very politely, "I'm sorry, but if you try to enter I am going to have to shoot you."
My father, who was not cleared, said, "It's OK Joe." And everything was alright again.
I have to confess (anon for obvious reasons) that the arrival of a rather spiffy ink transfere/wax printer in our research lab for pré-sal e evaluation was a wonderful opportunity (Tektronix I seem to remember) was a wonderful opportunity. The poor salesman was disappointed when he collected it - inkless and order less. I still am vaguely embarrassed.
What a horrible piece of kit that was!
We got one for printing client meeting documents since it certainly had the best-looking output. All very impressive and professional looking.
Until the first client wanted to make notes on his document (as most people did) and discovered that it was impossible to write on it with any normal pen or pencil.
But what made the machine particularly horrible was the fact that it had an endearing feature: it used an optical disc for calibration in order to line up the different colours. Said disc was fixed on a rotating hard-chromed rod by means of a tiny screw that needed to be tightened in order to fix the disc in place. The optical disc was securely fixed to a hefty brass bush - lots of inertia and momentum.
The net effect was that a technician needed to visit us on a weekly (and sometimes more often) basis in order to get the alignment correct, as it started going out of spec almost immediately due to the low friction that could be achieved with the set-up it had.
===================> For the stupid moron(s) who designed and signed it off (that's how I felt at the time, since I was always called to fix the thing, even though it was a leased machine and not my responsibility, and despite the fact that they knew I did not have the requisite knowledge nor special tool to correctly affix the disc).
It can go too far the other way. I've just spent a couple of weeks working on a site where you card-swipe to get into the canteen, but to get from the canteen to the canteen picnic garden outside the windows of the canteen you have to go back through two swipe doors to the reception at the other side of the building, swipe through the turnstile, swipe through the outer doors, and then walk all the way around the outside of the building back to the the canteen picnic garden - all the time while trying to carry your lunch.
About 1988, I was sent to the new Dealing Room of a Big Bank in the City cos' bits of it kept crashing.
I had to measure lots of temperatures in the machine/server room cabinets because the room's Air Conditioning and cabinet venting was suspected to be 'unbalanced'.
I was a Design Engineer, not a Field Engineer, and I'd never been On-Site before. But I was young and free that day, so off I went. "Just measure as many temps as you can in various cabinets and various racks and boards". Only 60 cabinets in that room!
I gave the Receptionist my ID and the name of my contact.
"He'll be a few minutes, please wait for him in 1st floor Foyer" and she gave me a visitor badge.
"Sure where's the stairs?"
"The Lifts are just there""
"Stairs are fine", I said (I hate people who take lifts for one floor)
"Stairs are locked without a card, you have to take the lift".
Sealed 1st floor foyer, deserted. But mein Techie host arrived within 3 mins and demonstrated how secure they were.
Card on multiple doors and a teenie-weenie revolving door man-trap, big enough for only one person at a time.
He made a joke about how secure it all was.
We get to the Tech office, and I want a quick chat about the problems they have been experiencing "But first I need the loo"
He rolled his eyes and sighed.
"It's all the way back out again", he said "Here, just take my security card. It's easier"
Many years ago I got laid off just after a modest RTA and so the process was delayed until I was ‘fit to work’ - which nicely irritated the jackass CEO for a few weeks. When eventually I had to leave there was a fairly large collection of personal stuff to retrieve and my then g/f (who also worked there and didn’t get laid off) helped me lug stuff into my civic. It was a fairly slow process- amongst other things we took a moment to do the deed in the CEOs office - and we had to chock the exit door open for a while to get a couple of more awkward items out. That of course triggered the silent alarm and alerted the duty key-holder who duly dashed to the building to check things before potentially calling the cops. As it happens it was the CFO, who pretty much shared my opinion of the CEO, and so he just cancelled the alarm and assisted in my fairly liberal definition of ‘mine’.
I work for a (small) organisation where I was asked by "The Board" to implement auto screen locking on all machines - a very sensible approach which the ENTIRE WORLD uses.
There was one employee who just didn't like it. Acted like a total spoilt brat to find ways around it. And the support I received from those who asked me to implement it? Jelly for spines and absolutely no balls. They couldn't even see what the problem was when the same user, having exhausted all possible ways he'd thought of to get around it (is nudging your mouse every few mins to stop your PC locking SO F****** hard????? Apparently so for this PhD), decided he was no longer going to use his work his PC and started bringing in his personal laptop instead.
The moral for management - don't ask me to implement security on the company's network unless you're prepared to grow a pair of effing balls and put them where you effing mouth is....
We had a weekend crunch back in the 90's and had need to hard recycle a server that was securely locked away in the server room. No senior staff with secure access credentials available, naturally. The keypad lock had a standard release latch inside the room, and by observation, it was clear that the safety-wire glass panel was held in by flimsy wooden strips. Each of which was only secured into the door with a single panel pin. Bending the longest strip to the centre of the window released that pin, leaving the remaining three strips at significant disadvantage. Popping out the now loose window, we could reach inside and unlatch the high-security lock.
Reassembling the window was the work of a moment, and only on the Monday morning were we quizzed as to how we'd managed to gain access. None of us gave it up.