Oh I've fallen foul of the 'any any' rule.
I was setting up something with Citrix, in what was supposed to be an isolated test environment. Only it wasn't, so I took out the production Citrix environment. Came out of that unscathed because I had the necessary emails clearing what I was doing. A few words were said elsewhere though...
The other incidents have been related to successful intrusions into the network (which were raised against my team), and when we looked into it with the security team, the dreaded 'any any' was there just as mentioned in the article!
Almost every time it was said that the rule was added because it was the easiest way to resolve an issue rather than work the problem through properly.
Biting the hand that feeds IT
