evilrouters.net

1. If you come to me to ask technical questions, please don’t argue when you don’t like my answer. If you think you know more about what you’re asking than I do, then why even ask? On that same note, if I am arguing with you, it’s because I’m certain that I am correct; otherwise I’d just tell you “I don’t know” or perhaps point you somewhere that you could look it up. We don’t argue just for the sake of arguing.

2. When you start a conversation by insulting yourself (e.g. “I’m such an idiot”), you will not make me laugh or feel sorry for you; all you will succeed in doing is reminding me that yes, you are, indeed, an idiot, and that I’m going to hate having to talk to you. Trust me, you don’t want to start out this way.

3. We’re okay with you making mistakes; fixing them is part of our job. We are NOT, however, okay with you lying to us about a mistake that you made. It just makes it that much harder to resolve and thus makes our job more difficult. Be honest and we’ll get the problem fixed and both of us can continue on with our business. Lying to us and, therefore, costing us twice as much of our time will not win you any brownie points with IT.

4. There is no magic “Fix it” button. Everything takes some amount of work to fix, and not everything is worth fixing or — gasp! — even possible to fix. If I tell you that you’re going to have to re-do a document that you accidentally deleted two months ago, please don’t get mad at ME. I’m not ignoring your problem and it’s not that I don’t like you, we just can’t always fix everything.

5. Not everything you ask us to do is “urgent”. In fact, by marking things as “urgent” every time, you’ll almost certainly ensure that we treat none of it as a priority.

6. You are not the only one who needs help, and you usually don’t have the most urgent issue. Give us some time to get to your problem; it will get fixed.

7. E-mailing us several times about the same issue is not only unnecessary, it’s highly annoying as well. We record issues in a database so that we don’t lose track of them (remember how we ask that you create a ticket? That’s why.) We will typically respond as soon as we have a useful update to make. If your problem is urgent, please do let us know (but see number five).

8. Yes, we prefer e-mail over phone calls. It has nothing to do with being friendly or anti-social, it’s about efficiency. It is much faster and easier for us to list out a set of questions that we need answers to than it is for us to call and ask you them one by one. You can find the answers at your leisure and, while we’re waiting, we can work on other problems.

9. We may, at times, seem blunt and rude. It’s not that we mean to, we just don’t have the time to sugar coat things for you. We assume that we are both adults and can handle the reality of a problem. If you did something wrong, don’t be surprised when we tell you. We don’t care that it was a mistake because, honestly, it makes no difference to us. Please don’t take it personal, we just don’t want it to happen again.

10. Finally, yes, I can read your e-mail, yes, I can see what web pages you look at while you’re at work, yes, I can access every file on your work computer, and yes, I can tell if you are chatting with people on instant messenger (and can read what you’re typing, as well). But no, we don’t do it. It’s highly unethical and, perhaps more importantly, in all reality you really aren’t that interesting. Unless I am instructed to specifically monitor or investigate your actions, I don’t do it. There really are much more interesting things on the Internet than you.

I hope this didn’t come off the wrong way because, even as much as us IT guys refer to “users” as “lusers”, we do like (most of) you. Just like you, we’re here to do a job and we try to do it the best that we can. It’s easiest to do that if we all work together, stop pointing fingers, and give other people the space that we would like to get as well. If we can do that more often than not, things will go well and work out for all of us.

P.S. IT guys are easily bribed with food and/or beer (personally, I prefer the latter). That’s a sure way to get your problems moved to the top of the list. *wink*

No idea where this originated, but I received it several months ago via e-mail. For your enjoyment…

You know you’re a computer security guy (or girl) when…

• You not only lock your laptop with a physical cable leash, but you change the combination of the lock when it’s not in use so that it can’t be “compromised”.
• Although you have no ill intent, you spend no small amount of your downtime in airports thinking of ways to circumvent TSA security — and you’ve come up with several can’t-miss terrorist ideas that even Jack Bauer couldn’t stop.
• You lock your screensaver with twice as much insistence when security friends are around than when strangers are, because you’re not nearly as worried about a stranger’s intentions.
• You’re immediately discontent with all newly announced security solutions, even before you know anything beyond the name.
• Having extralong passwords that you must type over and over again to get correct is not a bother.
• You have a database program to store all your passwords, but even it doesn’t contain a single, decoded password.
• When you read industry-mandated security guidelines, you chuckle at all the newbie mistakes.
• You secretly hope you don’t miss a big virus outbreak while you are out on vacation.
• Any security book you read is covered in pen from the technical corrections you’ve made.
• Your Internet browser home page is a computer security news bundling Web site.
• You’ve so fine-tuned your personal computer’s host-based firewall that you are sure it is causing problems with legitimate programs, but you really don’t care.
• You fantasize about a job where you could bust into the house of unsuspecting malicious hackers and take them away to jail.
• You’ve got a new car with a built-in GPS and computer, but you are constantly worried about how easy it would be to hack.
• You suspect that every banner and Flash ad on every Web site is hosting malicious JavaScript.
• You loath government interference with the Internet because you know they will only mess it up more and not fix the problem (see CAN-SPAM Act).
• When you hear that we’ve arrested some big spammer, you have the same nonreaction as when you hear we’ve arrested Al-Qaeda’s No. 2 person … again.
• You resist every new application install because of the new attack vector opportunities it will bring.
• You know that mobile small-form-factor computers have almost no security.
• Your cell phone is password-protected.
• You resent having to give out your Social Security number to any person or company, especially because you have never given it when dealing with the Social Security administration.
• You already own or covet one of those special screen covers that prevent people on either side of you of from reading your screen.
• You can’t prevent yourself from laughing out loud when someone announces they think that computer viruses, buffer overflows, or whatever will be solved in five years.
• You hate upgrading your computer because it means spending days trying to copy and convert all your cool hacker and anti-hacker tools to the new system.
• You have solid friends on computer security discussion lists, whom you know would be there for you in a life-crisis pinch but that you’ve never met in person or talked to on the phone.
• Although you never try to shoulder surf other people’s passwords, you can always tell by sound alone when they haven’t typed one that is eight characters or more, and you chuckle inside.
• When someone hands you their USB key to copy something, you always decline, and instead offer your known, clean USB key. You would also prefer one-time, disposable, Tupperware-like memory drives if they existed.
• You always slow down when reading security guidance looking for the words “should,” “must,” “never,” and “always” — and you understand their importance.
• By the time you read a CERT security bulletin, you’ve known about the issue for several days.
• You always investigate SSL certificate errors when they come up in your browser.
• Finally, you know you’re a computer security person when you have so frequently spoken passionately to complete strangers about computer security and the frustration it entails that you know what it’s like to be covered in sweat — and the listening partyto have a look on their face that says they didn’t know what they were in for.

Are there others? Post them in the comments below!

Today is (was) Patch Tuesday.

I’m glad that I’m not using [MICROSOFT PRODUCT]. The latest [VIRUS/WORM/TROJAN] exploits a [FLAW/BUG/BACKDOOR] in [MICROSOFT PRODUCT], and it [DOES/DOESN'T] use Outlook and the stupidity of users. Luckily, I’m running [FREE ALTERNATIVE TO MICROSOFT PRODUCT], so I’m not at risk. In fact, [FREE ALTERNATIVE TO MICROSOFT PRODUCT] has protected me from [ANY INTEGER OVER 200,000] [VIRUSES/WORMS/TROJANS].

And just look at the [HUNDREDS/THOUSANDS/MILLIONS/BILLIONS] of dollars that we’ve saved.

Capital One’s home page says that they redesigned their home page. It’s “Designed with you in mind”.

I’m not so sure.

Click the picture for the full-size image:

I’d love to give credit for this because it’s awesome, but I have no idea where it originated.

'Twas the night before Christmas, when all through the LAN
No malware was stirring, not even LoveSan;
The firewalls were racked by the router with care,
In hopes that no hacker soon would be there;

The users were nestled all snug in their beds,
While visions of emails danced in their heads;
And me with my MacBook, and fresh packet cap,
Had just settled down for a long winter's nap,

When out from the pager there arose such a clatter,
I sprang to my desk to see what was the matter.
Away to the browser I flew like a flash,
Came through the VPN and refreshed the cache.

The sign on the certificate gave me to know
The session was safe, so I opened it - Lo!
When, what to my wondering eyes should appear,
But a miniature email, and in text that was clear,

With a new device driver, with a quick "ho ho ho",
I knew in a moment it was our CSO.
More rapid than eagles his memos they came,
And he whistled, and shouted, and called them by name;

"Now, firewall! now, filter! now, intrusion detection!
On, event correlation! deep packet inspection!
Build layered defense! to the top of the wall!
Now block away! block away! block away all!"

As alarms that before the wild network worm fly,
When they meet with my console, mount up to the sky,
So up to the network the sensors they flew,
With the rack full of gear, and the CSO too.

And then, with a twinkling, I heard on my cell
The custom ring-tone - the network was well.
As I drew in my hand, and was turning around,
Down to my inbox he came with a bound.

His message was brief, what was afoot?
Were servers and systems safe at the root?
A bundle of appliances stacked on his rack,
And he looked like a peddler just opening his pack.

Their lights -- how they twinkled! Their vendors - how merry!
They stopped all attacks, they paged my BlackBerry!
The poor little hackers were drawn up like a bow,
And tied up in knots in the honeypot below;

The stump of net packets held tight in our teeth,
With logs all analyzed, traceroutes were a breeze;
Our policies sound, vulnerabilities patched,
Our security systems just could not be matched.

He was chubby and plump, a right jolly old elf,
And I laughed when I saw him, in spite of myself;
A wink of his eye and a twist of his head,
Soon gave me to know I had nothing to dread;

He spoke not a word, but went straight to his audit,
tested the firewalls; then turned to report it,
And laying his finger aside of his nose,
And giving a nod, up our T3 he rose;

He sprang to his limo, gave his consultants a whistle,
And away they all flew like the down of a thistle.
But I heard him exclaim, ere he drove out of sight,
"HAPPY CHRISTMAS TO ALL, AND TO ALL A GOOD-NIGHT!"

To whomever wrote this, thank you. Excellent piece.

If you were to e-mail me over the holidays, you’d get a response like this. Unfortunately, I had to “tone it down” a bit (couldn’t make it as funny as I would have liked). =)

---------- Original message ----------
Date: Tue, 23 Dec 2008 17:35:03 -0500
From: Jeremy L. Gaddis
Subject: Out of Office AutoReply:

[This message was generated by an automated system.]

Greetings and salutations!

I am out of the office and my current whereabouts are unknown.  Even I do not know
where I am.  I am not *really* on vacation (as in, I'm not really going anywhere far away),
but as far as responding to email is concerned, I appear to be well outside the solar system.

Other than December 29-30, I will not be around until January 5th.

Boiler plate:  If you have any special needs, please contact the Help Desk.  They will have
the tools and skills needed to get you back on track.

If you are the Help Desk, then please contact Kevin or Ben.

If you *ARE* Kevin or Ben:  stop, take a deep breath, and reassess things.  If you are still
hyperventilating, then go ahead and break the glass (a.k.a. call my Blackberry)!

Happy holidays!

"A" is for Arrogance, properly done.
"B" is for Bastard, the New Zealand one.
"C" is for Cynic, jaded and tired;
    it's also for Caffeine, which keeps us all wired.
"D" for Delete, we'll do it to you;
"E" for 31337, the skr1pt-k1ddie's due.
"F" is for Format(1M), we use it on disks,
"G" is the middle name of the guy who does RISKS.
"H" for the Hubris that makes lusers luse;
"I"'m the Important one, the person who su(8)'s.
"J" is for Jaded, see "C" above;
"K" is for Kill(1), a command we all love.
"L" is for Luser, the sysadmin's bane,
"M" with a "4" keeps the mail gurus sane.
"N" is for No, whatever the question,
"O" is for Octal, the way of permissions.
"P" is for Password, have you changed yours lately?
"Q" is for Quotas, which simplify greatly.
"R" is for Random, a most useful quality,
"S" I can't tell you, it's against policy.
"T" is for TECO, a very old editor,
"U" is for Unix, which has no competitor.
"V" is the System whose Release 4 we wrestle with,
"W" is for W(1), to see who(1) we nestle with.
"X" is the windowing system from Hell,
"Y" do we use it?  The rest suck as well!
"Z" is for Zero, indicating success
    It terminates programs -- and alphabets, yes.

–Unknown

So this evening I’m minding my own business with a friend at a downtown location when a woman I met one night recently saw me and launched into a pitch that began with the most unusual opening line:

HER:  "JEREMY!  Hi, it's Gwen!  Remember?  I called you last week on your cell
phone and you said 'How did you get this number?' and hung up on me?"

ME:  "Um, oh, yeah.  I do remember."

HER:  "Yeah.  Well, anyway, I wanted to know..."

P.S. It didn’t go so well for her this time either.

Several weeks ago, Chris at IIS Hacks posted a rant entitled “What Ruined the Internet?”. I just came across it and am linking to it just because of the awesome intro paragraph that took me on a quick trip down memory lane:

“I’ve been around the Internet since long before the “Dot-Com Bubble”, when we had to get our MP3s from IRC and use Blade’s Encoder for the command line. Slashdot was just starting up, ICQ was the only instant messenger around, and Winamp really did whip the Llama’s ass. Those were the days…or were they?”

I don’t necessarily agree with the rest of his rant, but he got one thing right: Those really were the days…