Piss-up in a Brewery

Yesterday due to Health & Safety bureaucrats, the Inmates at the Insane Asylum all got a day pass out into the wild. Basically the overhead power cables in the Village where the Asylum is located were two inches lower than the regulations. I believe a circus stilt-walker standing on the back of an elephant could possibly electrocute themselves, so health & safety said the lines needed raising which meant a village wide power outage from 8am till 5pm.

Now the Asylum is an ISP & Telecommunications Provider & etc. So making allowances for the inmates to work from home should be no problem, especially as we had a weeks notice.  The night before the planed outage we redirect our emails to a backup server, and take our phones home to connect to our Virtual PBX (which is a product we sell, so know works). So we should all have been sorted.

The best laid plans of mice and IT professionals

Now the Governor and our Phone Tec both have already got phones set up on the virtual PBX for testing purposes, so it was just the rest of the Inmates who needed to get online with it.  Now Demonpengu tried setting his phone up the afternoon before the outage, and it took several hours to get it to actually connect. The rest of us waited until the day of the outage, where only I got my phone to connect. “Great so far right?

After a hour or so a call locked up my phone, preventing incoming or outgoing calls. When the problem was spotted and fixed we discovered internal calls would result in only one phone being heard the other was just silence. And as for actual call quality, I could not hear the customer over hearing myself saying what I had just said. (And this is a product we sell)

For the last part of the day it was just me manning all the lines & support box, Pure madness & poor planning. I think next time I shall go the way of the others and just pretend my phone would not connect.

Just when I thought they couldn’t possibly be any dumber…

…..they go and do something like this… and totally redeem themselves!!

I am a true believer of the phrase “Customers are Idiots“, but sometimes they seem to go out of their way to prove beyond any shadow of a doubt that this phrase is true.

Recently one of our customers RedBack* ceased trading, and a load of their customers were emailed suggesting they move their hosting & emails over to the Insane Asylum. I was given the pleasure of helping a load across to us. Now some came across with little or no problems, where as others caused a variety of problems. And then there was Zoolander*.

So I copy their website and database from the RedBack server that’s shutting down over to one of ours, I change connection strings and paths accordingly and get it up and running. I recreate email accounts on our system and send them all the details with the instructions to change the nameservers over to ours and they will be up and running.

So a couple of weeks go past and I get a phone call from Zoolander that goes a bit like this.

Z:We’ve changed the nameserver things like you said and now our email has stopped working!

CN:Yes, it will since you moved over to us. you need to use the new email details I previosly sent you.

Z:I don’t understand, its all technically, can’t you just do it for me?

CN: Well you need to change the setting in whatever email client you use on your computers, but if you need our guys can connect to your machine and do it for you.

Z:I dont do email on my computer, just my phone. I just go to the webpage and do mail.

CN: You only use webmail? Then you just need to use the webmail address I sent you and you’ll be fine

Z:what? so my webpages address will change? it wont be on www.zoolander.com* any more?

CN:NO. just the address of the webmail you used has changed.

The following morning I get into the Asylum to find an email from one of the Zoolander’s Directors home gmail account, all urgent and shouty like. I could tell this as it was all written in CAPS! The basic gist of the email was that they had tried logging into the new webmail address i gave them, and their old username/passwords were not working. So I politely resend them the details I sent before the move with the NEW usernames/passwords and point out the NEW system required NEW details.

Two hours later the phone rings. And its Zoolander.

Z:Hello, We’ve tried using the new details, only we can’t work out what goes where, so could ou talk us through it?

CN:no problems, what problem are you having?

Z:Well we need to know what to put in the box that says username, and what goes in the one called password?

CN: What did you have in the email I sent you?

Z: email address followed by my email address, then username followed by a username, then password followed by password. I just don’t know which ones I’m supposed to use.

CN:OK. where it asks for your username, type in your username. and put your password in the one asking for password.”

Z:That seems to have worked. thanks

CN: *Unplugs phone for rest of the day*

I know there is a stereotype belief that people in the fashion modelling industry are not known for playing with a full set of cards. But at least try people…..

* As normal Names changed to protect me from lawsuits… err I mean to protect the innocent.

Britain’s Got Computer Talent.

On Monday the 26th July 2010 the UK Minister for Security Declares Cyber Security Challenge UK Open.

The Cyber Security Challenge is a series of national online games and competitions that will test the cyber security abilities of individuals and teams from every walk of life. It is designed to excite and inspire anyone considering a career in the cyber security industry.

The Challenge will identify talented individuals capable of becoming part of the UK’s cyber security profession now and in the future.

Why should I participate?

Participation in the Challenge offers three fantastic opportunities:

  1. The Challenge will award more than 30 superb prizes. These will include:
    • Places on the Detica Academy
    • Funded or part-funded places for masters-level university security courses
    • Funded security courses provided by SANS Institute.
    • Memberships of trade bodies and professional associations
    • Professional mentoring sessions
    • Time on the CREST penetration test rig
    • Delegate passes to industry conferences
    • An internship at one of the UK’s premier security companies
    • Prizes will be allocated based on individuals’ ambitions and the stage they are at in their career.
  2. The Challenge will provide participants with the opportunity to use world-class technology and facilities that would otherwise be inaccessible.
  3. It will also provide a way for individuals to meet with, work with, and learn from some of the UK’s most prominent organisations in cyber security, education and politics.
    Those who demonstrate excellent levels of skill and talent will be exposed to potential employers who will look favourably on anyone who can perform well throughout the Challenge.
  4. The Challenge offers an opportunity for all participants to publicly demonstrate their cyber security skills and build their reputation with peers and potential employers as the UK’s most talented security experts.

The first challenge to get yourself started with is up here

Get playing!.

Hackers 1 : Network Admin 0

I forget exactly when this incident happened. I do remember it was towards the end of the University season (either the year end, or midway). It was in my second to last year in University, and everyone was rushing about trying to finish papers, coursework and get everything handed in on time.

Of course the Lords of Chaos were out in force, and the Universities Network was down, and had been for about a week, people were seriously starting to panic.  The network at the time was Windows 95 running of a Novell network. Now somehow (no info was ever posted) the windows image had become corrupted.  You could log onto the network, and it would copy the global copy of windows to your workstation ok, only winsock, and several other network important files/libs were corrupt meaning windows could not talk to the network.  This had a knock-on problem of all the program files & user data were stored on network drives.  Basically you were left with a corrupt and damaged version of windows that was of no use to anyone.

Now some of the computer labs had computers that also had local copies of windows on them, for specific software/applications. Unfortunately these were not set up to use the network, or the internet, in fact they had been set up specifically to be unable to use the network. (for security and to help prevent the pirating of specialised software)

After a few days of no net-access a friend and myself got fed up and decided to do something about it. We found one of the small labs with local copy windows machines, and using some of the libraries off the corrupt net-work versions, plus manually rewriting sever config files we were able to get two machines fully running on the uni’s network, and hence the internet. So there we were happily using the internet to plan the weekends fun when a Lecturer wandered into the lab.

“What are you guys doing in here?”

“err, just finishing some coursework to email in”

“What, do you think I’m stupid? The network is down”

I pointed at my screen and invited her to come look, pointing at a couple of websites to show it was working, and pointed out since we were desperate to finish our coursework we “fixed” the two machines we were using. She looked thoughtful for a while, then asked could we do the same to all the others in the lab, since she had an important lesson that afternoon that she had already put off once due to the broken network.

It was another week and a half before they fixed the network and all the universities computers were usable. But for that week and a half there was one small computer lab that was fully functional, and its location was spread about like a secret. After all, if everyone knew about it, you’d never get a free computer.

I like to think we helped a few people be a little less stressed in the run up to exams.

Reclaiming the word Hacker

As The Next HOPE draws near I figured now would be an appropriate time for me to say a few words about the misappropriation of the term “Hacker“. To quote Randal from Clerks II. “I’m taking it back

How often do you seen mention these days like :-

  • “Hacker steals hundreds of credit card details” (Hello, that’s not Hacking its credit card fraud).
  • “Hacker defaces ****’s website” (Try Vandalism not Hacking.)
  • “Hacker steals companies data to sell” (Try Industrial Espionage)

Yes there are people out there that do illegal things, a lot of them can be described as Skript Kiddies, crackers, thieves, vandal, humans. Yes there are Hackers that do illegal things, but that does not mean all Hackers do. There was a case in the UK a few years ago of a doctor who killed hundreds of his patients, does that make all doctors mass murderers?

Wikipedia describes the origin of the term Hack as thus :-

The term “hack” was first used by US university computing centre staff in the mid-1960s. The context determined whether the complimentary or derogatory meanings were implied. Phrases such as “ugly hack” or “quick hack” generally referred to the latter meaning; phrases such as “cool hack” or “neat hack”, to the former. In modern computer programming, a “hack” can refer to a solution or method which functions correctly but which is “ugly” in its concept, which works outside the accepted structures and norms of the environment, or which is not easily extendible or maintainable. The programmer keeps beating on it until a solution is found.

In a similar vein, a “hack” may refer to works outside of computer programming. For example, a math hack means a clever solution to a mathematical problem. The GNU General Public License has been described as a copyright hack because it cleverly uses the copyright laws for a purpose the lawmakers did not foresee. All of these uses now also seem to be spreading beyond MIT as well.

The term should be kept as it was originally intended, to describe those people who are curious about how things work, whether it be computers, networks, phones, electronics, maths, whatever. People who find ways to use things in ways that was not in the original specification. We used to cherish these people as innovators, explorers, etc. (Well apart from the early days when the church would burn them as heretics). We should go back to using “Hacker” as a positive description, and just call criminals “Criminals”.  So Media People pay attention, I’m taking the word Hackers back.

To aid in the takeback, I will be posting a series of old Hacks, & examples of Hacking. None of them Illegal, none that caused Harm, Injury, disfigurement. There may have been some upset caused by some, but only in a “How come he can do that? why cant I? It’s not Fair”. They are all just examples of someone being curious, someone using things for more than they were designed for, someone helping others thanks to his playing.