I like outside email as much as the next guy. It’s how we work with people. Lately, however, some weird email has been slipping through our filter at work. For example, I received this mass email in my box this morning:
I am Mrs. Emily L. Brocksopp from the United Kingdom. What I am about to do is based on blind trust, hoping and praying that you will expand my wishes as desired. I will want you to help execute my WILL (£25.5 Million) for the orphans & less privilege around the world as I am not medically fit anymore.
Contact me for more details if interested.
Thanks and God bless.
Mrs. Emily L. Brocksopp.
Private Email: firstname.lastname@example.org
OMG! Poor Mrs. Bocksopp! However shall her millions reach the poor and downtrodden?!?! Now everyone in my company knows of her sad situation!
I poked around a little and found some disturbing stuff. So I wrote to the LAN Admininstrator Brian (a rather old dude down on the second floor) who is supposed to be maintaining the spam filter for our internal email server.
Everyone in the company received the email I attached below. I suspect that it somehow defeated your spam filter, perhaps in a network knife fight. Could you please take a look and make sure the filter is updated on a daily basis.
Otherwise poor Mrs. Brocksopp’s personal problems are going to reach that one person who will respond with their personal details and/or possible important company information.
Of course, not 15 minutes later, and Brian writes back:
I saw the email, too. I’m not sure how it’s getting past the filter since I just recently updated the filter by hand on Friday. I get updates to the security threats our company might be privvy to and I always update the filter immediately.
I’ll take care of it ASAP. Please don’t respond to the email. Tell everyone you know not to respond to the email. Thank you.
Uh, what? Two things immediately make me beat my head on the desk –
1. He updates the email filter by hand???
2. As he has not sent out a mass email reminding everyone to ignore the spam/phishing email, he expects me now to do it. For nine departments with over 2000+ people. It’s totally on now. I must act to save our networks from this act of villainy!
I know what kind of filter software we’re using, since I can easily access it internally from the shell. You do know this thing has an automatic update feature from the vendor, right? That it costs NOTHING to let it update on its own every day? And you can tell it specifically what to block and not block?
Also, looking at the way you block websites on our server – why are you blocking it by URL? Shouldn’t you be blocking it by IP address using the security software installed, instead, so no one can actually get around the windows /etc/ file? How are you getting that to work? That’s the only thing I see referencing the sites blocked on our network at this time.
Just a thought.
10 minutes later, network genius Brian writes back:
I can’t find the function that allows the filter to update itself. I’m also not sure how you are accessing the shell, since that’s locked to non-devs. Also, no one can get around the website filter. I made sure of that.
Hahahaha, silly Lan Admin Guy. Where did you go to school? Moron University?
You haven’t locked the shell to non-devs. Look at screencap 1 that I provided below. Clearly, I am in ur shell killin ur processes. I used SSH to get in there. You can access the SSH client from Start > Run. From there, I can basically view everything on the server and then acces it from there.
I have also provided screenshot 2 showing you the box you can click to auto-update the filter instead of doing it by hand. Just click the box, and hit save. You know what? I’ll do it for you. Done. Saved across the entire server. Because you haven’t set the permissions of who can affect the entire server. Ta-da!
Finally, I can easily get around your URL filter attempt by going to a proxy server and accessing a banned site. Or by using the IP address instead of the URL. Let’s see … how about youporn? There – take a look at screenshot 3. There’s YouPorn right there. That was one on your “website filter” aka retarded workaround because you are lazy.
I’m not sure how Brian is going to react to the screenshots, but I think I got his attention. 20 minutes later …
WTF are you doing? How the fuck did you get into the shell? I have the option set to not allow NON-DEVS into the shell! Second, I don’t trust the vendor to update our spam filter for email, so I’m going to shut the auto-update off. It takes me 4 hours twice a week to keep it adequately updated, and I don’t want to jeopardize that work.
Finally, since you have access to the shell, you’re probably disabling my URL blocker. Even through a proxy server, you shouldn’t be able to view that site. My method is not lazy – you’re just stupid. You are now entering dangerous territory, friend. I will have to inform my supervisors that you are hacking our network.
Uh, what? I am not hacking anything. I’m using the basic tools used to access the shell through the Start > Run > SSH option. Now I’m getting to the truth of the problem – he’s creating work so he looks busy, because he’s too lazy to do anything else. 8 hours of updating a filter? That’s just bullshit. He’s probably not doing ANYTHING during those 8 hours but surfing 4Chan via a proxy server.
Also, his shitty little workaround using the /etc/hosts is bad. I’m not sure how he got it to work in the first place, but now he’s LYING about the proxy/IP access. Let me fix that, send a few important emails with the chain attached and call a few people …
I know you are a wizard, because now you are talking magic! I bow down to your magical networking powers, since they are almighty! You are the Chosen One. You will save electronic Hogwarts from the evil hacker Souleaters! Hahahaha.
I have already talked to my supervisor and your supervisor regarding the problems I see in our network. I have turned the auto-update back ON, because I don’t want any more sob stories from Mrs. Brocksopp that might make me cry during lunch.
I have also replaced your /etc/hosts method by turning on the Ironport monitor/blocker that was installed on our server. I have also downloaded the most current IP blacklist to the tool so it will not let me surf YouPorn even on a proxy network (by blocking 90% of the proxy networks like hidemyass.com and wujie.net).
I also set permissions on the server to block nearly everyone’s access to the shell and the programs running on the box. Everyone – save you and I – have read-only access to important functions. No one can write/execute/delete anything save you and me. That should prevent any further abuses. I’ll keep my access until I get confirmation – in the form of a nine page essay – that you know what you are doing.
You can send me a check later when you get a chance for doing all that for you. I’ll also accept an written apology for you insulting me. Anytime will be fine. I’ll just watch my email box.
At 11 am, I get this email –
Fuck you, man. I don’t believe that you know WTF you are talking about. What the fuck are permissions? And go ahead and call my boss – I’ll show him the image of you surfing YouPorn on a work machine. I also shut the auto-update off again … DO NOT TOUCH THE FILTER AGAIN OR I WILL FUCK YOUR ACCOUNT. Jesus, you engineers think you know every god damn thing.
LOL. He’ll fuck my account oh teh noes! Wait for it … wait for it …
Thanks for the heads-up. Brian is no longer working for us, and I’m putting Charles on the job. You were right – he had no idea what he was doing and put our network at risk. Lying to us and putting our clients at risk is a one-strike offense. Charles may contact you to get the details of what you enabled, but I think we’re good now.
If you notice any other violations or issues, let Charles know – he’ll work with you to get them resolved.
Director, Network Services
Thank you. Brian led me to think that somehow he had manifested magical powers and could control the entire network with his wand. It was touch and go there for a second, but I’m glad I could prove his heresy.
I’ll let Charles know if I find any future wizardry going on in the servers.