Big IQ play from IT outsourcer: Can't create batch files if you can't save files. Of any kind

Be careful what you wish for


Who, Me? The end of a damp weekend (for the UK at least) heralds a new instalment in our ongoing series of Register reader confessions. Welcome back to Who, Me?

Today's story comes from a reader Regomised as "Alan" and concerns the time he was instrumental in the accidental near-shutdown of an entire department of Her Majesty's Government (HMG).

While our tale takes place some decades ago, we'll draw a discreet veil over the department concerned, suffice to say it had outsourced much of its IT services (desktops, servers, mainframes et al) to one of the big boys, as was the fad of the time (and remains so today).

Alan was working for the government in the role of IT Security Consultant. While dutifully reviewing the list of security requirements issued by the Powers That Be, he noted one that stated that DOS commands must not be available to users.

It all seemed to have been implemented as specified, but Alan was a curious chap. Was there another way of firing off a cheeky command or two?

"I had a thought," he said, "and booted up MS Word, and wrote the following text:"

dir | files.txt

Next, he simply saved the file as plain text and named it list.bat.

The batch file was simple stuff. Double-clicking list.bat fired it off. The operating system recognised it and dutifully ran it. The result was "a nice listing of the contents of the directory" in the freshly created files.txt

"This has proved useful for delivery of sets of documents to many customers since," he added.

It did, however, highlight a gaping hole in security. Alan had been able to get at the verboten commands via the medium of a common-or-garden batch file combined with the trusting nature of the OS of the time.

"I showed my work to my civil servant manager, the head of IT Security," Alan said, "pointing out that had I used the instruction command.com I would have obtained a command-line interface window allowing use of DOS commands directly."

We imagine that strong words were then had with the supplier of all things IT who, in a rare moment of efficiency, took rapid action.

Alan turned up for work the next day to find his account only had read-only access. He could not save any files anywhere. At all.

Neither could anyone else in the department for the rest of the day.

In order to stop naughty batch files from being created, the IT outsourcer had simply stopped the saving of any files, solving Alan's problem, but creating a huge swathe of new ones.

"There were," recalled Alan, "some forthright 'discussions' concerning what had actually been asked for versus what had been delivered.

"Moral: be careful what you wish for, and from whom you wish it."

Ever issued a smug "there, I fixed it" for one problem, only to create near limitless user pain? Or been on the receiving end of one of those IT "fixes"? Share your tale of woe with all at Who, Me? ®

Similar topics

Broader topics


Other stories you might like

  • September 16, 1992, was not a good day to be overly enthusiastic about your job
    If I get in early and work hard, everyone will notice, right?

    Who, Me? "The early bird trashes the business" is a saying that we've just made up, but could easily apply to the Register reader behind a currency calamity in today's episode of Who, Me?

    Our hero, Regomized as "Mike", was working as a "data entry operative" for a tourism company in 1992. The company ran bus tours to the then brand-new EuroDisney, parent company of Disneyland Paris (now the most visited theme park in Europe), which had opened earlier that year.

    Mike was an eager beaver, his youthful naivete having convinced him that if he worked extra hard, came in extra early, and kept the in-tray clear, then his efforts would be both noticed and rewarded with promotion and a bump in pay.

    Continue reading
  • An international incident or just some finger trouble at the console?
    All routers are equal, but some are more equal than others

    Who, Me? Welcome to an edition of Who, Me? where some configuration confusion left an entire nation cast adrift.

    Today's story is set in the early 2000s and comes from a reader Regomized as "Mikael" who was gainfully employed at a European ISP. The company had customers in multiple countries and Mikael's team was responsible for the international backbone.

    "Us senior network engineers were widely regarded as consummate professionals," he told us, before adding, "at least amongst ourselves."

    Continue reading
  • A discounting disaster averted at the expense of one's own employment
    I know what this process needs: Microsoft Access!

    Who, Me? A tale of discounts and process improvement via the magic of Excel, Access and a fair bit of electronic duct tape we imagine. Welcome to Who, Me?

    "James" is the Regomized reader of record today, and continues the theme of running the risk of doing a job just that little bit too well with an ancedote from the end of the last century involving his first job out of university, at a certain telecommunications giant.

    The job involved a process of calculating the discount received by big customers (the ones with multiple branches). "For the life of me I can't remember what the main DB was called," he told us, "but it was the old style green writing on a black screen that took forever to download the necessary data."

    Continue reading
  • In IT, no good deed ever goes unpunished
    When being helpful can mean being shown the door

    Who, Me? Going above and beyond in IT can sometimes lead to also going directly out of the door, as one Register reader found when discovering that sometimes efficiencies can be less than rewarding.

    A reader Regomised as "Will" told of us his days working at a now-defunct company that produced large telephone switches. In those days whenever a major software revision occurred, customers were expected to send in their configurations and Will's group would merge them into the latest and greatest. A new load would then be returned to the customers.

    It was not a fun process, not least because of constant hardware and software failures during the merge process. "When I first started, there was a constant grumble about how unreliable the machine used for the merging was," Will told us.

    Continue reading

Biting the hand that feeds IT © 1998–2022