Somebody is destined for somewhere hot, and definitely not Coventry

Praise be for Firewalls


Who, Me? Welcome to Who, Me?, where hallowed ground gets trampled as a reader inadvertently cleans up the collective act of the senior staff.

Our story, told to us by "Susan" takes us back a quarter of a century to her time working for a well-known seller of mortgages in the UK (a firm that, for reasons that will become clear, will remain anonymous.)

Susan was ostensibly employed as a Visual Basic 6 and Microsoft SQL Server developer, as – let's face it – an awful lot of us were back then. Client/Server was where it was at, and Cloud Native was yet to trouble administrators.

Susan also had what she described as "a few years' experience as [a] Novell Netware / UNIX / Network engineer" under her belt, and so when the firm got in some new firewall software, it fell to her to set it up.

Hard though it may be for the internet users of today to understand, many companies lacked such basic security measures in those earlier times and often simply connected their network to the web, believing that everyone online was lovely and lacked ill intent. Happy days.

"The firewall," she said, "came provided with several standard rules, one of which was obviously a pr0n filter, another was one to prevent CVs leaving via email."

She also noted that the entire board was comprised by devout members of the same, occasionally strict, religion. "I'm not having a pop," she said, explaining that she too numbered among its ranks.

This fact became significant when the firewall was switched on. "The firewall logs," she said, "showed that every board member had been blocked from accessing sites that offered…" what we can only describe as people purporting to be of a rival religious order getting very friendly with each other.

Susan was a little more specific, but we'll draw a discreet veil over the grim details.

Suffice to say, we're pretty sure there are rules in several instruction manuals for deity-botherers against this sort of thing.

We asked Susan what became of the executives caught viewing such unsavoury and possibly blasphemous material. A trip to the kerb with a cardboard box of belongings? A stern talking to by HR? Or perhaps IT simply turned a blind eye to the bosses' peccadillos?

"The latter for sure," Susan laughed, "but we plebs had a good laugh!"

The fountain of filth aside, the newly implemented and ill-thought-out Firewall also took a very literal approach to the CV blocker rule. This was, after all, nearly a quarter of a century ago and, while the consultants of today might charge a fortune for an algorithm that could identify what looked like a curriculum vitae, back then a belt-and-braces approach was taken. Got the text "CV" in your email? Then it ain't being sent.

Great for catching staff silly enough to apply for jobs with the corporate email. Not so good for confirmation postal addresses when a customer had a Coventry postcode.

"Not a good look for a mortgage firm!" exclaimed Susan.

Firewalls were a source of constant amusement when they began to proliferate, occasionally causing flushed user cheeks and the odd trip to the HR office. What unexpected consequences has your fiddling with the network had? Tell all with an email to Who, Me? ®

Similar topics

Broader topics


Other stories you might like

  • Verizon: Ransomware sees biggest jump in five years
    We're only here for DBIRs

    The cybersecurity landscape continues to expand and evolve rapidly, fueled in large part by the cat-and-mouse game between miscreants trying to get into corporate IT environments and those hired by enterprises and security vendors to keep them out.

    Despite all that, Verizon's annual security breach report is again showing that there are constants in the field, including that ransomware continues to be a fast-growing threat and that the "human element" still plays a central role in most security breaches, whether it's through social engineering, bad decisions, or similar.

    According to the US carrier's 2022 Data Breach Investigations Report (DBIR) released this week [PDF], ransomware accounted for 25 percent of the observed security incidents that occurred between November 1, 2020, and October 31, 2021, and was present in 70 percent of all malware infections. Ransomware outbreaks increased 13 percent year-over-year, a larger increase than the previous five years combined.

    Continue reading
  • Slack-for-engineers Mattermost on open source and data sovereignty
    Control and access are becoming a hot button for orgs

    Interview "It's our data, it's our intellectual property. Being able to migrate it out those systems is near impossible... It was a real frustration for us."

    These were the words of communication and collaboration platform Mattermost's founder and CTO, Corey Hulen, speaking to The Register about open source, sovereignty and audio bridges.

    "Some of the history of Mattermost is exactly that problem," says Hulen of the issue of closed source software. "We were using proprietary tools – we were not a collaboration platform before, we were a games company before – [and] we were extremely frustrated because we couldn't get our intellectual property out of those systems..."

    Continue reading
  • UK government having hard time complying with its own IR35 tax rules
    This shouldn't come as much of a surprise if you've been reading the headlines at all

    Government departments are guilty of high levels of non-compliance with the UK's off-payroll tax regime, according to a report by MPs.

    Difficulties meeting the IR35 rules, which apply to many IT contractors, in central government reflect poor implementation by Her Majesty's Revenue & Customs (HMRC) and other government bodies, the Public Accounts Committee (PAC) said.

    "Central government is spending hundreds of millions of pounds to cover tax owed for individuals wrongly assessed as self-employed. Government departments and agencies owed, or expected to owe, HMRC £263 million in 2020–21 due to incorrect administration of the rules," the report said.

    Continue reading
  • Internet went offline in Pakistan as protestors marched for ousted prime minister
    Two hour outage 'consistent with an intentional disruption to service' said NetBlocks

    Internet interruption-watcher NetBlocks has reported internet outages across Pakistan on Wednesday, perhaps timed to coincide with large public protests over the ousting of Prime Minister Imran Khan.

    The watchdog organisation asserted that outages started after 5:00PM and lasted for about two hours. NetBlocks referred to them as “consistent with an intentional disruption to service.”

    Continue reading
  • Suspected phishing email crime boss cuffed in Nigeria
    Interpol, cops swoop with intel from cybersecurity bods

    Interpol and cops in Africa have arrested a Nigerian man suspected of running a multi-continent cybercrime ring that specialized in phishing emails targeting businesses.

    His alleged operation was responsible for so-called business email compromise (BEC), a mix of fraud and social engineering in which staff at targeted companies are hoodwinked into, for example, wiring funds to scammers or sending out sensitive information. This can be done by sending messages that impersonate executives or suppliers, with instructions on where to send payments or data, sometimes by breaking into an employee's work email account to do so.

    The 37-year-old's detention is part of a year-long, counter-BEC initiative code-named Operation Delilah that involved international law enforcement, and started with intelligence from cybersecurity companies Group-IB, Palo Alto Networks Unit 42, and Trend Micro.

    Continue reading

Biting the hand that feeds IT © 1998–2022