Don't look too closely at what is seeping out of the big Dutch pipe Welcome to Who, Me?, The Register's weekly confessional of sins, smut and surfing from the seemingly infinite pool of reader misdeeds. Today's tale is a timely one, coming as the UK government finally threw in the towel, or box of tissues, on its dreams of shutting off the porn pipe. It is perhaps more a "Yes, You!" than a " …
PC security wasn't all that great back in those days, so our approach was to warn users to "Please change your password, because someone else may have access to your PC, as we've seen a lot of activity on xxxx.com". The realisation (even though we'd told them this more than once) that we could see exactly which sites they were visiting was usually enough to put a stop to it.
Before my final university year, I spent the summer on a foreign exchange project at a Czech university. My only previous experience of the Internet was painfully slow home dial-up, or a not-that-fast University connection shared between the few hundred IT, Science, and Engineering faculty and students (this was before the days when every Tom, Dick and Harry on Campus had Internet access, or indeed even knew what the Internet was). The professor I was working with guided me to a computer lab and left me to my devices where I discovered that I was one of probably a dozen people in the university over the summer and the internet was blindingly fast.
I proceeded to heavily indulge in the Internet's second driver of online video - sports - and downloaded a fledgling online sports site's entire available archive of football videos for my favourite team. The quality was terrible (something like 320 X 240 IIRC), but the amazement of being to not only access the files but actually download* them in seconds rather than hours was profound. Happy Days :)
*This was still in the days when playing video directly in the browser was unheard of
I set up a similar system at I site I was responsible for and discovered that somebody, presumably very kinky, was making lots of visits to www.rubbermaid.com.
I sent round a company wide email, reminding everyone that internet usage was monitored, and visiting dodgy sites would lead to disciplinary action, up to and including the sack.
I later visited the website myself, for research purposes, only to discover that it was a legitimate site that sells things such as rubber mats, waste bins and all sorts of cleaning products! The lad working in the admin office who had been researching dogging, however, did not convince me that the sites he had been visiting had a legitimate business purpose.
When I was at college, I worked evenings and weekends at Tesco as a stock counter. My route included counting all the Rubbermaid stuff.
More devastating was an employee who got so bored and pissed off, that he took a pair of garden shears and decapitated all of the Barbie dolls in the warehouse!
Or the time a group of counters played cricket with mugs!
I once discovered that the owner of the company I worked for was using my PC to look for porn. I, too, had set up a Squid proxy not only to cache sites but to block ads for all computers and porn for all but the one the owner used (I didn't think it a good idea to tell him what he couldn't do with equipment he owned).
He probably was using mine as it was the only PC with speakers hooked up and, since porn was blocked on my PC, was probably dissatisfied. This was also a very small company (6 people) so I was in a bit of a quandary over what to do about it. I really didn't care if he got his jollys that way but I also didn't want to get dragged into any stupid shit he might get caught up in. No HR department or ethics hotline like in big companies. My solution was to bring in an old pair of speakers from home so he could listen to the moaning on his PC.
Yep, it's a legit US company.
There was one other company (can't remember the name of it off hand, and there's no way I'm going to go and look for it whilst at work) that had an ordinary sounding name for ranching or horse care; turns out it was a BDSM implement dealer (harnesses and... other implements used therein...)
Many moons ago I was the only vaguely computer literate person in my University department and had a Sun workstation (of a lowly kind - 3/60 with 327Meg disk drive) for doing some simulation work. I remember reading the manuals (you got a whole wall-full of them from Sun) and discovering that the ethernet interface could be set to something called 'promiscuous mode'. With the addition of a little script I soon had the logins and passwords of everyone in then building. I never did anything with them, but the feeling of power was terrific.
Posting as a/c as I still have professional contact with said institution.
I once worked for a very, very conservative outfit. Shirt-and-tie type of place. Cussing would land one straight in the HR-office - and maybe return to one's desk if lucky.
We had great fun making references to promiscuous mode in meetings that included people from outside the IT-department... ;-)
And daemons, once we got a few Linux boxes.
But nothing was as awkward as having the proxy servers alert us to the presence of verbiage for blue pills on one of the VP's blog. Turns out his WP-install had been hacked and now included interesting ads at the bottom of every page...
... but threw that web site in the "slow" bucket instead.
Very similar story, but that user only made it to the top 5, so we started:
1. whitelisting sites we actually needed for business purposes and giving those the full whopping 1mbps speed of our "professional" internet pipe.
2. blacklisting sites we definitely did not need and giving those modem speed.
3. Anything else fell into the "greylist" that got half-decent speed.
4. Created a policy document explaining which sites were on the whitelist and had everyone sign that document that they understood that internet at work was for business purposes only.
The problem went away overnight.
Why we never told anyone, you ask?
Posted anonymously because the user was the HR Director, a married man with a child and watching gay pr0n after office hours...
P.S. Only two people ever knew: the engineer who stumbled across this and his IT Manager.
P.P.S. if said HR director would read this: we were just embarrassed about finding out and you were the best HR we've ever had and we've never talked about this incident ever since.
After office hours and good at HR? I'd call that a "No harm no foul".
Slightly off-topic: I've known enough guys who were "happily" married with children and closet gay. They had enough problems already. The lucky ones (in the end at least) were those, that bit the bullet and came out.
Yep, I've also discovered coworkers who were ostensably happily married men who were either trying to consume gay pr0n at work or had signed up to gay dating sites using work email. These were managed without those employees knowing that I knew.
I think you'd have to be pretty evil to do anythign else.
I'd say the lucky ones were bi, not gay or straight*, and had understanding partners. Not everyone gets upset by non-monogamy, or their partner having fantasies they don't act on.
* I've encountered happily gay-married people who did the same thing with straight porn.
"All 3 have been married to men previously and have children by them.
what does that say?"
That it's the 21st century and being anything other than straight is still stigmatized by enough people that it can seem easier to repress your sexuality than to actually "come out"...
This is something thats changing, unfortunatly it's just happening very slowly.
"being anything other than straight is still stigmatized"
Being monosexual - that is, exclusively gay or straight - seems less stigmatized, or at least easier for people to get their heads around, than bi- or pan-sexualism. Bi people don't become hetero or gay when they're in a monogamous relationship, any more than straight or gay people stop feeling attraction to people of the same gender as their partner.
Not that I disagree about the pressure to hide their sexuality that many people feel.
This post has been deleted by its author
You can't log what they can't get to.
Wish I'd thought of this when I was getting stupid requests for a report on "dodgy sites" that were being accessed so a committee could ban them and look good.
Stupid ***ing management. If I knew it needed blocking it was blocked.
... but threw that web site in the "slow" bucket instead.
Did that with streaming media back in the day - we were on a reasonably-OK frame relay (packet-switched - hence charging by the MB as well as for the line itself) but just one person could flood it by listening to a streaming version of one of the BBC Radio channels (I seem to recall Radio 1). It also more than doubled our bandwidth charge for two months running.
When a polite "please don't do that because it costs us money and drastically slows down everything else going through that pipe so how about getting a physical radio?" didn't work I jumped on the Packeteer (I *loved* that appliance) and rate-limited RTSP data to 1k/minute. Which meant that he would get a burst of radio for about 2 seconds, then a really long pause and then another burst as the local buffer had filled up..
He got the hint.
My Napster habit though.. strangely enough, that never got blocked.. (and I bought an awful lot of music as the end result - grab something via napster and, if I liked it, buy lots of CDs. Quite a few of the bands I follow today I heard first via that method). I also made sure that I did it largely out of hours so that it didn't affect others.
Ah yes. Client with an on-demand dial-up ISDN connection used for email to a local server only. Nobody was to have Web access except a few managers. Was going fine until they suddenly got an absolutely massive phone bill. It seems one of the mangers had discovered the BBC radio streaming. This was the point we put in a squid proxy and filter, too.
Late '90s I was Sys Admin for the first time in my first Dutch job, and the manager was complaining about huge ISDN bills.
It was tricky because laws and attitudes are different there, virtually everyone was downloading porn that often would've been illegal in the UK, plus the previous sleazebag had set a huge cache so a quarter of the servers disk was smut. However the bills were at night, someone calling in to surf porn. I was new in the job and had more important things to get sorted so I just let it slip to the work gossip that I was watching what they were watching. It made me incredibly unpopular but the problem stopped instantly.
Ah Packeteer's PacketShaper appliances were the nuts! I loved them too. I remember being impressed by the fail-safe failure mode where the appliance just basically turned into an RJ45 connector.
Just Googled and now it's all owned by Symantec (via Blue Coat) so that's sad :(
I used to work for a company whose name rhymed with "Pays", back in the 90's.
(part of a group that rhymed with "BUS").
One of the senior staff have a full satellite system installed in his 5th floor quite, ostensibly to monitor adverts for out European subsidiaries and rivals.
Nah.
Red Hot Dutch; and he video-taped everything, keeping it in a cupboard in his office.
My first role was in 2nd line support in the late nineties. The company in question had invested in mobile phones that you could connect to the laptops for dial up access on the go - mostly for the sales force to connect to the lotus notes based sales system (connect, replicate, disconnect - I loved Lotus Notes), but also for some of the senior execs.
Helpdesk had been speaking to one user about some trouble dialling up from his mobile and couldn't diagnose it over the phone so it was dropped off at my desk. I fixed it (probably some driver issue, can't really remember) and opened the internet browser to do some testing, thinking I would click on Favourites to pick a couple of websites that the user has to ensure that it works. As a niave 21 year old I never realised that Nylon Fetish was a thing - my first exposure to the maxim that if you have a thing, there is probably a website for it. Hastily closed the browser and spoke to my boss about what to do. Turned out the user was the global head of Legal, and was advised by my boss to delete the favourites and forget all about what I'd seen. Wise words I suspect.
This was also decades ago, when home download speeds were poor but a few workplaces had OK connections.
Told about it by our boss (IT team involved in monitoring usage nothing to do with our team, IT team sent it straight to HR and so it was a straight dismissal offence) - coworker had set up software to download stuff out of hours - so only thing to be said in his defence was it did not hammer connection usage during normal hours, but a stupid thing to do as lots of clauses in contract about internet access misuse, should have someone would monitor it being a tech guy.
Never got to find details so guessing he went via a VPN / some form of http tunneling as the pr0n content was found on his machine rather than a list of urls (but any non work related internet use was banned back then as bandwidth was low by modern standards and very expensive)
the "AudioGalaxy" mp3 piratey thing had a great setup for this.
You could install it at work where the speedy internet was ,
and then install a sort of front end to controle it on home pc , then arrive at work to find all your downloading done , ready to be taken home on old hard drives.
When I worked for an investment bank late 90's into 2001, finally ended up in web support team. We had regularly updated blacklists from external vendors.
We also had to check whether the block filters were working correctly (paid to look up porn sites!), a few unsavoury things and the browser window went to the bottom of the screen so could see whether our block page was working correctly.
We also had a grad in our team, whilst adding things to blocklists which weren't supplied, the males in team had a success rate of about 10-15% in guessing web site names, she (yup, she), had a success rate approaching 90%
Our grad also had an uncanny ability of locating "stuff" people had stored on our their home drives on our fileservers - we were also having aggro with the amount of stuff stored on file servers including videos, music and pictures. The virus, which I forget the name of, that zeroed media files was a godsend, especially when users asked for files to be restored which invariably had a response of "please provide the business justification for madonna's greatest hits?", oddly there wasn't one.
When dodgy material was located we generally asked those people to "make those files disappear in the next 5 minutes"
I used to work at PC World, and we had our resident Porn Hunter. I believe every store had one.
Family would come in with a computer that wasn't working properly. Teenage son looking a little squirmy at the back. Our Porn Hunter (name started with an F) would get that look in his eye. Would only ever take him 5 minutes to find it all. If I remember correctly he'd copy it and take it home - waste not, want not, you know? After all, these were the days before 56k dialup. Wouldn't delete it unless it was the thing causing the problem.
Glad to have never seen a Packard Bell since. Or a WinModem.
Ah yes... Working at a small computer company, we had a computer come in once for repair or upgrade, I forget which. We normally only dealt with business machines and accounts systems, but this was a machine we'd sold the MD of one of our bigger customers for his home. Turned out it was his son's. It was during a transfer of files to new drive we found the kiddy porn.. Bounced that one up to our own MD.. I gather the end result was the machine was returned with no files copied. Sadly, I don't know how the conversations with the customer went. I was all for reporting it, but was overruled.
A/c as both companies are still in business.
"A/c as both companies are still in business."
In which case, I strongly encourage you to report it, even anonymously with as much information as you can. If you don't work there any more then just do it. I could never live with myself knowing I'd caught someone consuming that kind of material and not done anything about it.
worked for major computer repair company - had customer go to jail after his puter was found to be stuffed with illegal porn - couldn't call the cops fast enough. And he might still be getting away with it had he not mentioned that something wasn't running right and could they please scan his system while we were adding the new hard drive. It's the law; you find, you report or you are criminally liable.
In this italian dominated global company (9+ bUSD turnover), the usual Squid/SquidGuard setup was deployed at all HTTP gateways, with mandatory auth etc ...
This was early 2000s.
Of course, from time to time, a new pr0n site would emerge, rocket up all the way to the top 5 bandwidth consumer, before a colleague would black list it entirely.
There is one site however, he could never, ever blacklist, from the top 5: https://www.gazzetta.it/ (SFW), aka the major sport site in Italy. Any time he would touch it, a major rocket would fuse instantly to the (italian) CIO, or, more appropriately, what poor remains of human would serve as an ersatz for the role, coming down via manglement's order to re-instate the magic slide IMMEDIATELY.
Appaling but sadly true.
The thing to do in such circumstances is to ask oneself what BOFH would do.
In this case, gradually limit the bandwidth available over period of a couple of months. When the complaint eventually arrived the usual BOFH/PFY good cop/bad cop/worse cop routine would explain that it must be because our internet connection is getting very congested these days and we really need a much bigger pipe and suggesting a contract with a new comms supplier they've just heard of.
In the late 90's I took over managing a collection of test bed PCs, and after noticing that the lights on the test-beds network switch were flickering even when not in use, I decided to investigate.
I found to my amazement that one of the servers was hosting a porn pay-site and had an astounding 4.5Gb of JPGs on it's disks. Now, I could have dobbed in my predecessor, or I could have left it running, but I decided to just f-disk/mbr, reinstall the PC, and pretend it never existed.
I would imagine he had to deal with some quite irate paid-up customers but I never heard a peep about it. Killing it made quite a difference to our internet access speeds as well.
Did I keep a copy of the JPGs? Might have :-)
Your predecessor may not even have known about it.
Back in the 90's, when things weren't secure by default, it was quite common for hackers to break into servers and setup porn or warez sites.
It happened a few times in a small company where I worked when developers had setup linux PCs or MSSQL servers for testing purposes, and within days the network would be crawling and the hard disks would be full of nasty stuff. The solution was for the IT department (me) to provide a formal testing infrastructure of properly configured test servers rather than letting the developers string it together themselves.
Company I once worked for was hosted at a really Mickey-Mouse datacenter. Next to 'our rack's were rack after rack of 'pizza-format' servers with a couple of consumer satellite receiver boxes placed on top of the server, each receiver programmed to a different channel.
A Netflix before Netflix, no doubt with more content and with no pesky regions!
Your predecessor may not even have known about it
I think I was born paranoid about data security - the first internet connection that I was responsible for getting fitted was in the mid-1990s (from memory - a 128K leased line from Pipex) had a Firewall-1 box sat on it between us and the outside world (on a Sparc box) and I was the designated firewall wrangler.
Theoretically, no-one could use it for external access (it was supposed to be for internet email only - as a gateway between our MS-Mail (shudder) system and proper email) but I seem to recall working out how to do it.
None of our standard desktops had TCP/IP (we were an IBM token-ring house) but I wangled/volunteered myself to test out various IP stacks - during which I managed to set my desktop IP address as an approved device for external access (for testing purposes only of course!). MInd you, there weren't that many interesting websites available back then, but plenty of telnet/WAIS/gopher sites.
I remember a nice Mac program from the mid '90s called Fetch. It was an FTP client which would find you shareware and the like and download it for you.
Remember when browsers had a special ftp mode and you had to type it in the address bar if you wanted to download stuff on your browser?
The company I worked for in the early 2000's as programmer/system manager downsized and my job got outsourced. A few months later, the SonicWall firewall burned out. The boss' new outsourced "IT experts" told him he didn't need it because the little SOHOpeless router they'd recently installed had a firewall.
A couple months after the SonicWall burned out, his network slowed to a crawl every afternoon. About six months after that, his new IT experts finally figured out the cause of the slowdown - Chinese hackers had taken over the server, using it as a spam email server.
"developers had setup linux PCs or MSSQL servers for testing purposes, and within days the network would be crawling and the hard disks would be full of nasty stuff"
How come the IT department made it possible for these servers to be reached from the outside in the first place?
a) You don't need a vulnerable server to be visible externally for it to get compromised - especially if you have little scrotes;/students on the inside.
b) Some places had the internet and no need of NATting well before we had firewalls. At least one Windows machine was installed, left on the network, and was compromised overnight.
I actually ran an IDS before I had a firewall (Firewall-1 on a Sun E250; damn thing wouldn't multithread the kernel module so we ended up downgrading to an FWSM module).
Sometime in the early 2000's I think. We pulled a server from a hosting company somewhere in London after they had repeatedly dropped the ball etc.
On getting the server back to the office [we jumped in a taxi to their site, unplugged it and legged it out the door] a cursory examination showed it was full of ripped DVD's of films etc. Interesting as it all it did was host a rather large website.
Now I know for a fact none of us did it [why ?] - turned out the "Admin" staff at the facility has used it for storage. That was quite useful as we were in dispute about the remaining bill.When presented with displays of the files, who created them according to the logs and dark threats of suing them [the organisation I worked for was 90% lawyers] they suddenly decided not to pursue payment.
There were so f***ing hopeless they couldn't even cover their tracks properly.
Anon so I don't embarrass my former colleague, who set up an anon r/w server on his Windows desktop for the purpose of receiving files from partners on a non-work open source project he was working on.
I became aware of it from the massive volumes of traffic to/from his IP address in the logs I was tasked with monitoring. FTPd in and found, amongst all the warez, myriad READMEs from the various malcontents who had uploaded and claimed ownership/scene kudos for the content. Turns out they were busy deleting/replacing each other's material and/or renaming it with their own handles.
Staff sacked after security sees 'suspect surfer' script of shame
At around the same time, I was working for a large manufacturing company and helped with their roll-out of internet for everyone – up until then it had only been available for us in the IT ivory tower.
We ran a big information campaign – email, posters, training courses on browser use, acceptable use policy, yadda yadda yadda. One of the things we stressed was that all access was logged by IT, with full details of sites, addresses, user ID, etc.
One of my tasks was to setup and manage a proxy server and produce weekly usage reports for the IT manager to peruse. Not long after we went live, a certain username and dodgy looking URL kept appearing in the reports. Being a conscientious sort, I followed the link and landed on a hardcore BDSM site.
I showed my boss the site and the username of the frequenter. He decided, as it was still early days, to send out an email to all staff, reminding them that IT were logging ALL their online activity. No change, the same name and site kept coming up in the reports. The boss sent an email directly to the culprit, warning of consequences if the activity continued. It did.
In a final attempt to fix the problem, before getting HR involved, my boss arranged a face-to-face meeting with the user. He never disclosed the details of their conversation, but when he returned from the meeting, me and the rest of the team were genuinely concerned for his health – his face was bright red and he was covered in sweat.
Apparently, the drop-dead-gorgeous, part time model, marketing assistant wasn’t phased in the slightest about her browsing habits being subject to scrutiny, and in fact complained that it wasn’t fair for her “stress relieving” internet activity to be restricted.
Shortly afterwards I was tasked with finding a more sophisticated proxy solution that could actually block sites, based on content.
There is a difference between 'active monitoring' and 'investigation'. Watching what employees are up to in realtime is surveillance which is legally a much harder thing to justify then investigating retrospecively the recorded browsing habits of an employee that has been fingered for some reason or other.
If you're a lazy barsteward that spends all day on the internet then it's very easy to justify having a look back at what you've been up to for the last few months.
Surveillance needs to be in compliance with RIPA (or RIPSA depending on your UK location) .
yeah but the OP said:
In countries where you're not allowed to monitor employees, what happens if it's discovered that the company's servers contain material that is actually illegal in that country?
Well surely even in enlightened countries like the UK , any company has the right to scan all their servers , monitor internet usage etc etc , as they provided the hard and software for work purposes only.
As evidenced by every anecdote in this thread and the usage policys of every company in the country.
Just about all with serious privacy legislation, so start with all 28 current EU members and another three EEA members. You can of course exclude the United Spies of America.
Pretty sure that isn't right. Work provided internet connection is provided to allow workers to complete their work related tasks. I just checked our internet usage and monitoring policy and it says:
IT will monitor Internet usage from all devices connected to the network to the extent permitted by law.
Privacy and confidentially of activity is not provided when using the network and you shouldn't expect it to be.
IANAL, but the people who wrote the policy are.
This is nonsense. There's nothing stopping you monitoring employees in the EU.
https://www.itgovernance.eu/blog/en/the-gdpr-can-your-organisation-monitor-employees-personal-communications
You may be confusing the rules on restricting and/or monitoring _personal_ messages (at work or in work devices) with rules on general monitoring.
Again in the 90s.... Working at a University as sysadmin and the drive for the webserver was filling up and I tracked it down to a directory full of soft porn jpegs, owned by one of the PhD students. Nuke the folder and put in a readme which said something like "who's been a naughty boy?". Couple of days later the folder was completely gone.
Thing is, he had a SPARC workstation on his desk with all the spare disk space as his home directory. If he'd filled that up I'd never have found it....
Back in the day, when disk space was a thing to brag about, we had a company presentation about the new Windows NT server with a positively Huge disk array of 2 GB; 'nuff to store the multiverse on, at least according to PowerPoint.
Having seen the paperwork for that very server sitting in the shared printer, I knew that IT had ordered a machine with a 5 GB disk array so of course after the presentation, one asks the IT-experts whether those 3 GB was lost to 'formatting' or what.
The answer was: 'No, those 3 GB is where the warez, music and movies will go. Here is your Free Membership Login and Password, Sir.'
----
The same place had a night shift who made TV-tables for their own on-line business, who eventually got busted after years of production.
It must have been 30 years back, I left the company in question in early 1990. So this is back before home Internet connections in the UK and before anyone had heard of the world wide web.
I was working for an IT vendor (who'll remain nameless) and when we got our first Internet connection connection we upgraded our USENET feed to taking everything the upstream servers (also inside the company) offered. One Monday morning I came into the office to find the spool disk was full, which was a shock, we'd been monitoring the growth and expected to have at least 6 months before we needed to do anything. Over the weekend alt.sex.pictures had been born.
Quick fix, add more disk space, there were also business useful stuff in the feed.
What to do about it though.
I talked it through with the manager, I wasn't funded to manage the feed, I wasn't really funded to manage the systems. Taking everything and turning a blind eye and going for the "common carrier" defence was attractive. Censoring it made sense at one level, but once you've censored one group where do you stop? Especially with alt groups on Usenet. A job that previously only took a few minutes a week on average could became a major time consumer as need to monitor for everything new make a decision discuss it with others and get approval. I think that in the end we decided we'd just space limit things, comp. groups and internal ones weren't limited other groups we capped in sizes across the board.
Who's looking at the group? Pretty much everyone seems to have.
Do you need to keep logs? No.
Then disable logging.
I think the boss also sent out a memo about not storing non-work related files on the system at work.
On the late 90s I was blessed as the "head systems administrator" for a local University. This, as said in previous posts, granted me possession of two very valuable PFYs per year, as learning interns. Looking for a way to alleviate the congestion on our pretty humble network connection, we set up a Squid proxy, a Snort Inline and shortly after we marveled at the possibilities of integrating DansGuardian into the mix. One of my PFYs rejoiced to punch in earlier than everyone just to peek through the log files and identify the main offenders among those who stayed late "working" (we had static IPs at the time).
Our main laugh would come not from the porn dwellers, but from those frantically trying to avoid the torrent content filters.
We even catched an earlier child porn trafficker. That alone granted us the Dean's support, even when a lot of the faculty considered us the " internet Nazis". The usual, automated answer would be "NO TORRENT FOR YOU!!!".
Posting AC because of the obvious legal implications.
Squid proxy is fun to have.
Found curvycastle.com during a trawl of the logs after implementing a Squid proxy.
Of course it got added to a blocklist, but funnily nobody complained.
Rest of the time it was left on its own to block NSFW sites, no need for me to babysit it. Good times.
If you want to have a full list of all sex sites, dissect Shalla's blacklist and trawl it. I'm not interested in having all those sex URL's permanently encoded within my brain, so I never did.
I used to do my bit to help the department by fixing paper jams and putting more paper in to the printer. After fixing one jam the printing restarted, and printed out a long list of hard core web sites. I took the list (with the cover sheet identifying the owner) to my manager. My manager handled it properly. Later he said that he spoke to the person who denied it was him who printed it out. My manager told the employee that we could give his laptop to the IT department to look at the browsing history. Suddenly the employee thought it was time to leave employment and take early retirement.
Not quite twenty but also many years ago, in one of the largest banks: we found a firewall with its default admin password unchanged. I can't recall if it was internet-facing or only DMZ but it surely was a sackable neglect. The admin responsible was a truly nice and professional guy and I never understood how this could happened. We decided not to investigate further and certainly not to report any of it and instead just gave to informal hint "please check the default password on device X, now." A few minutes later it was solved and someone got the adrenaline rush of his life and a very red face.
Our company had a technical training center, a separate building with six classrooms, each with sixteen desks with PCs, all with internet access. The internet access was a little unusual, in that the company normally restricted that to the computers of users who had a business need for it. I think many if the people in class saw it as something of a holiday. They were reporting to a different building, being treated to breakfast and lunch (the center had it's own cook, kitchen and cafe) and escaping their normal work.
We were asked to identify who was accessing porn sites from a particular IP address, which turned out to be from one if the classroom PCs. We were able to identify the user (salesman), but the class was over - so we just said no way to know.
We occasionally taught network monitoring classes there, and would look at traffic from the classroom PCs: interesting and an eye opener for new hires. But again, we turned a blind eye for what we saw during classes.
Years ago, the company I worked for was responsible for producing a commercial proxy server. We introduced a URL filtering feature that could filter on either text or block via a list of URL's. We gave the old part-time bloke that used to look after the PBX (and periodically make the tea) the job of going through the list and validating the content of prospective blocklists purchased. After six hours, he came out of his office with his eyes spinning and quit! I always did wonder what was on those lists! :)
Back in the pre-Y2K era where every website had a banner ad across the top of the page we would play a game called "6 clicks to p0rn." Basically the "Six degrees of Kevin Bacon" game but with banner ads. And p0rn. Start on any page, click on the banner ad. On the page that then came up, click on the banner ad - basically don't move the mouse, just click. The goal was to find a starting site that did NOT get you to p0rn within 6 clicks.
To my knowledge no one ever achieved that goal.
> To my knowledge no one ever achieved that goal.
Of course not - if someone had, we wouldn’t be here on El Reg to to discuss of mysteries of life, Universe and everything. The Universe would have been too surprised to remember (other) laws of physics and collapsed into singularity.*
Quite clever, albeit dangerous, game it was that you played.
* Less-than-6-clicks-to-porn event may have happened last time. Porn-industry-not-first-to-deploy-VR and privacy-conscious-on-line-advertisers are other possible explanations.
(well I wouldn't have wanted to stand up in court and guarantee I was correct) I investigated the identities of the two people having a vicious flame war on the anonymous internal forum - and discovered they were both the same person. That was my first introduction to quite how very weird the weird net user can be.
I was never actually accused of anything but knew I was being treated with suspicion and contempt in one '90s internet job that was being heavily monitored. For the life of me I couldn't figure out why, then I remembered. My best mate was working in Indonesia and we kept up to date over email. We'd filled out a silly intenet quiz, "How much of a sexual deviant are you?"
He was puzzled when I scored 22 out of 40 when he only scored 21, and couldn't figure out why. I knew, I'd been competitive and answered literally to try to score more than him. One question was, "Have you ever kissed a seven year old?", and he would've answered no where I answered yes. That must have set the Sys Admins alarm bells ringing. The thing is the only time I ever kissed a seven year old was when I was seven years old - and she initiated it.
My six and eight year old nephew and niece came up from London to Scotland, apparently just to play MarioKarts. I persuaded them to come out to climb a tree in the local woods as I did at their age.
My enthusiastic niece charged ahead with her dog, but my nephew changed his mind halfway there and started screaming and demanding to be allowed to go home. He was trying to run back to my parents house across a road, so I had to hang on to his arm while I called my niece back.
At which point several horrified families walked by.
To summarise, an old Scottish guy is dragging a young, screaming English boy into the woods. Not a good look.
Luckily my niece returned just in time and joyfully referred to me as Uncle Danny. My nephew got his way and we returned to play MarioKarts, and I doubt he ever climbed a tree.
I've worked in organisations with competent and possibly over zealous admins, although we all put it down to Web-sense, or web non-sense as the office termed it. I've also worked in IT environments where the office output is very much of interest to all intelligence agencies under the sun and the last thing you'd want available to anyone with a USB connection. I remember a senior engineer (infrastructure, civil) furious that there was unsecured access to all sorts of office data. I agreed with them. This was in another part of the world.
I've also worked on similar projects in the UK with similarly lax attitude to security on similar projects and still can't fathom why they outsourced all IT to subcontractors whom were not as zealous as I'd have appreciated as an employee.
For the same reasons as the furious engineer.
In the early noughties I worked on a minesite in the West Australian goldfields. A storage audit found a lot of porn including some disturbing stuff - hence the title - donkey.
The CEO tasked me with cataloging all porn found on the network along with the owner of each file. He threatened to fire the top ten offenders. We never found out if the top ten was in terms of quality or quantity as four of the top porn hoarders just happened to be senior management. The threat of firing was replaced by a sternly worded email to all staff regarding said porn.
We managed to recover about 500GB of space that week.
AC because I'd rather not be sued.
I receive the copyright infringement notices for our small University. When the identified culprit is a colleague, I inform them, but don't refer to their superior. So far, I have yet to see any repeated offender from a colleague, so there is no real need to make a fuzz about one mistake.
I remember when we put in a huge 2Mbps line all the way to India for a new office and all their network traffic came via the UK (apart from voice - that got you in trouble with the local Indian law!) - just once I thought I'd view the Internet traffic logs to see if they were doing much and I quickly closed that window - horrified by the URLs I saw fly by! I did report it but was told to just ignore it and don't look at their logs again...
I had an old school firend who worked at a UK game developer called Climax, cue the inevitable call in by my superiors as email and web monitoring had picked up traffic to their site, they ended up being the ones red faced when I asked if they had checked the site, of course not, and then showed them the reality of it being a legitimate company.
I used to frequent an engineering company's website, it was called DTK Engineering. One day I was at a colleague's desk when the subject of engineering supplies came up. I quickly typed in the URL, but made a mistake with confusing the .co.uk for .com. The resultant website - Dangerous To Know - was definately NSFW, so I hastily closed that browser session and started again with the correct URL.
(I've mentioned this before...)
Back in the mists of time, when the 'internet' for most people was dial-up, a colleague had taken his family to Disneyland and discovered that in the Epcot centre they had some demo internet terminals with big screens and a blisteringly fast (T1 possibly) connection.
He decided to show off his prowess by logging on to check his stock and shares back home (Gas and BT, thanks to Maggie). The site was called something like moneyworld.co.uk but he accidently typed .com instead and discovered the pr0n industries version of paypal!
"Quick, cover their eyes!... How do I turn it off?... How do I close it down?"
My head is so solidly full of pointless crap I frequently went to ripe.org instead of ripe.net when looking up owners of public ip addresses.
Having a page of what I believe is now referred to as 'GILF' porn appear made me better at remembering ripe.NET, I do still occasionally make the same mistake but thankfully ripe.org is now a page of SEO and other links so much less NSFW.
Years ago my senior mangler told me to get evidence of someone from Sales spending all day on FriendFace* so he could have her sacked. He described her in unflattering height/weight/intelligence terms so clearly a personal rather than professional reason.
Being my boss's boss I had to do as I was told so I did track her internet usage over a week, along with everyone else from the Sales Dept. He didn't like the fact she was the only one *not* spending all day on the site in that office. "Oh they must be updating the company page" was his answer.
She eventually left of her own free will and probably went somewhere that sees getting on with your work as an asset as opposed to a sacking offence.
Said Mangler was a lovely chap, tried recruiting a junior to work under me for much more than I was earning at the time and told me I wasn't worth the going rate when I queried it.
* from that wonderful documentary The IT Crowd but I'm sure you know which I mean
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
