State of Fear
Sep. 29th, 2006 11:31 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
andygatesI do web security for my hospital, which (in lieu of an actual policy) is a laissez-faire approach of logging everything and investigating when asked. Today, I was asked.
"I think someone's been using my computer," says the user, "There are entries for al Jazeera and all sorts of Middle Eastern sites in my History and it isn't me. And my cleaner... he looks, well, you know. Like he's from that part of the world."
I can guess what you're thinking already, but he'd logged a task and it's my job, so I hauled up his logs. We'll gloss over the bit where I explain that leaving his computer logged on and unlocked violates a scad of policies and that as a director he should know better and look, here's how you lock your PC while you go for a coffee or a meeting.
What do the logs show? Each morning and evening, around 7am and 6pm, someone goes onto MSN and BBC News. They go on again around 9pm. and on one day they check a local jobs site, and on another day they check - aha! Some sites with names like al-this and el-that. Let there be Google. Let's visit those sites. Let's not jump to conclusions.
Site one - a Libyan news site. Just a visit to the front page. Site two - a Libyan news site run in the UK by ex-pats to avoid Libyan government censorship. Again, just a front page visit. Site three - a dissident political site. The Libyans and the US consider it to be extremist. But soft, what page on yonder website breaks? It is a bunch of photos of a protest outside the London Coliseum. There's a Gadaffi costume with vampire fangs (some political coment hasn't changed since the 17th Century). Let there be Google: "gadaffi coliseum london" - ahh, now, there's the scary extremist terror plot: Future Sound Of London have a (bad) musical bio of Gadaffi, and there was a protest outside when it opened.
So, our scary cleaner is what? I'd put a tenner on him being a Libyan ex-pat who left at lest partly because of problems with the Gadaffi government, who works very extended hours in a crappy cleaning job, who is smart and literate enough to regularly use mail and news sites, and who keeps in touch with events back home - and who is looking for a better job than emptying the bins of a paranoid jerk. Yeah, a real terror threat.
O user, thou art unmanned by groundless fear.
"I think someone's been using my computer," says the user, "There are entries for al Jazeera and all sorts of Middle Eastern sites in my History and it isn't me. And my cleaner... he looks, well, you know. Like he's from that part of the world."
I can guess what you're thinking already, but he'd logged a task and it's my job, so I hauled up his logs. We'll gloss over the bit where I explain that leaving his computer logged on and unlocked violates a scad of policies and that as a director he should know better and look, here's how you lock your PC while you go for a coffee or a meeting.
What do the logs show? Each morning and evening, around 7am and 6pm, someone goes onto MSN and BBC News. They go on again around 9pm. and on one day they check a local jobs site, and on another day they check - aha! Some sites with names like al-this and el-that. Let there be Google. Let's visit those sites. Let's not jump to conclusions.
Site one - a Libyan news site. Just a visit to the front page. Site two - a Libyan news site run in the UK by ex-pats to avoid Libyan government censorship. Again, just a front page visit. Site three - a dissident political site. The Libyans and the US consider it to be extremist. But soft, what page on yonder website breaks? It is a bunch of photos of a protest outside the London Coliseum. There's a Gadaffi costume with vampire fangs (some political coment hasn't changed since the 17th Century). Let there be Google: "gadaffi coliseum london" - ahh, now, there's the scary extremist terror plot: Future Sound Of London have a (bad) musical bio of Gadaffi, and there was a protest outside when it opened.
So, our scary cleaner is what? I'd put a tenner on him being a Libyan ex-pat who left at lest partly because of problems with the Gadaffi government, who works very extended hours in a crappy cleaning job, who is smart and literate enough to regularly use mail and news sites, and who keeps in touch with events back home - and who is looking for a better job than emptying the bins of a paranoid jerk. Yeah, a real terror threat.
O user, thou art unmanned by groundless fear.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2006-10-02 07:41 am (UTC)Be interested to hear how it turns out.
no subject
Date: 2006-10-02 07:23 pm (UTC)