Saturday, October 28, 2006

Firefox fallout

Time to complete this blog's inaugural IT story... If you haven't done so yet, be sure to start with chapters one, two and three.

After our modifications to Portable Firefox as described in the previous post, my co-worker and I settled back into a routine of Firefox usage for a few weeks. I was reasonably confident that we had done everything we could to avoid detection. If we got caught this time, it would be over.

The first blip came in early fall when I learned that an investigation into port scanning had been launched in my name. When confronted with the accusations of port scanning by my boss, I blanked--I didn't remember doing anything like that... It was a few hours later that I remembered ShieldsUP! and realized what had happened. Hoping it wouldn't end up being a big deal, since it was a simple matter of visiting a web site that caused the port scanning, I just sat back and waited to hear the resolution.

But the port scanning investigation quickly became the least of my worries, when a week or so later, my co-worker and I were both dragged into our boss' office where he angrily confronted us with a completely justified "What the hell have you two been doing under my nose?" voice. He had just received a phone call from the head of IT security.

The powers-that-be in IT were very concerned that we were two hackers trying to bring down their system... or something like that. They had found out everything. "FUCI&T" came up in an offhand way, like it had been mentioned but not explained to my boss, and then he asked about the script we'd been running to kill the usage monitor. And killing SMS, of which I had no idea what he was talking about; my co-worker would explain later. And then utorrent came up, to which I carefully explained had nothing to do with the corporate network (since it was used on a hotel network in Montreal). But all of these things happening in short order was evidence stacking up against our trustworthiness. All because they won't let us run a simple, secure, freeware program called Firefox off our own damn personal USB drives.

We assured our boss that we would remove the batch file and stop using Firefox. That everything was being blown completely out of proportion. We were certainly not up to anything malicious.

I also renamed the infamous shortcut with "Fabled Utopias Challenge Identity & Traditions!" (It also no longer points to Portable Firefox, just to my USB drive.) Yeah, I'm clearly not getting any more mature anytime soon... but again, it made me smile, and really, what can they say about that? I'm just making a political statement, honest!

It was very frustrating that our boss had to be involved in this. Any previous problems I had had with IT had come directly to me to deal with myself. But obviously this was a new approach they were taking, and it is far more effective. Yell at my boss instead of me, let him yell at me, and get me in much more trouble than I would be otherwise.

IT's only threat at this point was to remove our local administration rights. I wasn't going to bring up the fact that losing admin rights does not prevent running executables off a USB drive--but it's true. Anyway, a few weeks later, present day, they still have not gone through with the threat, as they are well aware that we have very strong business reasons to require admin rights. Engineering software almost always requires admin rights for installation.

To resolve the situation somewhat, a meeting was arranged. The head of IT security would sit down with me and I would show him all of the currently unauthorized software we run, as well as explain my actions. Needless to say, I was worried to meet the guy, and the day of the meeting was a nerve-wracker.

And then he showed up. A young guy, friendly, understanding, new to the company, and a Firefox user--at home only, of course. It was a nice surprise. The meeting went well, generally. He explained how the tales of my (and my co-worker's) activities had gone pretty high up in the IT department's chain of command, but he was going to work to resolve the problems as much as he could. He explained that only multiple offenders end up dealing with him, and we were definitely multiple offenders. But he also explained that in the grand scheme of corporate IT, most of our activities were small potatoes. At least we weren't using illegally cracked software programs!

But then "FUCI&T" came up. And this was when I learned the true extent of what I had done. What had IT's panties in a bunch more than anything? The name of my shortcut on my personal desktop quicklaunch bar, of course. Without that, no one would have cared nearly as much. But now some clearly overly sensitive employees of IT were taking it personal. Even the head of IT security acknowledged that it was pretty ridiculous, but it had really hit a nerve, and it too had gone all the way to the top. So, the higher ups in IT certainly know my name and are going to be holding a grudge for a long time. For the stupidest possible reason. WTF?

But by the time the IT security head left, I was feeling pretty relieved. It was likely that any changes to our admin rights would follow a corporate wide policy, and not as a stupidly ineffective punishment. I agreed to use IE6 for my surfing needs from now on. I agreed to be up-front about unauthorized software usage. I agreed to no longer kill processes.

And then I fucked it all up one week later in a few seconds of stupidity. It was October 26th, mortgage payment day. I wanted to check the payment status on my bank's website. Only problem: I don't know the account number off-hand. But it's stored in my Portable Firefox! So I quickly opened Portable Firefox, copied the account number, closed Firefox, and then carried on my online banking with IE6. Big deal, right?

Confirmation of my suspicions that they have been watching me like a hawk came yesterday afternoon. My boss again dragged me into his office for a talk. He had gotten another call. The head of IT security was now accusing me of being a liar for continuing to use Firefox. They had noticed the previous day's launch of the renamed Firefox executable. (Renaming the executable is really only a surface fix, as the process can still be identified as Firefox if you are watching carefully, as they obviously are.) I was understandably shocked at both the fact that they caught me and that they had moved so fast to get me in more trouble.

After getting over my brief shocked silence, I calmly explained what I had done, why I had done it, and that I was honestly not using Firefox for my internet surfing anymore ("I'm suffering with Internet Explorer" was an exact quote). I urged my boss to let me talk to the IT guy, but he insisted on handling it. If there's one thing most frustrating about this whole experience, it's that my boss has been the one handling it the entire time, when it should be my mess to straighten out.

Luckily, I had a busy afternoon to keep my mind off these difficulties. And then my boss came to see me at the end of the day again. Way to lead into the weekend, boss!

The IT security guy had believed me, as the log clearly showed a quick blip of Firefox, and he described me as "unlucky" to have been caught. Great. And then "FUCI&T" came up--again!

And this is the reason for this blog. I left work on Friday afternoon in a state of perpetual WTF, and I needed to get some of this bizarro-world shit off my chest.

Because, you see, I harassed the IT department with the name of the shortcut icon on my own personal desktop quicklaunch bar. Yes, the word "harassment" was used! Harassment! Of a ridiculously sensitive business unit... Wow! And it was so easy. Rename an icon a silly acronym that doesn't actually say a damn thing (who's to say what FU means, really?) and let IT find it and then feel harassed by it. I clearly rock.

So, what was the last thing I agreed to do on Friday afternoon? Well, apparently an apology letter is required. Or so my boss has requested I write. And I will, because he's my boss, and because this situation is so ridiculous but yet frustrating to him, that I have to do my best to get back on his good side. How I will write a genuine apology about all of this is beyond me, but I'll give it my best go. Will it end up being sarcastic as all hell?--likely. Will it resolve this problem?--who knows.

Is this story over?--hell no.

No comments: