Stupid user trick No. 4: The tool and the toolbar
Incident: Being part of an online community can reap rich rewards. Allowing the tools that fuel those communities to wreak havoc on your company Web site -- well, that's probably not what you had in mind.
Of course, when it's your boss who is insisting on tapping those tools, sometimes you have to buck hierarchy and sneak behind his back to help him toe the prudent IT line, as the administrator of a business-to-business Web site quickly found out.
[ Harde your network against social-engineering threats by learning "How to think like an online con artist" ]
The tool in question was a toolbar called Alexa, which tracks the surfing habits of its users and spiders Web sites to build a ranking system for comparing the popularity of Web sites. The admin debated the value of the toolbar with his boss often, though perhaps "debate" is too delicate a term.
"I told him time and again to uninstall it, and even did so myself a number of times, but he'd put it back every time," the admin says.
"Then, one day, all dynamic content on the main page [of the b-to-b's Web site] just vanished. I brought it back from backup and chalked it up to a bug. Then it happened again a little while later. I started snooping around our logs," he says.
As it turns out, Alexa's spiders had been ignoring the robots.txt file -- and were instead capturing usernames and passwords.
"It logged into the administrative area and followed the 'delete' link for every entry," the admin says. "My dumb-ass boss still didn't want to uninstall Alexa -- could have strangled the man."
Fallout: The data was restored, with some difficulty, and Alexa's spider was prevented, through other means, from accessing the administrative side of the Web site.
Moral: When confronted with the classic pointy-haired boss, Machiavellian subterfuge sometimes becomes necessary. Try using the Image File Execution Options registry key to prevent Alexa -- or whatever undesirable, dangerous, or obnoxious program he or she keeps using to make your life miserable -- from running.
[ Stupid user trick No. 5: Let's just call it "boot.ini" ]