Dropsafe

by Alec Muffett

How Firewalls Fail: porn ^H^H^H^H^H fishfingers

perfect.

Panic at the London Evening Standard yesterday where the theatre critic Henry Hitchings filed his review of Lolita at the National Theatre, only to learn that no one at HQ could locate his copy. The panic starts early there – 5am – with production staff looking at the clock and imploring him to file again. Why couldn’t he communicate with them. No one could understand it. Enter a hero computer boffin. The firewall, he explained, was rejecting the word Lolita. So Hitchings had to re-file substituting Lolita throughout with the less troublesome “Fishfingers”. Relieved production staff re-inserted all the Lolitas at the other end.

This is only one of the ways in which firewalls fail.

There are hundreds of others.

They are still useful, yes, but you need to be aware…

Comments

13 responses to “How Firewalls Fail: porn ^H^H^H^H^H fishfingers”

  1. Valerie Fenwick

    This really seems more like spam filter fail – sure, it may have been hooked into the firewall, but that’s a much deeper inspection than should be done by a firewall.

    Reply
    1. alecm

      >This really seems more like spam filter fail

      Yes, yes is it; to me it’s still “filtration” and thus a firewall. I would expect whitelisting and better Bayes matching, rather than “it contains a naughty word, let’s dump it”; the bluntness of it depresses me.

      Reply
  2. Mark Allen

    Seems silly to have been rejecting “Lolita” as the word is simply not pornographic or naughty. As to the movie of that title, it is a classic and while dealing with a subject of some controversy, misses the mark of being pornographic.

    And all this in a country where topless models make it into the daily papers.

    Reply
  3. alecm

    >And all this in a country where topless models make it into the daily papers.

    You must have missed-out on http://www.google.co.uk/search?q=paedogeddon

    Reply
  4. Mark Allen

    Yup, missed that one, but the magic of the Goog will soon remedy that…

    Topless models in the daily paper I seldom miss when in the UK. 😉

    Reply
    1. alecm

      You know we allow nudity on network TV, too? One of my visiting-from-the-USA colleagues saw http://www.imdb.com/title/tt0103381/ shortly after 9pm and was astonished.

      Once you are past your teens, though, it mostly ceases to be an issue – or a draw – except in the forms of media which exist to sell to wannabee prudes.

      Reply
  5. Brad

    Hmmm. I recall the Crypticide comment filter dumping one of my comments in the bitbucket for a relevant term….

    Reply
  6. alecm

    >Hmmm. I recall the Crypticide comment filter dumping one of my comments in the bitbucket for a relevant term….

    Yep, and I know that the price for having a relatively spam-free blog is to review the spam bucket for mistakes every couple of weeks and revive the posts that I feel are worthwhile – including yours, of course 😛

    The point is that security is an active process, in fact it’s a expression of policy. To “achieve” security by throwing hardware and software at it and not be aware of the effect is… tragic.

    To blindly (and I feel the example above was likely a blind implementation) do something that hampers your business suggests that it’s not “policy” being implemented, but “reaction”.

    Reply
  7. Simon

    American TV shocked me. Whilst suffering jet lag channel surfed to a movie where the characters got shot in the stomach with a shotgun leaving a messy hole. I’ll take nudity in preference any day.

    I don’t reject on content of message in our spam filtering. You can do pretty well with reputation. I think the whole approach of computerized censorship is daft.

    But surely the issue here is bad implementation, as it sounds like he wasn’t notified of the failure.

    Reply
    1. alecm

      >But surely the issue here is bad implementation, as it sounds like he wasn’t notified of the failure.

      That certainly is a valid way to look at it; I am torturing myself with a different approach that I have trouble putting into words; that the flaw is not the trap, nor the drop, but instead the policy behind it, that’s gone down this route.

      In the end it’s a learning experience for the organisation that installed the firewall, if organisations can learn at all.

      Put differently: putting users in the position where they teach themselves how to work around the “security” – quotes intended – is a bad thing.

      Reply
  8. MaF

    Sun used to have a similar filter (and I do not know if they still do). And even better, it assumed that every email was in english. So if I wrote a letter in swedish and included certain swedish words and phrases like “till sl*t” (finally) and “s*x” (=six) then the message was silently dropped.

    Reply
    1. alecm

      @MaF – argh 🙂

      Reply
  9. Dogsbody

    Sun currently has a “great” content filter as I found out last week….

    Write the word “shit” in an e-mail to someone in Sun and they won’t get it. Bad enough, however someone at Sun can write the same four letter word to you but when you reply to their e-mail they won’t get the reply!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts