Several years ago, I was working as a trainer in a Citibank call center. At least that was my job on paper. In reality, the employees were far too busy to attend training, so I just hung around and killed time.

The building was locked down. No phones, no email, no paper coming in or out of the building, no ports on the computers, and (most unfortunately for a guy stuck with nothing to do) no Internet.

It made sense, since every computer in the building had access to the complete financial history of every single person who’d ever done business with Citibank. Social security numbers. Passwords. The works.

But then one day, I saw one of the employees goofing off in some random chatroom. He explained that he had found it in the history tab after moving to a new computer. It was the site for a random radio station called Cities FM. I went to my own computer, and found many other sites I could access. The Center for Information Technology Integration. Cities Restaurant. The Cape IT Initiative. Random websites that had one thing in common. They started with the letters CITI.

See, the employees needed to access the sites for the company they worked at. CitiBank, CitiMortgage, CitiFinancial… but since the company was constantly expanding, their IT department had decided that rather than keep updating the firewall, they would simply allow any site that started with the letters CITI, assuming that they would probably own it.

That night, I registered

I of course, not being a criminal mastermind, used it pretty much like I use Google Plus. I made it so my coworkers could read my comics while they were bored. After I left the company, I added an e-mail form so that I could post pictures of the places I traveled and they could e-mail me back.

Of course if I had been criminal mastermind, at any point any of them could have hit copy/paste and I would have had enough information to steal the identities of a large percentage of the American public.

I didn’t. But that my friends, is the illusion of security.

via Buzzblog: Firewall fail: A tale both funny and sad.