I work at a call center that provides call room services to some very big name clients, including those specializing in software and telecommunications. I do Internet tech support for a very major telecommunications company with call centers all over the world. As part of my job, I have access to the tools their employees use as well as partial access to the client’s intranet.
My employer recently installed the McAfee Web Gateway that imposed the tightest restrictions on Internet access I have ever seen. Virtually the entire Internet now blocked at my job, with sites like Google, Bing, and Microsoft all inaccessible with the exception of only a handful of sites deemed necessary to handle the troubleshooting calls I get on a daily basis. I still miss the vast library of useful web sites that was once at my disposal and without them around my job has gotten a little tougher.
This morning things were a little slow so I decided to check out a site on the client’s intranet devoted to information security. I had seen a banner announcing a sweepstakes for employees and decided to see if I could enter, so I typed in the site’s address and instead of that site loading, up came Bing listing the results of my search as if I had tried doing a search for the intranet address I had just typed in. I was pleasantly surprised, since Bing itself is blocked.
I don’t think I even have access to the information security site, so Internet Explorer couldn’t load it. Therefore it defaulted to a search on Bing that was apparently immune to the ongoing electronic embargo and it produced the results page. I was able to modify the URL of the search query to do a different search, for example, wireless printers. I found and loaded an article on PC World’s web site on installing a wireless printer with no problem, even though the PC World web site itself is blocked. Apparently the secret is typing in an address of a web site that doesn’t exist, which forces Internet Explorer to do a query on Bing to bring up the results page.
I don’t know if this is a flaw in the McAfee Web Gateway or a mere oversight by the IT Department in rolling out the Gateway, but I inadvertently found a way to sneak around it without any doing any hacking. Ironic then that I discovered this while trying to access an intranet site on information security.
Yeah, I’m not just a tech support agent, I’m also a l33t hax0r.