1. First day on the job, email to boss: "Hey, the computer lab at Springfield High has a ton of known security flaws that are begging to be exploited."
2. Reply, 1 week later: "Sorry, we don't have any money for that. Just keep everything up-and-running."
3. 3 weeks later the computer lab at Springfield High got "hacked". All the computers displayed a popup window that said, "Miss Krabappel is a dyke!" (sorry for the offensive language)
4. Next day, email from boss: "The computer lab at Springfield High was hacked! Figure out how to fix this and make sure it doesn't happen again!"
5. A few days later Miss Krabappel filed to sue the school district. The local newspaper picked up the story.
6. Email from boss, in full panic mode: "I need you to figure out who hacked the computer lab at Springfield High so we can report him to the police!"
7. A week later an independent consulting firm was brought in to help identify the person behind the "hack". I heard they were paid $50K and found nothing. However, the kid got ratted out when he told all his friends. (It wasn't Bart Simpson! ;) )
8. Several weeks later: meeting to discuss working with a consulting firm that's gonna fix all the security issues because the current staff (me and my team) lacks the skills.
9. About 6 months later, I quit.
When I engaged in `net send` shenanigans at the local community college, at least the IT staff was smart enough to know where to scramble a runner whenever those dialog boxes popped up across campus.
"ALL YOUR BASE ARE BELONG TO US" was quite the meme then, but apparently they thought it was some form of cyber-terrorism.
I should have left it at that, but Ingot cheeky and also did a net send back to the origin saying something like “thanks for your interest in onionisafruit”. That got escalated and I was threatened with disciplinary action. It didn’t occur to IT that they shouldn’t allow arbitrary script tags in user profiles. The best response was just to threaten the people who were creative with what they were given.