- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
There are two things that surprise me greatly: the immaturity of the other people on this site and their coworkers, and the number of data entry clerics among us that apparently pose as programmers.
I always thought this was a site by and for programmers, and the "data" that we work with is program code. I would have thought it would be well-known by now that security through obscurity does not help; as a corollary, the source code of your application is not in any way "sensitive data". The data handled by the program might be, but whyTF would programmers have access to that data?
Anyway, I'm happy that I work in an office where I can leave my laptop, mobile phone, wallet, credit card, and a hundred euro's in cash lying on my desk in plain sight, and none of my 30 or so colleagues will take it. And where I can go for lunch without locking my screen, safe in the knowledge that noone will touch it while I am gone.
Admin
Only if you're using a standard POP3/SMTP environment. If your company uses something like FirstClass for internal email, authentication is built in.
Admin
After spending 30 minutes reading dailyWTF...
Admin
Ah, this brings back memories of back when I was tech support for an Internet company. A friend of mine worked there too, and he was messing with me while I was on the phone with someone. I finished the call, and went to his cube to get even...and he was gone.
So, I pulled up his win.ini, and changed: shell=explorer.exe to shell=notepad.exe
So, his computer would boot, and notepad would open. He closed notepad, and it would shut down. Of course, it's an obvious hack, easy to fix, and I even provided a tool (notepad) that could fix the problem.
The next day, I stopped by his cube to laugh and tell him about it...and found the tech support lead, the most senior hardcore techie person in the building (according to himself), hunched over the computer, swearing and pounding the keyboard. I backed away quickly, and disappeared.
He spent hours on the computer trying to figure it out, and eventually declared it a bios virus, and reformatted the entire computer. I quietly told my friend later, and we laughed and swore never to tell. Until now.
Admin
There use to be a guy that worked for our company back in the day that Win 98 was the desktop of choice and he do that same thing to about a half dozen people who he hung out a lot. Phrases like "I Love Gay Constructor Workers" or "Village People Wannabe" were fairly common choices. He would also change their screen saver password which was different than the network login password for some reason or another. Unfortunately, I would get drawn these cames because I was called upon to help people unlock their computer and reset their screen savers. By chance one day he left his computer unlocked and I happened to walk by and see it so I jumped at the opportunity. I changed his screen saver to "Guess what your network password is now mother f****r!!!". He spent over an hour trying to find out who changed his network password and what they changed it to by running to all of the people that he had done this to in recently. The thing is, I didn't change it. Boy was he pissed when he found out, but it is still talked about today how I owned him.
Admin
Why wouldn't a programmer have access to the data? I have all sorts of access to personal information relating to employees and clients for my workplace contained in databases.
I can too. But it's a chance you're taking. Last week, some guy off the street tailgated through a secure door into one of the departments in my building. No one stopped him until he was deep into the actual floor itself and someone noticed that he was somewhere that he shouldn't be. He couldn't explain why he was there, claimed he had a meeting with someone that didn't exist. He was escorted out. It was figured he was there to steal laptops.
Sure I trust my coworkers to not steal from me. Do I trust them to have strong security habits? Not really. Do I trust them to not fall for social engineering? Not at all. As such, I lock up my valuables and my computer.
And for the record, my title isn't "Programmer", but I work in IT and my job does involve programming, although that's not the central aspect of my position. Does that mean that I'm a little data entry clerk who doesn't deserve to read the site?
Admin
Except for his comment about "spyware and keyloggers", which is actual damage, rather than a prank. The tape, keyboard, that's no biggie. The other stuff could have implications outside the company and that is NOT ok, no matter what.
Admin
Some of us who are programmers work with very sensitive data (health care, privacy, or in my case, military) -- so sensitive that we aren't even allowed to see the actual data. Instead we have stand-ins and various other workarounds.
Admin
My favorite office prank was to pop off and switch the "n" and "m" keys on keyboards. Lots of fun for people who don't touch type.
Admin
Just to add my $.02, this is a practice that we performed with relish at my alma mater. The point wasn't to mess with someone - although it was kinda fun - but a harmless way of enforcing good security. Those of you who are going off on the "immaturity" of the pranksters need to realize that there's more to this than some script kiddy looking for a good time. In the view of the CS students I used to attend classes with, it's a whole lot better for you to learn to lock your terminal from us than to learn to lock your terminal from some anonymous jackoff who loads a virus onto your account and uses it to hijack the school network. Locking your computer may not be mandatory, but it's excellent security practice.
All that being said, my favorite was still one where we'd set up the machine to run a VNC session to itself. Practically infinite recursion!
Admin
Just how do you turn on this locking ? I have noticed some of our new people doing this, but I thought they were just being paranoid. I have never heard of any of this type of sabotage! And this is not part or American culture, this is part of immature brat culture.
Admin
I don't understand when pulling fratboy jokes on work equipment became acceptable. At a previous employer, we had a don't-lock-your-computer rule, because the office itself was physically secure and there were certain shared resources hooked up to only a fraction of the PCs that people would often need access to in the absence of the primary user. The issue of people playing pranks on these unlocked computers was dealt with through the simple expedient of firing the perpetrator. Hey presto, no pranks on my work computer, and no having to go to the admin for an unlock password every time I needed to test something against someone else's devkit.
Admin
Alas, that old chestnut won't work in the newer version of Office.
Admin
Admin
Leaving a workstation unlocked in a low-security situation is no big deal. If you have ANY sensitive information on your system at all, or any network access to any sensitive information, leaving it unlocked is and should be an immediate termination offense.
Unless you are completely disconnected from the world, you've read about identity theft. What do you think happens if someone steals credit card numbers by using your workstation and your login, because you left it unlocked? Do they get punished? Only if a video camera or some other evidence shows it was them. Most likely, you get blamed (as they trace the IP and login of the breach), and quite possibly you end up with a jury deciding whether you should do jail time or not.
Think about security first, in the middle, and last, unless your job really is completely free of personal/corporate information.
Admin
[Comments] Never saw such an amount of people doing highly intelligent pranks who are completely lacking wisdom.
Note: I am not talking about harmless and seldom pranks. Nor of people who are really assholes. But even in the latter case I won't go too far and give them a second chance.
First question: What are you doing there ? Answer: Working on a computer perhaps ?
Next question: What people are your colleagues ? Answer: They are people hopefully doing the same, but on different tasks. And you and your colleagues they should helping each other because noone can do all tasks at once. If you don't, please explain me what a "company" is. Or imagine what your company would be like if everyone is working only for himself.
So what exactly will be the result of this kind of continued obnoxious behaviour ? Hm, I think I would double- and triple-check if I give my "colleagues" any possibility to harm me. Or simply spoken: I will not trust them. Add one minute lost working time for each person leaving his place. Hey, it really sums up, doesn't it ? And if they are doing this with my computer, why should they stop there (which is indicated by some of the posts) ? So I would repeatedly check my personal things and my work if it isn't modified "just for fun". And why should I tell them something personal to begin a friendship ?
So in effect we have people who are stalking each other and a pretty hostile climate. And it is nearly impossible to regain trust if the "game" had begun. If you want to improve the adrenaline level you can start badmouthing and mobbing, too.
The "security" argument is complete bullshit if you can trust your colleagues. Set the auto-lock for 7-10 minutes and the screensaver to 1 minute. That is more than enough time to get a coffee or go to toilet. You are not disturbed in your work and you can concentrate on it. If you have one room for yourself, lock it. If you are working with colleagues in a room, agree that noone may approach an empty workplace with one exception, namely locking it and leaving it immediately. Set a function key on each workplace to lock it, so that if it is necessary to lock a workplace it can be done with a non-suspicious simple keystroke. If the room is leaved completely, the last person locks the door (the auto-lock will do the rest). The only reason for locking left is a seperated two-person room (and I admit that in this case it is necessary).
Yes, unfortunately these kind of corporate malice happens. But I find it really astounding that people are in fact defending malicious behaviour and blaming the victim for "WTF" behaviour. Dumb. Really dumb.
Admin
[quote user="Hans"][quote user="webzter"][quote user="ObiWayneKenobi"]The REAL I always thought this was a site by and for programmers, and the "data" that we work with is program code. I would have thought it would be well-known by now that security through obscurity does not help; as a corollary, the source code of your application is not in any way "sensitive data". The data handled by the program might be, but whyTF would programmers have access to that data? [/quote]
You know, there's more to the programming world than boring internal corporate intranet applications.
For almost anyone who works for a company that sells software commercially, the source code is the crown jewels and has to be well protected. Like it or not, closed source commercial programming is big business and it would be a severe blow if that source code got out. This has nothing to do with security, it's simply business.
Admin
Years ago, working as a tech for a local isp, we used to torture the sales & development staff to no end.
Unsecured xservers would have thier root screen set to the xdecayscreen screensaver. Nothing more fun that watching a Bulgarian developer screaming obscenities when his root window starts melting.
Raidus profiles would be altered to time out in 4-6 seconds - just long enough for a sales guy to dial in on his free account and get idled-off by the time he went for his email application.
Last thing we did that was a ton of fun was to win-nuke the sales guys pc's when they were entering data into Peachtree. We had CU-SeeMe cameras mounted on the walls and could watch the sales guys from over thier shoulders...
"Oh look, Ed's going to make a sale..." NOT! Zot! BSOD! :)
Admin
In some cases, yes, it's wrong to pull pranks. I think the one where a guy had spyware and keyloggers installed is a very good case of what isn't pranking material.
A good sample of the cases related here obviously did not lose data, work or hours. A few minutes, sure, but I highly doubt most employers would have fits over 15 minutes lost here or there. If they do, then that's not an employer I'd like to work for.
From what I've read, there are a few that resulted in IT staff unintentionally being called, but that wasn't the intended result. And I haven't yet seen anyone claiming that all they did were pranks.
If a work environment suffers because of it, then yes there's a greater issue at work there, but the occasional prank, especially one that drives home the issue of security which is what some have discussed, isn't harmful.
Heck, one of my coworkers sent an email to my boss from my unlocked workstation when I wandered off for a few minutes. You can bet your ass I haven't left my machine unlocked since, which is a requirement as I work in the financial sector.
Admin
Admin
I went to high school in a small town where only three people (myself and two friends) were qualified to troubleshoot and fix the computers, all students. So basically we were the IT department. The typing teacher, Mr. Pilgrim, was about the least technically-savvy teacher you could imagine, having just upgraded from typewriters two years prior. His class was right beside the main computer lab.
Of course, being high schoolers we often wanted to skip class. Simple: a program called bitchslap would exploit a backdoor in Windows98 and blue-screen the system. Just enter the IP address of Mr. Pilgrims computer, hit the button, listen to the grumbling across the hall as he restarts, crash it again, and wait until he comes into the lab yelling "the damn computers broke again".
Do a little pretend fixing, "oh, we need to go download a patch". Surf the internet. Bring in a 98 boot disk and type a few do-nothing DOS commands (dir). Restart and "surprise"! It works.
Ah, those were the days...
Admin
Admin
speaking of wtf's, check out my username.
Admin
Not so much a hack, but an initiation we pulled on a co-worker several years ago when we decided he was far enough along to be granted root access to a production system...
While he was meeting with the team lead to be told of his new powers we went over to his desk and popped the R, M, ., and * keys off his keyboard.
Admin
back in the DOS days, it was always fun to update the autoexec.bat to make the prompt and cursor == black. You had to be really good to recover from that one - either type blindly hoping to open the editor, or cntl-break the boot.
Recently, I worked at a company that dealt in very sensitive financial data, ssns, credit - and we had a very strict policy of locking our consoles if we left the desk (windows key + l) and if someone was discovered to not have locked and walked, we'd usually slay them by emailing to all employees some politically correct thing, like "I like cookies". One guy fought this of course, by doing the old screen cap of his desktop and making it his screen saver image. Countless times I saw do-gooders move his mouse to open Outlook only to be challenged with the login msg box.
Still, I won't talk about the really bad things I've seen, as to not incriminate myself... or worse, give people ideas.
All in all, it is good practice to lock your console no matter where you work, simply to preserve your own sanity if nothing else. Do you leave your front door wide open?
Admin
Wow, your previous employer and mine would have gotten into a major fistfight. For us, locking your terminal would get you a stern dressing-down from the IT department and the lead programmer. It was a major retail-software company; but we felt the only threat posed by an unlocked terminal would be to a spy who somehow gained physical access to the office (which meant getting past two guards, two cardswipes, a camera, and being unchallenged by anyone who saw you in that open-plan office), which was remote compared to the daily necessity of grabbing someone's desk when they were away to borrow a custom resource.
Admin
Early 90's I worked in tech support for a major computer manufacturer. One of my coworkers was the perennial know it all type (I've got a number of WTF stories about him). Anyway, this was in the day of DOS/Win3.1, you had to type "win" from the command prompt to get into windows. So one day, we remapped his Enter key on his programmable keyboard to Ctrl-Alt-Del. He'd type "win" and the computer would reboot. We finally suggested he clear the mappings on his keyboard when he started to call IT. Now imagine the support he was giving the customers?
Admin
ok, so I'm not the only evil person around.
Long time ago, in my tech course, I was wondering what would happen if you did an attrib +r . /s on a win 3.1 box. Ran it and went home. Forgot they had an evening class. Whoops.
Admin
One time, where I used to work, I saw this woman's PC unlocked, so I went over (on my way to lunch) and set her Marquee screen saver to
"I WILL NEVER AMOUNT TO ANYTHING!"
Upon my return, I found out that she was crying (wailing, actually) in the women's bathroom. I felt so, so, so, so bad.
It turns out that these were the last words from her father; he had been hit by a drunk driver the year previous or so.
She had given HR the usual suspects. Luckily, I wasn't on the list. Until this day, I haven't told a soul.
Phew, that was a close one.
Admin
The real WTF is this is considered an acceptable development methodology somewhere.
Admin
if it's a xp dell you can hit ctrl + alt + q and it flips the monitor display 180 degrees. I think they made this shortcut just for Bob
captcha: yummy
and it is...
Admin
Stick a boot floppy in a: CTRL+ALT+DELETE copy c:\autoexec.bat a:\autoexec.tmp Take the floppy to a running machine edit a:\autoexec.tmp Take the floppy to the borked machine copy a:\autoexec.tmp c:\autoexec.bat Remove the floppy CTRL+ALT+DELETE
I worked with a headless DOS machine for a while. I got very good at keeping a mental picture of what state the machine was in.
Admin
On a windows box:
*Change all of the system sounds(window max/minimize/open/close etc) to something annoying, like Meg Ryan faking an orgasm in When Harry met Sally.
*Set volume to max.
Any if you have any clout with the IT guys, get them to make a group policy disallowing him to change system sounds or volume
CAPTCHA: darwin - implied to people who don't lock their desktop?
Admin
I find it funny that somehow formatting the hard drive would fix the BIOS virus.
Admin
omg dude, that is brutal! lol
Admin
[...] +r +s +h = woot!
Admin
The COMPLICATOR'S method, eh? I think I would have enjoyed borking your box back in the day, too.
Admin
That's not really the question, is it? The question is: What do you do when you see that your neighbour left the door open?
On this site the answer seems to be to get in the house and crap on the floor instead of closing the door.
(BTW, That last remark wasn't targeted at you: "I like cookies" isn't very funny but at least it doesn't harm anyone.)
That one guy setting that woman's screensaver to "I'm worthless" on the other hand... how was that supposed to be funny in the first place?
Admin
Back in the day, we wrote a DOS TSR to randomly (every minute or two) consume a keypress, or double it up. So, this guy is typing away "tap-tap-tap-FUCK", like every minute for about a week, before one of my workmates cracked, and told him.
Admin
I once setup a filtering web proxy which replaced any occurrences of 'the' with 'the fucking'. When one of my colleagues left his workstation unlocked, I changed his proxy settings, sat back and watched the fun begin.
Admin
At my previous job, the technical sales guy was the one to pull some harmless pranks. He has a dummy bomb that has only the mechanism, but otherwise is completely safe. For some reason, setting up the bomb to the bottom of someone's desk or chair provides an endless source of amusement. CEO and the lead programmer were among the "victims".
"Bang, you're dead."
Of course, only to be used with people who can take that kind of joke...
Admin
I'm a bit partial to making strategic alterations to the printer font substitution table. No obvious changes, until they go to print..."Arial" to "Windings". Highly recommended when some documentation is due.
On another matter, I once wired up a car alarm (I work in hardware development) to a co-workers desk with maximum sensitivity on the vibration sensor. He wandered in, put down his coffee and then all hell broke loose.
Good times.
Admin
Reminds me of the time I setup a virtual host on internal web server and redirected a friends favorite page to my server. I downloaded the site local, and randomly made changes to the page along with personal references. He got very confused... :)
Admin
OMG!
Admin
While in college I held a summer job at a train repair yard. A coworker of mine one day forgot to lock his car.
One of the mechanics put a train horn( > 120 db sound) under the front seat, and wired it to his turn signal light.
The first time he turned left and set off the horn, he crapped in his pants. And I think he remembered to lock his car afterwards...
CAPTCHA: yummy - how appropriate
Admin
Admin
Sounds like you've worked with Robert Kiyosaki and the CashFlow posse there in Arizona.
Admin
Admin
When I was in college, another student (not a terribly good programmer) had a habit of scanning my account (and that of quite a few other students) looking for interesting software and files. The OS we were using had inter-user file-read permission turned on by default... those were more innocent times, I guess. He also had a habit of digging through peoples' printouts.
Anyhow, I and several friends were irritated by it, told him to stop, and he didn't.
So, one day, he came into the computer center, and I was banging away on my terminal (a Teletype 33, which may give you an idea how long ago this took place). I finished what I was doing and departed, leaving a printout behind. The printout (apparently) showed me logging into my account, and starting to run a program which identified itself as "Dartmouth Checkers 4.3", which asked me whether I wanted red or black. The printout then showed me quitting the game and logging out.
Naturally, the first thing he did was to log into his account, copy the program, and run it.
It identified itself as "Dartmouth Checkers 4.3", sat there for several seconds, and then printed
"Good morning, Mr. Phelps. Your mission, should you choose to accept it, is to investigate a series of software thefts and intrusions taking place at a small college in upstate New York, and take measures to end them.
"This terminal will self-destruct in ten seconds. Good luck, Jim."
Prior to printing any of this, the program had locked out the BREAK and CONTROL-Y kill features, and deleted all of the files in the offender's account.
It then went into a loop, repeatedly sending a message to the system operator: "I'm a software thief! Please X me!". After about thirty seconds, the operator X'ed the user (forcibly logging him off) and locked his account.
The guy had to go down and talk to the Director of Computer Operations, hat in hand and very woebegone, explaining how he'd been mousetrapped by running programs from other peoples' accounts without permission, in order to get his files restored from backup and his account re-enabled. He never did that sort of thing again, to the best of my knowledge.
This incident also brought me to the attention of the Director... who was rather amused by it all. His biggest concern seemed to be whether the intruder had done any damage to my account or files, and when I assured him that nothing of the sort had occurred, he grinned and said "OK, forget about it... it won't happen again."
Admin
I'm soooo glad I work with a bunch of other programmers and electronics engineers, and nobody needs to lock their computers.
It must really suck to work at most of the places people here seem to! Phew, I guess I didn't realise how lucky I was!