• Dude (unregistered)

    The real WTF here was the article its self.

  • (cs) in reply to Patrick
    Patrick:
    what did you expect, "*******"?
    no, we expected hunter2. you can go ******* my *******ing *******!
  • JohnFx (unregistered) in reply to ian
    ian:
    Don't those old machines usually have floppy drives? I'd think it'd be much easier to just copy the data onto a floppy and then figure out how to get it on the USB pen drive on a newer machine.

    That would require a trip to a museum to obtain said floppy disk. At least the problem wasn't on one of the C-64s. He would have had to find a data cassette tape!

  • Matt (unregistered) in reply to veniam
    veniam:
    Alpha radiation is quite bad if you inhale the particles. They tend to stick to your insides and stuff.

    Alpha radiation won't go through your skin. However, if it's inhaled then it'll hurt you from inside. That's why Radon gas is harmful.

    "Because of the short range of absorption, alphas are not generally dangerous to life unless the source is ingested or inhaled, but then they become extremely dangerous."

    http://en.wikipedia.org/wiki/Alpha_particle

    My favorite thing about internet comments: They're made by retards that don't know what they're talking about; yet feel the need to espouse their thoughts.

    Now for the rest of you, stick to what you know. And share some of your own tech support stories. Please stop showing everyone how little you know about alpha radiation.

  • Eddypearson (unregistered)

    Is it just me or did this read like a articulate, eloquently put, load of nonsense?

  • Hiredman (unregistered) in reply to Jeff
    Jeff:
    WTWTF?

    This sounds like a routine day at the University to me. Consider yourself lucky it had a working CD drive.

    I was thinking that it sounds like a call I get every other week. The belt on the CD drive broke but they have it so all I need to is find a replacement for this 10 year old rubber band looking thing because USBs don't work and then they tried to hook it up to the network but then it got infected so it won't even boot up now but they need the data for a presentation tomorrow morning.

    Does that mean that my job is one continuous WTF?

  • (cs) in reply to Matt
    Matt:
    veniam:
    Alpha radiation is quite bad if you inhale the particles. They tend to stick to your insides and stuff.

    Alpha radiation won't go through your skin. However, if it's inhaled then it'll hurt you from inside. That's why Radon gas is harmful.

    "Because of the short range of absorption, alphas are not generally dangerous to life unless the source is ingested or inhaled, but then they become extremely dangerous."

    http://en.wikipedia.org/wiki/Alpha_particle

    My favorite thing about internet comments: They're made by retards that don't know what they're talking about; yet feel the need to espouse their thoughts.

    Now for the rest of you, stick to what you know. And share some of your own tech support stories. Please stop showing everyone how little you know about alpha radiation.

    Yeah... Rn222 -alpha-> Po218 -alpha-> Pb214 -beta-> Bi214 -beta-> Po214 -alpha-> Tl210 -beta-> Pb210 -beta-> Bi210 -beta-> Po210 -alpha-> Pb206. That's 4 alpha particles and 5 beta particles per atom of radon you inhale (the first in a matter of days, then everything a few minutes apart until Pb210, which takes 22 years, making everything after it pretty moot*). Great if it ends up in your lungs or GI tract! And it doesn't even have the decency to give you super powers or anything, except the super power of lung cancer.

    • Yes, I realize I'm grossly oversimplifying half-lives and calculations based off them.
  • Felix (unregistered)

    RS232.

    Easy, primitive, robust.

    I like it.

  • J (unregistered)

    Having worked in this environment, I know this is pretty much dead on. They use horrifically old machines attached to some instrument because the software costs thousands and the company that makes it might not even be in business anymore. The machines aren't networked or even used for anything besides running the instrument, so all software updates do is risk upsetting the balance of things.

  • (cs)

    NT 4 didn't have EFS in it. Any encryption would be an add-on. And it didn't have CryptAPI, secret storage, etc. The guy was lucky the encryption password was the same as admin's.

    To "reset password" suggestion:

    It doesn't give you access to encrypted files.

  • Chris (unregistered) in reply to Anon
    Anon:
    Blitz:
    Mr. Shiny & New:
    Why would you try to install patches on a computer so old and so obviously broken? A relic like that is good for one thing only: doing exactly what it is doing until you build a proper replacement. Don't waste time fixing it, a new PC is like $300 from Dell.

    Anyway, I don't know why he didn't just download the data files in the first place. Some user account created those files, that user account could decrypt them.

    As much as I would love to agree with you, having worked at those labs (as both the scientist and the tech) I can tell you with 100% certainty that most of the software for these instruments are incompatible with Windows XP and later. Yes, you read that right: this software has not been updated to work on a 6 year old operating system. Not to mention that even if you did just throw on the old operating system, it probably still wouldn't work. The setups are incredibly finicky; they require very specific drivers that you have to request a floppy diskette for (no CD and no online repository) and some proprietary PCI card to interface with the instrument whose warranty you void as soon as you open the box. And a new one will run you several thousands of dollars. All told, it's too much of a pain to get these old instruments working with new computers, but I think the Windows XP versions just came out in the last year...

    QFT. Scientific hardware is notoriously finicky about what they'll talk to and incredibly expensive to upgrade.

    Last I checked, Windows XP was released in 2001, making it 8 years old.

  • (cs) in reply to Tzafrir Cohen
    Tzafrir Cohen:
    cracking the password takes time.

    Resetting it is dead-simple.

    http://search.yahoo.com/search?p=reset+NT+admin+password

    Doesn't that invalidate your certificates that allow you to decrypt your data?

    Or wait, the article said something about third-party encryption. Never mind.

  • ChefJoe (unregistered)

    Speaking as a scientist/grad student/slave in a chemistry department (1st floor) at a university this really hit home. My lab just purchased a $100,000+ scintillation counter for $10,000 by buying one made in 2001. It has a built-in Pentium computer running Windows NT 4.0 and it most certainly didn't support USB. All my fellow students have laptops without floppy drives so I added USB support by installing a driver from some dude with a geocities page. It actually worked thanks to the intel 440 chipset.

    http://www.geocities.com/mypublic99/index.html Only downside is that the USB drive needs to be formatted in NTFS and you need to eject the drive rather than just pull it out.

    vulputate

  • My Name (unregistered) in reply to Timmy D
    Timmy D:
    Oops, forgot to quote.
    pscs:
    TRWTF is that everyone seems to have forgotten about floppy disks.

    I'm pretty sure NT4 supported floppy disks.

    Even if the file was too big to put on one, there are small programs which will fit on one which can be used to split big files into little files just for putting on floppy disks.

    You forget the part where the files were encrypted. Otherwise he would have been able to put them on a USB stick from Knoppix, like the article says.

    He was probably talking about using a cd-burner with NT4. There must be some sort of decryption driver in NT4, or he would not have been able to work with those files in NT4 :-)

    But it would probably not work anyway, because I doubt the machine had a cd burner at all, and he would not dare to install a new cd burner anyway

    Timmy D:
    I still don't get why he still needed the Knoppix CD after racking the NT password.

    The machine didn't have a USB driver and probably not a cd burner. It is much better to put the files on an USB than finding a floppy.

  • Stig (unregistered)

    Hatstand

  • (cs) in reply to nico
    nico:
    Well alpha radiations are not so dangerous anyway, they won't even pass your skin. Would have been nice if it were gamma radiations. The guy could have changed into some weird superhero, like SuperKnoppix or something like that.

    Alpha radiation is blocked by all sorts of things (both skin and paper will remove most of it), but it deals really serious damage to you if it does manage to get inside your body somehow. Gamma rays are much better at going through things but don't hurt as much. So you really don't to go somewhere flooded with alpha rays in case you have a cut or something like that.

  • Max (unregistered)

    So the WTF is... leaving instructions on how to do it again instead of just changing/documenting the password?

  • spike (unregistered) in reply to pscs
    pscs:
    TRWTF is that everyone seems to have forgotten about floppy disks.

    I'm pretty sure NT4 supported floppy disks.

    Even if the file was too big to put on one, there are small programs which will fit on one which can be used to split big files into little files just for putting on floppy disks.

    It seems like you forgot how small and slow floppy drives are.

    the article doesn't say how much data but i does imply they had a lot "During the course of several weeks, they had amassed all the data they would need"

    In my experience scientific instruments can generate anywhere between a tiny amount to a virtual shitload of data.

    How many disks would they need? 10 = 14 Mb 100 = 144 Mb 1000 = 1.4 Gb

    When i was much younger, I remember trying zip up and span Duke nukem 3d, onto 5 disks. I never had a set unzip properly, there were always problems.

    Floppy disks are gone, and good riddance, they were small, slow, and unreliable. Floppy disks can get bad sectors if you look at one the wrong way.

  • (cs) in reply to Blitz
    Blitz:

    As much as I would love to agree with you, having worked at those labs (as both the scientist and the tech) I can tell you with 100% certainty that most of the software for these instruments are incompatible with Windows XP and later. Yes, you read that right: this software has not been updated to work on an 8+ year old operating system.

    FTFY

  • scott (unregistered)

    Maybe it's not a WTF, but I thought it was a fairly interesting read. Maybe it's a typical day in the life of an IT guy, but I'm not an IT guy. I thought about taking the drive out and mounting it on another machine before it was mentioned, but oops--politics and encryption.

  • Anonymous Hacker (unregistered)

    From what I remember, NT4 only used LM hashes, so passwords are case insensitive and are hashed in two 7 character blocks. Brute force cracking is quite fast :)

  • IT Girl (unregistered) in reply to Hiredman
    Hiredman:
    Jeff:
    WTWTF?

    This sounds like a routine day at the University to me. Consider yourself lucky it had a working CD drive.

    I was thinking that it sounds like a call I get every other week. The belt on the CD drive broke but they have it so all I need to is find a replacement for this 10 year old rubber band looking thing because USBs don't work and then they tried to hook it up to the network but then it got infected so it won't even boot up now but they need the data for a presentation tomorrow morning.

    Does that mean that my job is one continuous WTF?

    Yes, yes it does. Don't feel bad, it applies to all of us. Open ticket on my system: "user needs new mouse, if you don't have any than I suggest it's time we buy some"

    Let's start with, I don't get to determine the budget for equipment (like most of us here from the sounds of it).

    Then add that the mice are all trackballs.

    Then add that I send out a message on daily basis with instructions on how to clean them, so that they work.

    I walk to the desk in question, move the mouse and say "looks fine to me". User says, "well yes, but I had to clean it"

    My response: "uh huh" User: "I have to clean it every day" Me: "Well, you might want to consider cleaning your desk instead. How about the chips on the desk. Those are going to crumb up the rollers in the mouse." User: "It's snack day" Me: "Well, if I replace that mouse with the one in my hand (also a trackball), you'll still have to clean it every day" (Implication being the issue is not with the mouse). User: "Oh" Me, walking away irritated, annoyed, ready to spit and spewing venom at everyone crossing my path, asking rather loudly why people don't understand how IT people are always so cranky.

  • Appellatio (unregistered) in reply to JohnFx
    JohnFx:
    ian:
    Don't those old machines usually have floppy drives? I'd think it'd be much easier to just copy the data onto a floppy and then figure out how to get it on the USB pen drive on a newer machine.

    That would require a trip to a museum to obtain said floppy disk. At least the problem wasn't on one of the C-64s. He would have had to find a data cassette tape!

    http://en.wikipedia.org/wiki/Commodore_1541

  • Obvious (unregistered)

    Why didn't he just look under the keyboard for the password?

  • (cs) in reply to spike
    spike:
    When i was much younger, I remember trying zip up and span Duke nukem 3d, onto 5 disks. I never had a set unzip properly, there were always problems.

    Floppy disks are gone, and good riddance, they were small, slow, and unreliable. Floppy disks can get bad sectors if you look at one the wrong way.

    The real fun was installing slackware with 10 floppy disks. I never went with more than 10 floppies because it seemed that either I'd get them crossed up and get 2 X2 disks and no X3 disk, or the transient magnetic field would corrupt them. I tried a pillow case filled with magnets, but that only made it worse... Anyways, I'd start the install, drive to local community college for internet access, get the next 10 disks, drive back, rinse/repeat. I think slackware was 50 disks or so for a full install with the NEW 2.0 kernel that had this new feature called 'ELF' binaries... I went with the 1.0.86 kernel because that was the stable one. Finally, a few weeks later, I got a walnut creek cd-rom and no more floppy disk commuting to re-transfer disk 7 out of 9 of the X-Windows series to complete the install. In hindsight, it's a good thing gas was cheaper because the 5-6 CC trips would be the cost of an XP licenset these days.

  • (cs) in reply to Mr. Shiny & New
    Mr. Shiny & New:
    Why would you try to install patches on a computer so old and so obviously broken? A relic like that is good for one thing only: doing exactly what it is doing until you build a proper replacement. Don't waste time fixing it, a new PC is like $300 from Dell.

    Anyway, I don't know why he didn't just download the data files in the first place. Some user account created those files, that user account could decrypt them.

    From what I have heard, VMWare is currently the only "manufacturer" which has an offical NT4 support and even they require SP6a.

    And like some people have said, sometimes NT is the only option.

  • Anonimuos (unregistered)

    That story didn't make a whole lot of sense. At some point basic USB volume support was added to NT 4. A removable hard drive attached the computer, if recognized by the bios, would show up as a volume, but it was not hot-pluggable. The article states the machine was unpatched though, so perhaps that's right out. NT did not have FAT32 support, so perhaps that was the problem.

    Adding a CD burner would have required admin access.

    Admin access was required to add drivers to the computer to support a USB memory stick, but changing the password would not create a problem with the certificate used for encrypting the files because third-part encryption was used.

    What doesn't make sense is that the submitter discovered the password then proceeded to use Knoppix to get to the files. What's unclear is whose account the encrypted files were under, how they were then decrypted given the third part tool (did that not have a password as well)? This would have been a great story if the resolution had been better explained.

    Like the commenter above, I think something fishy was going on here. The sense of urgency, the desire to keep the IT person from taking the computer, or even opening the case at all, smells like data theft. So the submitter helpfully extracted the data surgically without leaving any traces. Perhaps he could have tried another password, one that is often helpful in situations such as these -- the letters N and O.

  • Anonimuos (unregistered)

    Edit: Adding CD burner software would have required admin access and opening the case. Adding a USB burner, probably out of the question for NT.

  • (cs) in reply to spike
    spike:
    In my experience scientific instruments can generate anywhere between a tiny amount to a virtual shitload of data.
    I've forgotten... is a shitload more or less than a crapton?
  • Irish Girl (unregistered) in reply to ais523
    ais523:
    Alpha radiation is blocked by all sorts of things (both skin and paper will remove most of it), but it deals really serious damage to you if it does manage to get inside your body somehow.
    Yep. Doesn't anybody remember Alexander Litvinenko? He was killed by alpha emitter polonium-210.

    http://en.wikipedia.org/wiki/Alexander_Litvinenko

    Although most of my work has been with iodine-151 (a gamma emitter), I've been around all kinds of radioactive substances. You definitely don't want to be too casual about any of them.

  • NutDriverLefty (unregistered) in reply to Code Dependent
    Code Dependent:
    I've forgotten... is a shitload more or less than a crapton?

    Bigger than an Imperial crapton, smaller than a Metric crapton.

  • gerty (unregistered)
    Tweet:
    I'm starting to think Alex's April Fool's edition had the right idea. Let's cut these down to 140 characters or less.

    Hero called mid night to fix alleged emergency, self-inflicted due to cheap ass customer. Can't get in cause admin password only known by dead guy.

    I actually thought the title gave a good job of summarising it. Read the title and expected (almost) exactly what happened.

  • Vlad (unregistered) in reply to Irish Girl
    Irish Girl:
    ais523:
    Alpha radiation is blocked by all sorts of things (both skin and paper will remove most of it), but it deals really serious damage to you if it does manage to get inside your body somehow.
    Yep. Doesn't anybody remember Alexander Litvinenko? He was killed by alpha emitter polonium-210.

    http://en.wikipedia.org/wiki/Alexander_Litvinenko

    Although most of my work has been with iodine-151 (a gamma emitter), I've been around all kinds of radioactive substances. You definitely don't want to be too casual about any of them.

    In Soviet Russia , people don't get killed (or perhaps people from Soviet Russia in the UK).

  • (cs)

    It was really not all that hard to reset the admin pw on an NT4 box with a linux boot CD...once you discovered that it was possible. I did that on NT4/SP4 machines when developers forgot their passwords and had to get data.

  • Bytemaster (unregistered) in reply to Wells
    Wells:
    *sigh*

    No, Windows NT never had official support of USB from Microsoft. Remember, NT came out BEFORE Windows 95.

    There were some 3rd party vendors that had some USB equipment that would work with NT, but they provided the drivers themselves, and those drivers typically only worked for that particular device, and nothing else.

    True that NT 4 support for USB was through 3rd party drivers, but you have the dates wrong. NT 3.1 - 3.5 were released before Windows 95, but 4.0 (and I believe 3.51) were released after Windows 95 "Gold" (aka RTM in current terms)

  • noname (unregistered) in reply to Malenfant
    Malenfant:
    Timmy D:
    Oops, forgot to quote.
    pscs:
    TRWTF is that everyone seems to have forgotten about floppy disks.

    I'm pretty sure NT4 supported floppy disks.

    Even if the file was too big to put on one, there are small programs which will fit on one which can be used to split big files into little files just for putting on floppy disks.

    You forget the part where the files were encrypted. Otherwise he would have been able to put them on a USB stick from Knoppix, like the article says.

    I still don't get why he still needed the Knoppix CD after cracking the NT password.

    Sheesh, I hope you guys never run support anywhere near me, it's all obvious. The file is encrypted. He cracks the NT password, logs into NT system and decrypts the file, which he then saves on the hard drive. Still can't copy onto pen-drive from NT, so he shuts down, then boots from Knoppix CD to save the now decrypted file to the pen-drive.

    But you didn't account for the fox, what's going to stop him from eating the chicken?

  • CryptoMan (unregistered)

    Sheesh, people... Firstly universities tend to be stupid and lazy. I would have at least tried logging in via the (hidden) Administrator account that exists by default on most machines. he could then change the password for the account he wanted to get into (Although it does seem to suggest that the files were encrpyted, the story only talks about him trying to get access to an Admin account).

    <not serious - before you all start jumping up and down> Secondly, As everyone knows, passwords are hashed. This means that many (or several) passwords may create the same hash value (there are an infinite (assuming there is no length limit) number of passwords that can be used, but a finite number of Hash Values (which are limited to a fixed number of charatcers, typically 16 or 20 {depending on the Hash Algorithm})) - assuming, of course, that the password is not salted before being hashed. The fact that the cracker returned 'spiderman911' is purely conincidental.
    The hash of 'spiderman911' just happened to be the same as that of his really secure password '4E^fg@p[;*)', because an academic would:

    1. Not be stupid enough to use a simple password
    2. Not like spiderman
    3. probably something else about 911 etc

    </not serious - before you all start jumping up and down>

  • Jim (unregistered) in reply to Mr. Shiny & New

    Because the user called and claimed he couldn't open the files anymore. Maybe that user account got messed up.

  • (cs)

    Didn't every PC from that era have floppy drives?

  • acid (unregistered)

    I have to admit that these days I'm tending to skip the article on TDWTF and go straight to the comments. I've noticed the articles becoming less and less interesting and the comments becoming more and more interesting.

    You folk are a real riot. Keep it up.

    Oh, and Alex, FFS mate, get some tree based forum software for this site like the rest of the planet has. Surely one of your sponsors has something that would suffice?

  • JT (unregistered) in reply to Mr. Shiny & New

    Sounds like it was a service polling a hardware device that was collecting the data in question running as the system or admin account in this case. He needed the admin pass, or admin privileges to access that. In addition, he needed the admin pass to install the USB driver to pull the data off the disk.

    And yeah, this as sad as it is, is a frighteningly common occurrence working in IT support.

  • Irish Girl (unregistered) in reply to Code Dependent
    Code Dependent:
    I've forgotten... is a shitload more or less than a crapton?
    I just love Crapton!
  • (cs) in reply to Anonymous Hacker
    ATimson:
    Windows 95 had USB support added in OSR2.1--that is, OEM Service Release 2.1, meaning that you had to buy a new machine to get that support.

    I'm fairly sure the update was also available on the interwebs... Of course back then it was probably cheaper and easier to just buy the new computer anyway.

    Anonymous Hacker:
    From what I remember, NT4 only used LM hashes, so passwords are case insensitive and are hashed in two 7 character blocks. Brute force cracking is quite fast :)

    Sure is fast. Some passwords come up in a matter of seconds. I remember trying it with our school's staff accounts way back... Of the 30 or so accounts, I think I had about 10 in seconds, another 10 within about half an hour, and all but 2 by the end of the day. The 2 remaining were easy to get though - one was mine, and the other was the principal's, who I simply asked what it was. And yes, I worked for the school doing IT and I had a reason to do it. I needed to recreate all the accounts in LDAP on a new server with as little interruption as possible.

  • Charles Babbage (unregistered) in reply to squizzar

    Story was pretty boring, it would have been much more interesting if he had been eaten by a grue.

    You are in a maze of twisty little comments, all different.

  • Gary Olson (unregistered) in reply to Felix
    Felix:
    RS232.

    Easy, primitive, robust.

    I like it.

    Absolutely. If this is a data collector for a piece of equipment, you can bet the serial and parallel ports are configured and working. Some kermit or the native Zmodem serial transfer on NT would have been my first choice. But, if the tech had only a "netbook" and not a notebook, serial is not an option. Unless you are truly prepared with an expensive USB to DB9 serial cable.

  • ItFInallyWorks (unregistered) in reply to Gary Olson

    What are you talking about? I use those all the time. They're quite cheap. A quick amazon search shows several name brand ones under $20, and others even cheaper: http://www.amazon.com/s/ref=nb_ss_gw?url=search-alias%3Daps&field-keywords=usb+serial+converter&x=0&y=0

    In case you don't know, a good many small embedded microcontrollers (like Atmel's AVR, or Microchip's PIC) still have RS-232 ports. Even common wireless routers more often than not have RS-232 ports. http://oldwiki.openwrt.org/OpenWrtDocs(2f)Customizing(2f)Hardware(2f)Serial_Console.html

  • Microfrost (unregistered) in reply to acid
    acid:
    Oh, and Alex, FFS mate, get some tree based forum software for this site like the rest of the planet has. Surely one of your sponsors has something that would suffice?

    FTW

  • You what? (unregistered) in reply to tin
    tin:
    ATimson:
    Windows 95 had USB support added in OSR2.1--that is, OEM Service Release 2.1, meaning that you had to buy a new machine to get that support.

    I'm fairly sure the update was also available on the interwebs... Of course back then it was probably cheaper and easier to just buy the new computer anyway.

    Anonymous Hacker:
    From what I remember, NT4 only used LM hashes, so passwords are case insensitive and are hashed in two 7 character blocks. Brute force cracking is quite fast :)

    Sure is fast. Some passwords come up in a matter of seconds. I remember trying it with our school's staff accounts way back... Of the 30 or so accounts, I think I had about 10 in seconds, another 10 within about half an hour, and all but 2 by the end of the day. The 2 remaining were easy to get though - one was mine, and the other was the principal's, who I simply asked what it was. And yes, I worked for the school doing IT and I had a reason to do it. I needed to recreate all the accounts in LDAP on a new server with as little interruption as possible.

    There is no reason to hack passwords so as to have '..as little interruption as possible.' AFAIK Hacking a password (at least an account password - not sure on whether hacking a password-protected document is quite the same) without someone's knowledge is illegal in most parts of the world (certainly these days it's a breach of Data Privacy law).

    It doesn't matter that you did it to simplify something, or with good intention. If I found that admins at my work had done (or even tried to do) similar, there would be some lawyers asking questions quick smart.

  • (cs)

    The real wtf is that it's spelled NUCLEIDE and none of you dumb shits noticed.

  • (cs) in reply to Anon
    Anon:
    the password was likely L&28A34G#$%GH1 or worse, something insane that somehow used non-printable ASCII characters.

    I was expecting the password to turn out to be "password".

    ROFL! That would have made perfect sense and would have given this story a little more WTF?!

Leave a comment on “The Dead Guy's Password”

Log In or post as a guest

Replying to comment #:

« Return to Article