by Ctein
Over July 4th weekend I was off at a convention at a hotel in the
heart of Silicon Valley. Most of the weekend was spent engaged in
activities such as panel discussions, dining with friends, partying,
talking about movies and science fiction, partying, getting caught up on
the latest gossip, playing with the "One-Laptop-per-Child" $100
computer (way cool!) partying, more partying....
So, around
midnight after four days of this, a bunch of us hackers are standing
around in the lobby and we start fooling with the big flat screen
display in the lobby. It was running a "welcome" program—a big splash
screen showing a picture of the Hotel and instructing people to touch it
to learn more about the wonderful features of the establishment.
It
didn't take long to see it was just running a Windows browser-based
HTML program. This display was actually a live Windows desktop. Then one
of our party discovers that the task bar had not been disabled, but
merely hidden. Click on the correct corner and there's the familiar
Start button.
So naturally he clicks on it. And the Start menu opens up for us!
At
this point you're entitled to shake your head and ask yourself what
kind of people would be foolish enough to put up a live Windows desktop
where the public can access it in the middle of Silicon Valley. Well, it
gets better.
Because right there, at the top of the Start pane, Windows informs us that we're logged in as "Administrator."
Ohmigawd. Insert astonished expletive of your choice here. We all surely did.
The fellow who pulled this up just looks at the rest of us, grins, and says, "So, where would you like to go today?"
This
was just too good to pass up. After a bit of fussing around, we find an
accessory that provides us with a touch screen virtual keyboard. Now we
really could go anywhere. Faster than you can say "Hackers R Us" we're
poking about with the command line interface. Internet connectivity does
not seem impossible, but it looks like it would take somewhat more work
than we feel like doing, and besides there are parties to get to. And
besides we're really not cruel people. We're nice hackers. We want to do something more benign than installing new software.
Sure, it's silly and juvenile, but what would you expect from a bunch
of hackers after four days of partying?! Photo of Ctein by Mette Hedin.
I get an idea. I pop into the display properties control panel and
disable the hotel's screen saver. Then I look to see what other options
are available. Marquee Display...that will do. Go into Setup, pick an
appropriately attractive combination of background and font styles and
colors, and type in a message to be scrolled across the screen. Back
out, set the screen saver to kick in after one minute, save, and exit.
The
results are as you see them in the photograph. Much hilarity ensued for
the members of the convention. The hotel staff was rather more
puzzled and possibly less amused. And, surprisingly, it took them all
the next morning to figure out what had been done to their system.
Once
they solved the puzzle, I had a nice chat with their IT person and
suggested that it would be much wiser if they did not give anybody who
wandered into their lobby Administrator privileges on any of their
computers. He agreed and said he would remedy it that afternoon. I sure
hope he followed through, for his sake.
So, how secure is your computer system, and who has access to it? Think about it.
______________
Ctein
That's just TOO funny! I hope that the person who set up the computer wasn't in the IT department....
Posted by: Jeff Henderson | Monday, 23 July 2007 at 04:21 PM
Haha, marvellous!
Posted by: brendadada | Monday, 23 July 2007 at 05:01 PM
Wonderful choice in colour!
Posted by: Kainnon | Tuesday, 24 July 2007 at 12:40 AM
It seems to me that you could have changed the screen saver parameters *without* administrator access. Usually even restricted users can do *that* much. But that was a very benign (and clever) hack!
Also, Ctein, do you guys stand around and compare badge length? I don't think I have ever seen a badge that long at a convention before!
Posted by: KeithB | Tuesday, 24 July 2007 at 10:36 AM
I really have no idea why this is on this blog. I can't figure out why I read it.
Posted by: Paul McEvoy | Tuesday, 24 July 2007 at 10:37 AM
Dear Keith,
Yeah, I don't think we wound up doing anything a regular user could not have done. I thought about password-protecting the screensaver (that would've been admin level), but then they'd have had to go to some real work to undo it, and that would have been mean, not nice.
Banner ribbons are a relatively new thing. Useful for ID--ing certain kinds of participants. Also have become popular for little throw-away messages. I don't have very many, truth!
pax / Ctein
Posted by: Ctein | Tuesday, 24 July 2007 at 03:31 PM
Dear Paul,
Q: "I really have no idea why this is on this blog."
A: Because Mike indulged me this one time. Probably for the same reason there was a post about audio CD's not that long ago. Editorial privs.
Q: " I can't figure out why I read it."
A: 1) You're my biggest fan.
2) You find my prose and wit irresistable.
3) You instantly fell in love with my handsome visage.
4) You like train wrecks.
pax / Ctein
Posted by: Ctein | Tuesday, 24 July 2007 at 03:34 PM
Here I am up on an island in Maine with sloooow dialup avoiding most things technical -- with the exception, of course, of a couple of dSLRs and a few choice lenses -- and I find myself laughing loud enough to call all the moose for 3 miles around at this story of the Perfect Graceful Hack. Wonderful !
Posted by: Annedi | Wednesday, 25 July 2007 at 12:18 PM
HaHa - more funny is that middle-aged Geek humor still revolves around juvenile pranks incorporating insider jokes...indearing, really.
'All your base are belong to us' indeed...:-)
Posted by: wtlloyd | Thursday, 26 July 2007 at 05:28 PM
Dear wtlloyd,
An astute observation. The best hacking is play. It's inherently child-like (not childish) activity. One could have just as easily put up a message that said, "Dear IT Manager, please secure your system against intrusion."
But it would have been so much less fun!
pax / playful Ctein
Posted by: Ctein | Friday, 27 July 2007 at 04:52 PM