Over July 4th weekend I was off at a convention at a hotel in the heart of Silicon Valley. Most of the weekend was spent engaged in activities such as panel discussions, dining with friends, partying, talking about movies and science fiction, partying, getting caught up on the latest gossip, playing with the "One-Laptop-per-Child" $100 computer (way cool!) partying, more partying....
So, around midnight after four days of this, a bunch of us hackers are standing around in the lobby and we start fooling with the big flat screen display in the lobby. It was running a "welcome" program—a big splash screen showing a picture of the Hotel and instructing people to touch it to learn more about the wonderful features of the establishment.
It didn't take long to see it was just running a Windows browser-based HTML program. This display was actually a live Windows desktop. Then one of our party discovers that the task bar had not been disabled, but merely hidden. Click on the correct corner and there's the familiar Start button.
So naturally he clicks on it. And the Start menu opens up for us!
At this point you're entitled to shake your head and ask yourself what kind of people would be foolish enough to put up a live Windows desktop where the public can access it in the middle of Silicon Valley. Well, it gets better.
Because right there, at the top of the Start pane, Windows informs us that we're logged in as "Administrator."
Ohmigawd. Insert astonished expletive of your choice here. We all surely did.
The fellow who pulled this up just looks at the rest of us, grins, and says, "So, where would you like to go today?"
This was just too good to pass up. After a bit of fussing around, we find an accessory that provides us with a touch screen virtual keyboard. Now we really could go anywhere. Faster than you can say "Hackers R Us" we're poking about with the command line interface. Internet connectivity does not seem impossible, but it looks like it would take somewhat more work than we feel like doing, and besides there are parties to get to. And besides we're really not cruel people. We're nice hackers. We want to do something more benign than installing new software.
I get an idea. I pop into the display properties control panel and disable the hotel's screen saver. Then I look to see what other options are available. Marquee Display...that will do. Go into Setup, pick an appropriately attractive combination of background and font styles and colors, and type in a message to be scrolled across the screen. Back out, set the screen saver to kick in after one minute, save, and exit.
The results are as you see them in the photograph. Much hilarity ensued for the members of the convention. The hotel staff was rather more puzzled and possibly less amused. And, surprisingly, it took them all the next morning to figure out what had been done to their system.
Once they solved the puzzle, I had a nice chat with their IT person and suggested that it would be much wiser if they did not give anybody who wandered into their lobby Administrator privileges on any of their computers. He agreed and said he would remedy it that afternoon. I sure hope he followed through, for his sake.
So, how secure is your computer system, and who has access to it? Think about it.