by Ctein
Over July 4th weekend I was off at a convention at a hotel in the heart of Silicon Valley. Most of the weekend was spent engaged in activities such as panel discussions, dining with friends, partying, talking about movies and science fiction, partying, getting caught up on the latest gossip, playing with the "One-Laptop-per-Child" $100 computer (way cool!) partying, more partying....
So, around midnight after four days of this, a bunch of us hackers are standing around in the lobby and we start fooling with the big flat screen display in the lobby. It was running a "welcome" program—a big splash screen showing a picture of the Hotel and instructing people to touch it to learn more about the wonderful features of the establishment.
It didn't take long to see it was just running a Windows browser-based HTML program. This display was actually a live Windows desktop. Then one of our party discovers that the task bar had not been disabled, but merely hidden. Click on the correct corner and there's the familiar Start button.
So naturally he clicks on it. And the Start menu opens up for us!
At this point you're entitled to shake your head and ask yourself what kind of people would be foolish enough to put up a live Windows desktop where the public can access it in the middle of Silicon Valley. Well, it gets better.
Because right there, at the top of the Start pane, Windows informs us that we're logged in as "Administrator."
Ohmigawd. Insert astonished expletive of your choice here. We all surely did.
The fellow who pulled this up just looks at the rest of us, grins, and says, "So, where would you like to go today?"
This was just too good to pass up. After a bit of fussing around, we find an accessory that provides us with a touch screen virtual keyboard. Now we really could go anywhere. Faster than you can say "Hackers R Us" we're poking about with the command line interface. Internet connectivity does not seem impossible, but it looks like it would take somewhat more work than we feel like doing, and besides there are parties to get to. And besides we're really not cruel people. We're nice hackers. We want to do something more benign than installing new software.
Sure, it's silly and juvenile, but what would you expect from a bunch
of hackers after four days of partying?! Photo of Ctein by Mette Hedin.
I get an idea. I pop into the display properties control panel and disable the hotel's screen saver. Then I look to see what other options are available. Marquee Display...that will do. Go into Setup, pick an appropriately attractive combination of background and font styles and colors, and type in a message to be scrolled across the screen. Back out, set the screen saver to kick in after one minute, save, and exit.
The results are as you see them in the photograph. Much hilarity ensued for the members of the convention. The hotel staff was rather more puzzled and possibly less amused. And, surprisingly, it took them all the next morning to figure out what had been done to their system.
Once they solved the puzzle, I had a nice chat with their IT person and suggested that it would be much wiser if they did not give anybody who wandered into their lobby Administrator privileges on any of their computers. He agreed and said he would remedy it that afternoon. I sure hope he followed through, for his sake.
So, how secure is your computer system, and who has access to it? Think about it.
______________
Ctein
That's just TOO funny! I hope that the person who set up the computer wasn't in the IT department....
Posted by: Jeff Henderson | Monday, 23 July 2007 at 05:21 PM
Haha, marvellous!
Posted by: brendadada | Monday, 23 July 2007 at 06:01 PM
Wonderful choice in colour!
Posted by: Kainnon | Tuesday, 24 July 2007 at 01:40 AM
It seems to me that you could have changed the screen saver parameters *without* administrator access. Usually even restricted users can do *that* much. But that was a very benign (and clever) hack!
Also, Ctein, do you guys stand around and compare badge length? I don't think I have ever seen a badge that long at a convention before!
Posted by: KeithB | Tuesday, 24 July 2007 at 11:36 AM
I really have no idea why this is on this blog. I can't figure out why I read it.
Posted by: Paul McEvoy | Tuesday, 24 July 2007 at 11:37 AM
Dear Keith,
Yeah, I don't think we wound up doing anything a regular user could not have done. I thought about password-protecting the screensaver (that would've been admin level), but then they'd have had to go to some real work to undo it, and that would have been mean, not nice.
Banner ribbons are a relatively new thing. Useful for ID--ing certain kinds of participants. Also have become popular for little throw-away messages. I don't have very many, truth!
pax / Ctein
Posted by: Ctein | Tuesday, 24 July 2007 at 04:31 PM
Dear Paul,
Q: "I really have no idea why this is on this blog."
A: Because Mike indulged me this one time. Probably for the same reason there was a post about audio CD's not that long ago. Editorial privs.
Q: " I can't figure out why I read it."
A: 1) You're my biggest fan.
2) You find my prose and wit irresistable.
3) You instantly fell in love with my handsome visage.
4) You like train wrecks.
pax / Ctein
Posted by: Ctein | Tuesday, 24 July 2007 at 04:34 PM
Here I am up on an island in Maine with sloooow dialup avoiding most things technical -- with the exception, of course, of a couple of dSLRs and a few choice lenses -- and I find myself laughing loud enough to call all the moose for 3 miles around at this story of the Perfect Graceful Hack. Wonderful !
Posted by: Annedi | Wednesday, 25 July 2007 at 01:18 PM
HaHa - more funny is that middle-aged Geek humor still revolves around juvenile pranks incorporating insider jokes...indearing, really.
'All your base are belong to us' indeed...:-)
Posted by: wtlloyd | Thursday, 26 July 2007 at 06:28 PM
Dear wtlloyd,
An astute observation. The best hacking is play. It's inherently child-like (not childish) activity. One could have just as easily put up a message that said, "Dear IT Manager, please secure your system against intrusion."
But it would have been so much less fun!
pax / playful Ctein
Posted by: Ctein | Friday, 27 July 2007 at 05:52 PM