At my last job we called this “noiding” (after the Pizza Hut/Domino’s guy from the ad campaign back in the day).
What many of you are missing is this is a tactic to embarrass people into remembering to lock their computers. If it is an official policy, it won’t be against policy, will it? The point isn’t that your co-workers are nefarious (though some are) but if your office is open to people, any of them could get information off of your computer, and many people do have information that could be useful in the “wrong hands”.
I have worked in multiple offices that have had people gain access to the office, during office hours, and stolen items and been gone before it was discovered. Now imagine that what was stolen wasn’t a purse or wallet, but accounting information or passwords…
… In a public company, modifying another employee’s computer without his consent is usually a serious security violation that can get you fired. …
Reread your company’s policies on this kind of stuff before adopting any of these ideas."
Yes, yes indeed. Please do read your company’s policies on security. For somewhere as strict as you make it sound, I would be quite shocked if there wasn’t something in there about users locking their workstations. Most companies require that you lock your computer, many force it with a short screensaver time-out that’s password protected.
my favorite trick is to turn off their spacebar (or the key of your choice)… it’s a quick little reghack, especially if you’ve got the .reg file prepared — info @ http://www.usnetizen.com/fix_capslock.html
you can use these powers for good as well on your own computer, for example i’ve turned off my CAPSLOCK and insert keys…
If you really want computer user security principles drilled in to you, work for the DoD for a while. Every time I stand up from my computer I lock it out of pure habit. If you don’t, you are violating the use agreement and subject to loss of computer privileges, which would ultimately lead to untimely termination.
While some commenters here are shocked at this infantile behavior, I think that there are environments where this is a good idea.
I work at a University. Our building is open to the public, and will remain that way. Non-employees can and do enter our building. Laptops have been stolen when people forget to lock the door to their office.
Most people around me are very good about closing the door to their office when they leave, but a few are not. Polite reminders are not always successful at convincing them to close their office. Sometimes a mild prank is a good way of reminding someone of their vulnerability.
I prefer very mild pranks. For instance, on Unix-type computers I like to edit their login so that it prints out a message when they login. Harmless and easy to remove (for the folks that are here) but a good reminder.
Security, shmecurity, goating is FUN! Someone gets goated every day around here. This morning’s: “I wish procreating was as simple as matrix multiplication.”
At my school, all of the teachers are given complete local administrator access. They also have complete access to all of our (the students’) private information - grades, addresses, phone numbers, email addresses, some health information and I’m not even sure what else. Despite this, they often leave their computers unlocked for extended periods of time, with the student information software wide open. It’s a miracle no students have changed their own grades yet. I don’t understand why IT restricts the students so much that we can’t even change the screen resolution (yes, really) but can’t be bothered to implement a policy to require password protected screensavers.
At Research in Motion, if someone leaves his computer unlocked, he often finds that he’s subsequently offered to purchase a box of donuts for his entire team. (Of course, regardless of whether or not he actually produced the e-mail, he’s now responsible for the team’s donut coverage.)
Back at SFU, we called it “Baggy Pantsing”, and it usually ended up with an e-mail to everyone about the very baggy condition of one’s pants. (I think the terminology was lifted from the Jargon File)
Since I work with sensitive data, we are all required to lock the computer if we get up from our desk. If you forget to do this, the computer locks automatically after 5 minutes of inactivity. That’s goo in theory, but when you are staring at the screen trying to figure out why an algorithm isn’t working and the computer locks on you it really gets frustrating.
If we happen to forget and walk away and one of the security guys comes by, they will leave a big SECURITY VIOLATION message in a Notepad window on your desktop. It’s a joke to some, but I think they might actually log when that happens. Just building the case for when the axe starts swinging…
At my last job, the tradition was to use an unlocked workstation to send an email to the group saying something like, “You know, I really love you guys. I really do.”
Obviously, variations occur–I once “got” the most avid gamer in the group by “offering” his new Xbox 360 for “$100 (or best offer)”
Back in college, if you walked away from the NeXT terminal without logging out, a friend of mine was fond of sending an email to yourself with the following:
“Name, this is you from some odd year. Whatever you do, don’t talk to the monkey!”
In the early 90s when I administered the CS labs at Old Dominion University, inserting “logout” as the first line in .login was an effective goating technique. We only ever used it on other staff members who knew better.
On my team, “Fabio-ing” has been made into a near-Olympic sport. If someone’s away from their unlocked computer for less than a minute, one of my coworkers is in their cube putting a picture of Fabio on their desktop. Priceless.
Great job Jeff for covering an important piece of positive (!) social engineering, and for giving me all kinds of new tricks to pull
When this happens, I tend to mess with the autocorrect feature in Word. Think leetspeek
On a more serious note, where I work we use smartcards for building access, and for computer logon. Locking your workstation is as simple as removing the card when you get up and leave, unlocking when you get back is as simple as inserting it and entering a pin code.