Don't Forget To Lock Your Computer

I will vouch for what TomatoQueen said. I work in a large federal building as a contractor and frankly most of the IT staff are clueless about computer security (not to mention computers, but that’s a different issue).

Whenever we get an email that screams “security risk” (e.g. from an unknown person asking for personal information or telling us to open the attached file, often with very poor grammar) it’s pretty much a sure thing that it’s not only a legitimate email, but that it’s from the security department that doesn’t actually follow any of the procedures they dictate.

Plus IE6 is required to be your default browser, and we only upgraded to SP2 on XP about 6 months ago.

Wicked tip about Clippy. Had a go at a workmates computer and he was instantly baffled - even had an IT guy come over and look at it. They both agreed that it had to be a joke, though, which was good. I actually think he’ll keep Clippy running on the comp, just cause it’s a great humor-stunt.

As for the differing opinions on this issue: as far as I’m concerned, if your company has a policy on locking your comp when leaving it, you’re to blame for whatever happens to it if you don’t.

Regards
Fake

Yes, one side effect of this technique is that you quickly learn which of your coworkers do and don’t have a good sense of humor.

As always, use your own judgment about what is appropriate behavior in your work environment. I am not proposing that you do this indiscriminately to everyone, to your CEO or boss… unless you know they’ll go along with the friendly joke.

Wow! Not a big fun of goating myself but… People, forget about your tight-ass ultra-corporate offices for a moment and relax.

Somebody once said about programming: “Remember, it is supposed to be fun. If it isn’t, you are doing something wrong”.

Considering the sensitivity and importance of corporate knowledge and data in general, I can’t believe the degree of navet in some of these responses. And, while I agree that a few of the actions mentioned above might be extreme, the practice itself is a necessary evil. Most of the examples given would take far longer than the “30 seconds” cited by those complaining, so I think that exaggeration is also lending to a much more negative perception. Here’s my rule of thumb: I don’t lock my workstation if I’m in view of the area as I’ll know when someone enters my space, but if I go to lunch, the bathroom or across the floor to vending, I lock it.

Though the finance industry may have their specific, above-mentioned guidelines strictly designed for monitoring access, even more companies (if not All) have some form of security policy that includes a “need to know” confidentiality clause. This pertains not only to external entities, but your trusted co-workers. I’ve worked in a secure environment for the past several years and, as mentioned above, leaving my workstation unlocked is NOT an option. My clearance level may be above that of my co-worker. So, while they are allowed in the building, floor, and cubicle, they aren’t allowed to view certain documentation. To make it more complicated, I may never know what some of my co-workers clearance level is, which becomes irrelevant if I lock my workstation. The responsibility for security begins with ME. I’ve acted as SSO for several systems and I can assure you that the easiest and main point of access for most intrusions are at the individual security level, from inadequate password protection (too easy or taped to their monitor) to, you guessed it, leaving their workstation unlocked.

Even the Cum-Bay-Ah office environments glorified above probably aren’t as secure and friendly as the posters would lead us to believe. People are easily rubbed the wrong way, so a simple email inviting one co-worker over for a BBQ may seem innocent to you, but may leave another, uninvited co-worker feeling snubbed. He may not have done anything nefarious this time, but after having learned that you don’t like him enough to have him over to dinner and having time to stew over it, your next lunch excursion may be his opportunity to exact some sweet revenge on you by sending an email from your account letting your boss know exactly how you feel about him.

No personal information on your workstation, you say? What about your emails? None of those slip into the personal realm? What about things like annual performance evaluations, usually communicated via email? Think your co-worker would be satisfied to find you receive twice the salary to do half the work…even if that is only his perception?

If you don’t like it happening to you, than lock your workstation. If you can’t be bothered to follow through with such a massive inconvenience as locking your workstation, than report it. Why don’t you report it? Because the first question you’ll probably be asked is how they gained access. When I was told that the user left the machine unlocked, as a security officer my first response would always be to chastise that user. That would be followed by the question “what exactly do you expect me to do?” All the system logs will prove is that YOU were logged in; good luck attempting to invoke your SAAS 70 (which I believe more than assumes the Owner is acting responsibly and maintaining the fundamental security and access to said system by, yes you guessed it, locking the machine when they are not present.)

We’ve most commonly referred to it as “getting bageled”. The first offense is usually a warning by way of email from their own account reminding them the importance of network security and their role in it. On further lapses, the offender (and that is EXACTLY what the person NOT properly securing their workstation is) generously emails the office his intention to bring bagels (or donuts) for breakfast the next morning. Anything beyond that is usually a judgment call based on the relationship between the offender and the person catching him or the offender’s demeanor in general.

Judging by some of the uptight responses above, I’d guess most of these “pranks” are attempts at levity designed to help you removed the sticks from your behinds.

Okay, content filter got me on this post. Wherever you see happy, just replace it with a slang for being homosexual.

Someone got me once. In Sybase SQL Anywhere’s front end (it was a while ago) you could run queries. When a column was null, is would appear as “NULL” italicized. I didn’t know that was configurable. So, one day I came back to my machine, sat down, ran a query, and instead of NULL is said “Matt is happy”. Very juvenile. However, also pretty funny.

I was EXTREMELY upset at first – not because it said I was happy, but because I thought, just for a second, that the database really had that data in there, and I had just sent a copy to a client for testing. I thought that I was going to get in SOOOO much trouble for sending out such an unprofessional message.

Of course, people misunderstood why I was originally so upset, and they all thought that I was homophobic.

Funny, it sounds like you’re the one who’s violating the corperate security policy. It might be a good lesson but you are still breaking the rules to ‘teach’ it. Frankly I would give him a warning about not locking the computer and dock you a days pay and make it clear that if it happened again you would be fired.

If someone were to attempt to dock my pay for goating, they’d be forced to demonstrate my involvement in court. That’s going to be pretty hard to do…probably just as hard to prove as you being in the bathroom when that porn was downloaded.

Not only that, but if that user were ever foolish enough to leave his machine unlocked again, my motivation would probably swing from harmless fun and security reminders to pure revenge.

On a lighter note…

It’s also a good prank to go into MS Word and mess with the auto correct dictionary, replacing common words like ‘the’ with either misspelled versions, or completely different words.

I really don’t understand why so many people seem to be offended by the idea of office pranking - especially in this situation.

For the “anti-prank” contingent:

What’s worse:

• co-worker changing your desktop background
  or
• malicious user using your computer to do (insert the worst possible thing you can accomplish with your access).

The prank is the lesson - lock your computer, or else be liable for any random act any random person would like to do as you.

(Heck, if it was supposed to be malicious, I’d be sending out resignation letters, but that’s just me.)

Yeah, that works. BTW, if someone were to type an email in my evolution and try to send it, it asks for my gnupg passphrase This can be disabled, but then, there’s no proof at all that i ever wrote that email. It doesn’t help in the scenario where i’m threatened to type it in, but ok…

My top “goating” trick was to full-screen a virtual machine to a bare bones Windows OS. I left a note that the machine had been reimaged due to a new corporate policy.

My office buddy was in the habit of walking away without locking his machine so we did a couple things to it over a few days:

I created a really crappy drawing of the him using paint.exe with a bubble saying “I love project”, where project is the dead-horse being beaten. Then we set it as his desktop and sent that email out to everyone in the company using his email.

A Week or two later he didn’t log out again so I wrote an app that would logout a user from windows every 2 min. And it went something like this.

Login, work, logout. Huh?
Login, work, logout. Expletive.
Login, work, logout. Plethora of Expletives.
Profit!!
Uncontrollable laughter ensues.

He locks his machine now

You touch my computer and I’ll probably kick your ass pretty good.

One’s PC should be locked, but if I don’t and you mess with that which I need to work, you will be sorry.

My office has “Hoffing,” where you get the raciest picture we can find of David Hasslehoff placed on your desktop the moment you walk away.

The US Army has a pretty good way of defeating this: your ID card is used to login with a PIN. Of course, when my soldiers forget their ID cards, it’s two-fold revenge: an entertaining wallpaper which they’re ordered not to change for a week, and about 200 push-ups. I don’t get to pull that very often anymore.

When I was at university – 1991 to 1993, and we’re talking Unix shell accounts here – this practice was sometimes in force too. Never heard the name “goating” for it (which is my wife’s term for flirting, but that’s neither here nor there). Most common mode took the form of altering the victim’s .login file, so the hilarity would only ensue the next time they logged in. Sometimes the script would even helpfully clean up after itself so the prank only happened once. They actual prank might involve sending out emails, or posting to Usenet, or writing to the consoles of everyone else logged in, or any number of other fun things. It might even display a message afterward explaining what had happened and admonishing the victim never to walk away from a logged-in open terminal again.

Screensaver, wait 5 minutes - On Resume Password Protect. That will protect you from most of the Goatboys.

Why stop pranking because the user “merely” locked their workstation?

• If the fool left a bootable drive on their machine you can download bootdisks and BIOS password changers and go to town. Change everything you want.

• You could re-arrange all the keys on their keyboard to spell swear words on them.

• Mess around all of their monitor display settings making sure you set the display language to Swahili or something, good luck in getting that back to normal.

• Flip the 110/220 switch on the back of the power supply to 220v.

• And top it off with the old shoe polish on the headphones trick.

Amateurs… Touch my PC and feel my wrath.

Ha, this is even better if you do it remotely - which requires that you have remote access to the PC in question, if you’re in the administrators group you can.

This is clip2.cmd which requires the sysinternals (now MS, blech!) PS Tools, Google 'em up. Run it from the command line with the NAME of the PC after it, just the name, no “\”. CHange paths to match your system.

REM ~~~~~~~~~~~~~~~~ Start cmd code ~~~~~~~~~~~~~~~~~~
REM Kill Clippy if it's already running, can't run well twice.
C:\util\ps\pskill.exe \\%1 clippy.exe
REM Make a temp dir if it doesn't alreay exist
md \\%1\c$\temp
REM  Copy the file(s) to the PC, change path to YOUR PC's 
REM  local path to Clippy.exe, also can copy clippy.txt
copy C:\util\ps\clippy.* \\%1\c$\temp
REM Run PSExec to start it on their PC
C:\util\ps\psexec.exe \\%1 -i -d C:\temp\clippy.exe
REM ~~~~~~~~~~~~~~~~ End cmd code ~~~~~~~~~~~~~~~~~~