tssci security

My first hack

My first hack that I remember, was in sixth grade (1996 or so??). We had a lab full of Macintosh computers, which I had no clue about or anything at the time, other than we logged into them and had a folder for our documents and another folder containing the programs we could use. Every student had their own login name -- a derivative of their first and last name -- and a password assigned and given to you on a small strip of paper. You couldn't change your password, but if you forgot it, the teacher could log you in using her 'master' password.

So, after I noticed what powers the teacher had, I thought of a way to take advantage of it. When the teacher walked around the room to check if anyone had any problems, I told her I forgot my password. The teacher, being a slow, "pointer finger typer," enters in her password for my username. I watch carefully as she types and how many dots show up in the password field: g - o - l - d, four dots.


(OK, so you might not think this is a hack, but only shoulder surfing. Whatever.) I made a mental note of this and after doing what I had to do on the computer, I log off and log back on using the teacher's password again. Works. I log back off again, and this time... use a friend's name from another class. Sweet, it works! I could even log onto the teacher's account and anybody else I wanted too. I had no idea what the Mac admin's name was, otherwise I'd probably have tried and logged into his account as well.

This soon got real boring, as the only thing different in people's folders were their documents. It was fun typing random stuff into people's papers, but there were no cool programs available. I couldn't care less at the time. Soon, other people discovered the password and began abusing it. Not being discrete about it at all, the teachers eventually caught on.

Subsequently, they changed the master password... to oxygen.

Posted by Marcin on Tuesday, April 24, 2007 in Security.

blog comments powered by Disqus
blog comments powered by Disqus