Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
This forum is in permanent archive mode. Our new active community can be found here.
A little bit of old school
I posted this story on my blog this morning when something jogged my memory of the conversation.
I'm going to post the relevant story portion and leave the ending off. I'm curious to see how many people can figure out what happened without reading the ending.
At the IT shop where I worked there were a few good techs and one smart one, me. Back in the mid 80's I was just one worker, among many, who kept the campus mainframe operational.
We ran Unix, like everyone else did, and though my associates at work could handle most of the day-to-day operations of maintaining a mainframe they were not the brightest folks in regards to programming or how Unix worked.
There were a few joke items scattered about the office such as the proverbial "bit bucket" or "metric" rather than standard crescent wrench but, for the most part, it was a fairly serious shop.
One day a few of my associates approached me to ask me a question. It seems they had found the directory and files where all of the passwords were stored along with the usernames. Please understand, this is back in the day when hashing passwords and network security was almost non-existent.
The only network links off campus were in the 300 baud range. It was easier (and faster) to just dump a tape and fly somewhere than attempt to use a link.
Since only admins had root access and all the techs were admins I knew it was only a matter of time until this question surfaced.
"Hey Steve, we were looking at the password file and we noticed something strange."
"Yeah, what?"
"Well, everyone on campus has a password but you."
"I have a password, you just can't see it because I'm a super user."
"What? How come you get to be a super user?"
It was all I could do to keep from cracking up at this point. I wasn't a super user, I had the same access rights as they people did, but I had a secret...
"Well, if you guys were smart and knew enough about computers maybe you could be super users too!"
They left in a bit of a huff, mumbling to each other how unfair it was that I had special perks that they did not.
The next day my boss pulled me aside, he wanted to know what all the trouble was about and why the other techs were acting uppity. Once again, I had to keep a straight face. I walked with him back to his office, made sure no one was around, closed the door and talked to him.
I brought up the password file and showed him what all the fuss was about. When he saw that I was the only one without a password he grinned. He knew what was going on.
"You bastard!"
"Yup, that's me."
"You got them all worked up over this?"
"Yep."
"Get out of here before I smack you around for being a wise-ass!"
See, the thing that my co-workers never caught on to but my boss saw right away was that the file was ASCII with no encryption or anything. If those passwords had been hashed or displayed in HEX or anything other than ASCII than my coworkers would have never been mislead. What I did was exploit the weakness in the system to make everyone think my password was so secure that no one could see it.
So, how did he hide his password?
I'm going to post the relevant story portion and leave the ending off. I'm curious to see how many people can figure out what happened without reading the ending.
At the IT shop where I worked there were a few good techs and one smart one, me. Back in the mid 80's I was just one worker, among many, who kept the campus mainframe operational.
We ran Unix, like everyone else did, and though my associates at work could handle most of the day-to-day operations of maintaining a mainframe they were not the brightest folks in regards to programming or how Unix worked.
There were a few joke items scattered about the office such as the proverbial "bit bucket" or "metric" rather than standard crescent wrench but, for the most part, it was a fairly serious shop.
One day a few of my associates approached me to ask me a question. It seems they had found the directory and files where all of the passwords were stored along with the usernames. Please understand, this is back in the day when hashing passwords and network security was almost non-existent.
The only network links off campus were in the 300 baud range. It was easier (and faster) to just dump a tape and fly somewhere than attempt to use a link.
Since only admins had root access and all the techs were admins I knew it was only a matter of time until this question surfaced.
"Hey Steve, we were looking at the password file and we noticed something strange."
"Yeah, what?"
"Well, everyone on campus has a password but you."
"I have a password, you just can't see it because I'm a super user."
"What? How come you get to be a super user?"
It was all I could do to keep from cracking up at this point. I wasn't a super user, I had the same access rights as they people did, but I had a secret...
"Well, if you guys were smart and knew enough about computers maybe you could be super users too!"
They left in a bit of a huff, mumbling to each other how unfair it was that I had special perks that they did not.
The next day my boss pulled me aside, he wanted to know what all the trouble was about and why the other techs were acting uppity. Once again, I had to keep a straight face. I walked with him back to his office, made sure no one was around, closed the door and talked to him.
I brought up the password file and showed him what all the fuss was about. When he saw that I was the only one without a password he grinned. He knew what was going on.
"You bastard!"
"Yup, that's me."
"You got them all worked up over this?"
"Yep."
"Get out of here before I smack you around for being a wise-ass!"
See, the thing that my co-workers never caught on to but my boss saw right away was that the file was ASCII with no encryption or anything. If those passwords had been hashed or displayed in HEX or anything other than ASCII than my coworkers would have never been mislead. What I did was exploit the weakness in the system to make everyone think my password was so secure that no one could see it.
So, how did he hide his password?
Comments
Correct? <y/n>