BASTARD OPERATOR FROM HELL IN BRITAIN #2

BASTARD OPERATOR FROM HELL IN BRITAIN #2

By Simon Travaglia (spt@waikato.ac.nz)

"Ah Simon, thank you for coming, please sit down"

The promotions committee is strangely quiet today. Normally they're far
more boisterous and sure of themselves. This has to be good news.

"Now Simon, as you know there's a vacancy for a Senior Operator in the
Computer Centre following the tragic accident in the staff showers."

"Yes" I utter, "tragic"

"How the hell a toaster got in there in the first place is beyond the scope
of this committee, as our main interest is to find a replacement as soon as
possible. Ordinarily, we would appoint such a senior position externally,
but following that awful business with the lift controller failure and the
shortlisted candidates.."

"Awful" I sigh, my heart pity at the tragedy of three Senior Operator
applicants plunging down a lift shaft to their deaths... Completely
accidental you understand...

"..It still seems very strange; apparently the accident inspector stated
that the lift appeared to be accelerating *faster* than the speed of
gravity when it fell. But I guess we'll never know now that the lift
control room had that big electrical fire..."

I could be oversensitive on this issue, but I'm feeling a little bit of
dissent in the room around me. Some members of the promotions committee
appear to be having problems making the decision of whether they should
support the University's interests by appointing me senior operator or
becoming involved in the next fatal campus accident. I decide to cut
through the red tape and get to the point.

"So essentially, all supposition aside, you wish me to take over the role
of Senior Operator.."

"Ah..." the chairman utters, looking around the room for backup, "..Yes"

"Ok, fine. I'll need a couple of K extra for the increased responsibility,
say another K for relocation.."

"BUT YOU'RE ONLY TWO OFFICES AWAY!!"

"Good point - *TWO* K for relocation, and new office furniture. Leather
Armchairs would be good. Oh, and an expresso machine."

I get up.

"Well, that should be all I think, so I'll just get off back to work"

While they mutter amongst themselves, I make my exit back to the control
room. As it's getting towards the end of my working day (3pm) I write
protect the userdisk and start a shutdown for 1 minute. The phone rings.

"I can't save my work" a voice sobs from the phone

"You really should try.."

"But the system won't let me" he wimpers, "can you halt the shutdown?"

"Well, I'd like to, but it's irrevocably committed to shutdown - there's no
telling what might happen - we could lose all your work, there's no
telling...."

"Um..." - You can almost hear the wheels turning - "...Uh.."

I hang up - they're obviously not committed.

The shutdown completes and I reboot, then decide to introduce a little fun
to the network by pulling out random staff terminal lines and repatching
them to the student areas and vice versa. Just like the big breakin of '91.

Next I choose a letter at random from the complaints box to use as this
week's "External Penetration" victim, then delete all their files.

I decide to get into something new. I break out the telephone serviceman's
handset and wander into the comms room and start eavesdropping on people's
conversations.

Most of it is crap, but it gives me an idea. Pipe it all through voice
recognition and look for words including my name (for security purposes), a
sexual encounter, or live chickens. Definite possibilities...

A user rings.

"Oh, Hi - can you tell me what my password is please?" they ask

"I'm sorry" I say for the 1 billionth time "passwords are encrypted on the
system, and it's far easier for me to change your password than to find out
what it is." (Which is crap; I know what it is, the password changing
routine does have a slight in-house modification which the implementers
probably weren't counting on.)

"Oh, ok - could you change it to 'desert' please - that was my old
password"

"I'm sorry, but we can't change user's passwords to ones that they supply -
that would compromise site security"

"Oh, then could you just give me a new password?"

"Sure. What about desert?"

"Huh? .. .. Oh, Ok, that would be fine"

I hang up, they hang up. 10 minutes later they call back.

"Have you changed that password yet?" they ask

"CHANGED the password?" I say "You just asked me to give you a new
password, you said nothing about changing it"

"But... Oh. Well, could you change it to desert for me please?"

"I'm sorry, but I can't do that, because of the security compromise, as I
told you before. If I knew your password, I could possibly log into your
account without you knowing, couldn't I?"

"Well yes..."

"And if that happened, your data would be compromised, wouldn't it?"

"Uhh, yes, I suppose it would"

"So in other words, if two people have the password to an account, the
security of it is at least halved, isn't it?"

"Yes, I suppose you're right"

"Of course I am, I'm the operator. I'm not only right, I'm wrong if I want
to be as well.."

"Uh.."

He doesn't know whether to agree or not. Wimp.

"Now," I say, breaking the tension "I'll change your password for you"

"Ok, thanks"

"No worries. Bye now"

"B. >click<"

They ring back

"You didn't tell me my password!"

"Of course I didn't. We already agreed that two people knowing the password
is less secure than one, didn't we?"

"Well, yes, but..."

"No buts, security is security, off you go..."

That's the problem with this job, it doesn't come naturally - you have to
*WORK* on it.
[BACK]