I get up.
"Well, that should be all I think, so I'll just get off back to work"
While they mutter amongst themselves, I make my exit back to the control room. As it's getting towards the end of my working day (3pm) I write protect the userdisk and start a shutdown for 1 minute. The phone rings.
"I can't save my work" a voice sobs from the phone
"You really should try.."
"But the system won't let me" he wimpers, "can you halt the shutdown?"
"Well, I'd like to, but it's irrevocably committed to shutdown – there's no telling what might happen – we could lose all your work, there's no telling...."
"Um..." – You can almost hear the wheels turning – "...Uh.."
I hang up – they're obviously not committed.
The shutdown completes and I reboot, then decide to introduce a little fun to the network by pulling out random staff terminal lines and repatching them to the student areas and vice versa. Just like the big breakin of '91.
Next I choose a letter at random from the complaints box to use as this week's "External Penetration" victim, then delete all their files.
I decide to get into something new. I break out the telephone serviceman's handset and wander into the comms room and start eavesdropping on people's conversations.
Most of it is crap, but it gives me an idea. Pipe it all through voice recognition and look for words including my name (for security purposes), a sexual encounter, or live chickens. Definite possibilities...
A user rings.
"Oh, Hi – can you tell me what my password is please?" they ask.
"I'm sorry" I say for the 1 billionth time "passwords are encrypted on the system, and it's far easier for me to change your password than to find out what it is." (Which is crap; I know what it is, the password changing routine does have a slight in-house modification which the implementers probably weren't counting on.)
"Oh, ok – could you change it to 'desert' please – that was my old password"
"I'm sorry, but we can't change user's passwords to ones that they supply – that would compromise site security"
"Oh, then could you just give me a new password?"
"Sure. What about desert?"
"Huh? .. .. Oh, Ok, that would be fine"
I hang up, they hang up. 10 minutes later they call back.
"Have you changed that password yet?" they ask
"CHANGED the password?" I say "You just asked me to give you a new password, you said nothing about changing it"
"But... Oh. Well, could you change it to desert for me please?"
"I'm sorry, but I can't do that, because of the security compromise, as I told you before. If I knew your password, I could possibly log into your account without you knowing, couldn't I?"
"Well yes..."
"And if that happened, your data would be compromised, wouldn't it?"
"Uhh, yes, I suppose it would"
"So in other words, if two people have the password to an account, the security of it is at least halved, isn't it?"
"Yes, I suppose you're right"
"Of course I am, I'm the *OPERATOR*. I'm not only right, I'm wrong if I want to be as well.."
"Uh.."
He doesn't know whether to agree or not. Wimp.
"Now," I say, breaking the tension "I'll change your password for you"
"Ok, thanks"
"No worries. Bye now"
"B. >click<"
They ring back.
"You didn't tell me my password!"
"Of course I didn't. We already agreed that two people knowing the password is less secure than one, didn't we?"
"Well, yes, but..."
"No buts, security is security, off you go..."
That's the problem with this job, it doesn't come naturally – you have to *WORK* on it.
I get back from Britain and return to my old stomping grounds to take up a post as an Analyst/Programmer... As an A/P I'm expected to work weird hours so I start putting in some 9 to 5 shifts to see what it's like.
It's weird all right. I don't like it.
I go to the computer room to check out my machine, only I'm not the Operator any more, so I've got no access. I call the Operator. He answers.
Bad sign.
"Can I get access to the Computer Room?" I ask, respectfully