programming and human factors
by Jeff Atwood
I encourage my coworkers to lock their computers. Security, after all, is everyone's business. But often gentle encouragement is not enough. Sometimes, more.. persuasive methods are necessary.
I first learned about the noble art of goating from from Omar Shahine:
We have this problem in Hotmail. If you walk away from your desk, even for a brief moment, and your PC is left unlocked, someone will walk in, and send mail to a broad distribution list with something silly. Like "I like oranges", or worse things, some downright embarrassing. For some reason this is called "Goating". I find it incredibly annoying. My office has a lock on the door, so I am in the habit of keeping my door locked when I walk away.
Goating techniques vary from insidious and subtle to invasive, borderline vandalism. I prefer the milder forms:
Goating can be quite literal. I once walked back to my computer to find this:
It's disturbingly common here, which is why I've learned to reflexively press Windows+L when I get up from my desk.
One of my all-time favorite goating techniques, however, is to install the Clippy parody applet on a victi.. er, coworker's machine. Who doesn't love our old pal Clippy!
After one particuarly inspired installation of Clippy, an email titled "What The Heck" went out to all employees:
Is this another prank or something? What the heck is this … It's rude.Look at the right hand corner of this image.
So far this stupid thing has told me:
- My typing speed is slow.
- My productivity has been decreasing, I hope everything is Ok?
- My posture is degrading and I should reposition myself.
- Finally: It's time to play a game. Let's play hide-and-seek?
Much hilarity ensued, and more importantly, crucial lessons were learned about computer security by all.
It's up to each of us to go forth and spread the good word! If just one person learns how important computer security is, your work here is done. Many additional goating techniques can be found in these two metafilter threads; Office Poltergeist looks quite promising, as does ErrMess. And you really can't go wrong with Clippy.
But don't forget to lock your computer while you're out there spreading the word.
Change desktop wallpaper to rival sports team, which is bound to annoy them.
My pastor from years back had a Coke classic theme on his computer. I goated his computer to display a Pepsi theme. He was not amused.
Another time, I changed his screen saver to display my picture, just so he would know. Then I left. Another friend saw what I had done, opened my picture in paint, edited it so it looked like I was sticking out my tongue, and set a screen saver password. Yes, the goater got goated.
Similarly, I changed the associate pastor's screen saver to display the picture of one of the young ladies who worked in the office (no password). The AP was single. She happened to be talking to him the first time it flicked on. She gave him a quizzical look, he looked, blushed and said it must have been me. Her response was, "So, you're saying I'm not a catch?"
Frank on November 15, 2007 8:07 AMAhh, yes. I miss those days. I work in advertising, so people used to get very creative with what they sent out. Lots of "I like stickers and unicorns" type messages.
Apparently not enough people learned their lesson about locking their stations, though, and eventually the only solution was for management to take away access the whole-office distribution list. :(
Sarah on November 15, 2007 8:10 AMAt my last job we called this "noiding" (after the Pizza Hut/Domino's guy from the ad campaign back in the day).
What many of you are missing is this is a tactic to embarrass people into remembering to lock their computers. If it is an official policy, it won't be against policy, will it? The point isn't that your co-workers are nefarious (though some are) but if your office is open to people, any of them could get information off of your computer, and many people do have information that could be useful in the "wrong hands".
I have worked in multiple offices that have had people gain access to the office, during office hours, and stolen items and been gone before it was discovered. Now imagine that what was stolen wasn't a purse or wallet, but accounting information or passwords...
Kearns on November 15, 2007 8:19 AMCAA said:
"... In a public company, modifying another employee's computer without his consent is usually a serious security violation that can get you fired. ...
Reread your company's policies on this kind of stuff before adopting any of these ideas."
Yes, yes indeed. Please do read your company's policies on security. For somewhere as strict as you make it sound, I would be quite shocked if there wasn't something in there about users locking their workstations. Most companies require that you lock your computer, many force it with a short screensaver time-out that's password protected.
A.C. on November 15, 2007 8:19 AMGNOME keyboard shortcut for locking your desktop:
CTRL+SHIFT+L
bofe on November 15, 2007 8:29 AMmy favorite trick is to turn off their spacebar (or the key of your choice).... it's a quick little reghack, especially if you've got the .reg file prepared --- info @ http://www.usnetizen.com/fix_capslock.html
you can use these powers for good as well on your own computer, for example i've turned off my CAPSLOCK and insert keys........
insert keys
toddwick on November 15, 2007 8:29 AMand by CTRL+SHIFT+L, of course, I meant CTRL+ALT+L.
bofe on November 15, 2007 8:30 AMIf you really want computer user security principles drilled in to you, work for the DoD for a while. Every time I stand up from my computer I lock it out of pure habit. If you don't, you are violating the use agreement and subject to loss of computer privileges, which would ultimately lead to untimely termination.
Mattkins on November 15, 2007 8:42 AMWhile some commenters here are shocked at this infantile behavior, I think that there are environments where this is a good idea.
I work at a University. Our building is open to the public, and will remain that way. Non-employees can and do enter our building. Laptops have been stolen when people forget to lock the door to their office.
Most people around me are very good about closing the door to their office when they leave, but a few are not. Polite reminders are not always successful at convincing them to close their office. Sometimes a mild prank is a good way of reminding someone of their vulnerability.
I prefer very mild pranks. For instance, on Unix-type computers I like to edit their login so that it prints out a message when they login. Harmless and easy to remove (for the folks that are here) but a good reminder.
A mild prank is better than a stolen laptop.
Alain Roy on November 15, 2007 8:45 AMSee the Jargon File entry under "baggy pantsing".
Security, shmecurity, goating is FUN! Someone gets goated every day around here.
This morning's: "I wish procreating was as simple as matrix multiplication."
John Pirie on November 15, 2007 8:51 AMAt my school, all of the teachers are given complete local administrator access. They also have complete access to all of our (the students') private information - grades, addresses, phone numbers, email addresses, some health information and I'm not even sure what else. Despite this, they often leave their computers unlocked for extended periods of time, with the student information software wide open. It's a miracle no students have changed their own grades yet. I don't understand why IT restricts the students so much that we can't even change the screen resolution (yes, really) but can't be bothered to implement a policy to require password protected screensavers.
Nerd on November 15, 2007 8:51 AMAt Research in Motion, if someone leaves his computer unlocked, he often finds that he's subsequently offered to purchase a box of donuts for his entire team. (Of course, regardless of whether or not he actually produced the e-mail, he's now responsible for the team's donut coverage.)
Back at SFU, we called it "Baggy Pantsing", and it usually ended up with an e-mail to everyone about the very baggy condition of one's pants. (I think the terminology was lifted from the Jargon File)
Curtis on November 15, 2007 8:59 AMSince I work with sensitive data, we are all required to lock the computer if we get up from our desk. If you forget to do this, the computer locks automatically after 5 minutes of inactivity. That's goo in theory, but when you are staring at the screen trying to figure out why an algorithm isn't working and the computer locks on you it really gets frustrating.
If we happen to forget and walk away and one of the security guys comes by, they will leave a big SECURITY VIOLATION message in a Notepad window on your desktop. It's a joke to some, but I think they might actually log when that happens. Just building the case for when the axe starts swinging...
WA
Wayne on November 15, 2007 9:01 AMAt my last job, the tradition was to use an unlocked workstation to send an email to the group saying something like, "You know, I really love you guys. I really do."
Obviously, variations occur--I once "got" the most avid gamer in the group by "offering" his new Xbox 360 for "$100 (or best offer)" :-)
Tim Lesher on November 15, 2007 9:08 AM
My favorite:
Email "I'm not wearing any pants".
Me. on November 15, 2007 9:09 AMPssst... "these two" point at the same URL as eachother.
James on November 15, 2007 9:33 AMBack in college, if you walked away from the NeXT terminal without logging out, a friend of mine was fond of sending an email to yourself with the following:
"Name, this is you from some odd year. Whatever you do, don't talk to the monkey!"
Mike Hall on November 15, 2007 9:39 AMI really really don't understand this. I've never worked anyplace where stunts like this were pulled. I don't think I would want to.
Are you guys still in Junior High or what?
very confused on November 15, 2007 9:40 AMIn the early 90s when I administered the CS labs at Old Dominion University, inserting "logout" as the first line in .login was an effective goating technique. We only ever used it on other staff members who knew better.
Chris Carpinello on November 15, 2007 9:45 AM"1) Wallpaper as http://www.aquarionics.com/fun/lemming/back.html"
Oh My God! My eyes almost died!
Ubersoldat on November 15, 2007 9:48 AMOn my team, "Fabio-ing" has been made into a near-Olympic sport. If someone's away from their unlocked computer for less than a minute, one of my coworkers is in their cube putting a picture of Fabio on their desktop. Priceless.
Great job Jeff for covering an important piece of positive (!) social engineering, and for giving me all kinds of new tricks to pull ;)
John Ferringer on November 15, 2007 9:48 AMI'm sure glad I don't work in an office with you soul sucking dweebs that can't take a joke.
Don't want juvenile jokes played on you? Stop acting like a child and follow the grown up policies your employer has set for you.
Brett on November 15, 2007 10:04 AMWhen this happens, I tend to mess with the autocorrect feature in Word. Think leetspeek :)
On a more serious note, where I work we use smartcards for building access, and for computer logon. Locking your workstation is as simple as removing the card when you get up and leave, unlocking when you get back is as simple as inserting it and entering a pin code.
Erling Paulsen on November 15, 2007 10:09 AMAh well, the screen should automatically lock when the chair in front of it is vacated. And shouldn't unlock whilst it is.
Andreas Krey on November 15, 2007 10:26 AMI will vouch for what TomatoQueen said. I work in a large federal building as a contractor and frankly most of the IT staff are clueless about computer security (not to mention computers, but that's a different issue).
Whenever we get an email that screams "security risk" (e.g. from an unknown person asking for personal information or telling us to open the attached file, often with very poor grammar) it's pretty much a sure thing that it's not only a legitimate email, but that it's from the security department that doesn't actually follow any of the procedures they dictate.
Plus IE6 is *required* to be your default browser, and we only upgraded to SP2 on XP about 6 months ago.
rev_matt_y on November 15, 2007 10:28 AMWicked tip about Clippy. Had a go at a workmates computer and he was instantly baffled - even had an IT guy come over and look at it. They both agreed that it had to be a joke, though, which was good. I actually think he'll keep Clippy running on the comp, just cause it's a great humor-stunt.
As for the differing opinions on this issue: as far as I'm concerned, if your company has a policy on locking your comp when leaving it, you're to blame for whatever happens to it if you don't.
Regards
Fake
Yes, one side effect of this technique is that you quickly learn which of your coworkers do and don't have a good sense of humor.
As always, use your own judgment about what is appropriate behavior in your work environment. I am not proposing that you do this indiscriminately to everyone, to your CEO or boss.. unless you know they'll go along with the friendly joke.
Jeff Atwood on November 15, 2007 10:33 AMWow! Not a big fun of goating myself but... People, forget about your tight-ass ultra-corporate offices for a moment and relax.
Somebody once said about programming: "Remember, it is supposed to be fun. If it isn't, you are doing something wrong".
Stas on November 15, 2007 10:43 AMConsidering the sensitivity and importance of corporate knowledge and data in general, I can't believe the degree of navet in some of these responses. And, while I agree that a few of the actions mentioned above might be extreme, the practice itself is a necessary evil. Most of the examples given would take far longer than the “30 seconds” cited by those complaining, so I think that exaggeration is also lending to a much more negative perception. Here’s my rule of thumb: I don’t lock my workstation if I’m in view of the area as I’ll know when someone enters my space, but if I go to lunch, the bathroom or across the floor to vending, I lock it.
Though the finance industry may have their specific, above-mentioned guidelines strictly designed for monitoring access, even more companies (if not All) have some form of security policy that includes a “need to know” confidentiality clause. This pertains not only to external entities, but your trusted co-workers. I’ve worked in a secure environment for the past several years and, as mentioned above, leaving my workstation unlocked is NOT an option. My clearance level may be above that of my co-worker. So, while they are allowed in the building, floor, and cubicle, they aren’t allowed to view certain documentation. To make it more complicated, I may never know what some of my co-workers clearance level is, which becomes irrelevant if I lock my workstation. The responsibility for security begins with ME. I’ve acted as SSO for several systems and I can assure you that the easiest and main point of access for most intrusions are at the individual security level, from inadequate password protection (too easy or taped to their monitor) to, you guessed it, leaving their workstation unlocked.
Even the Cum-Bay-Ah office environments glorified above probably aren’t as secure and friendly as the posters would lead us to believe. People are easily rubbed the wrong way, so a simple email inviting one co-worker over for a BBQ may seem innocent to you, but may leave another, uninvited co-worker feeling snubbed. He may not have done anything nefarious this time, but after having learned that you don’t like him enough to have him over to dinner and having time to stew over it, your next lunch excursion may be his opportunity to exact some sweet revenge on you by sending an email from your account letting your boss know exactly how you feel about him.
No personal information on your workstation, you say? What about your emails? None of those slip into the personal realm? What about things like annual performance evaluations, usually communicated via email? Think your co-worker would be satisfied to find you receive twice the salary to do half the work…even if that is only his perception?
If you don’t like it happening to you, than lock your workstation. If you can’t be bothered to follow through with such a massive inconvenience as locking your workstation, than report it. Why don’t you report it? Because the first question you’ll probably be asked is how they gained access. When I was told that the user left the machine unlocked, as a security officer my first response would always be to chastise that user. That would be followed by the question “what exactly do you expect me to do?” All the system logs will prove is that YOU were logged in; good luck attempting to invoke your SAAS 70 (which I believe more than assumes the Owner is acting responsibly and maintaining the fundamental security and access to said system by, yes you guessed it, locking the machine when they are not present.)
We've most commonly referred to it as "getting bageled". The first offense is usually a warning by way of email from their own account reminding them the importance of network security and their role in it. On further lapses, the offender (and that is EXACTLY what the person NOT properly securing their workstation is) generously emails the office his intention to bring bagels (or donuts) for breakfast the next morning. Anything beyond that is usually a judgment call based on the relationship between the offender and the person catching him or the offender’s demeanor in general.
Judging by some of the uptight responses above, I’d guess most of these “pranks” are attempts at levity designed to help you removed the sticks from your behinds.
wetworks on November 15, 2007 11:01 AMOkay, content filter got me on this post. Wherever you see happy, just replace it with a slang for being homosexual.
Someone got me once. In Sybase SQL Anywhere's front end (it was a while ago) you could run queries. When a column was null, is would appear as "NULL" italicized. I didn't know that was configurable. So, one day I came back to my machine, sat down, ran a query, and instead of NULL is said "Matt is happy". Very juvenile. However, also pretty funny.
I was EXTREMELY upset at first -- not because it said I was happy, but because I thought, just for a second, that the database really had that data in there, and I had just sent a copy to a client for testing. I thought that I was going to get in SOOOO much trouble for sending out such an unprofessional message.
Of course, people misunderstood why I was originally so upset, and they all thought that I was homophobic.
Matt on November 15, 2007 11:06 AMFunny, it sounds like you're the one who's violating the corperate security policy. It might be a good lesson but you are still breaking the rules to 'teach' it. Frankly I would give him a warning about not locking the computer and dock you a days pay and make it clear that if it happened again you would be fired.
Tyler Reddun on November 15, 2007 11:15 AMIf someone were to attempt to dock my pay for goating, they'd be forced to demonstrate my involvement in court. That's going to be pretty hard to do...probably just as hard to prove as you being in the bathroom when that porn was downloaded.
Not only that, but if that user were ever foolish enough to leave his machine unlocked again, my motivation would probably swing from harmless fun and security reminders to pure revenge.
billy b on November 15, 2007 11:27 AMOn a lighter note....
It's also a good prank to go into MS Word and mess with the auto correct dictionary, replacing common words like 'the' with either misspelled versions, or completely different words.
Todd on November 15, 2007 11:33 AMI really don't understand why so many people seem to be offended by the idea of office pranking - especially in this situation.
Amanda on November 15, 2007 11:40 AMFor the "anti-prank" contingent:
What's worse:
- co-worker changing your desktop background
or
- malicious user using your computer to do (insert the worst possible thing you can accomplish with your access).
The prank is the lesson - lock your computer, or else be liable for any random act any random person would like to do as you.
(Heck, if it was supposed to be malicious, I'd be sending out resignation letters, but that's just me.)
Allen on November 15, 2007 11:41 AMI lock my pc all the time but if someone were to ever mess with my pc b/c they thought it was funny, well then, I would take a funny shit on their keyboard. There's funny for you.
whocares on November 15, 2007 11:42 AMYeah, that works. BTW, if someone were to type an email in my evolution and try to send it, it asks for my gnupg passphrase :) This can be disabled, but then, there's no proof at all that *i* ever wrote that email. It doesn't help in the scenario where i'm threatened to type it in, but ok...
kneitert on November 15, 2007 11:43 AMwell my original post on this topic didn't last more than 1 minute. Do unto others as you would have done to you. Live by it.
whocares on November 15, 2007 11:48 AMMy top "goating" trick was to full-screen a virtual machine to a bare bones Windows OS. I left a note that the machine had been reimaged due to a new corporate policy.
matthew on November 15, 2007 11:53 AMMy office buddy was in the habit of walking away without locking his machine so we did a couple things to it over a few days.
1. Created a really crappy drawing of the him using paint.exe with a bubble saying "I love project", where project is the dead-horse being beaten. Then we set it as his desktop and sent that email out to everyone in the company using his email.
2. A Week or two later he didn't log out agian so I wrote an app that would logout a user from windows every 2 min. And it went something like this.
Login, work, logout. Huh?
Login, work, logout. Expletive.
Login, work, logout. Plethora of Expletives.
Profit!!
Uncontrollable laughter ensues.
He locks his machine now :-)
Sushant Bhatia on November 15, 2007 11:54 AMYou touch my computer and I'll probably kick your ass pretty good.
One's PC should be locked, but if I don't and you mess with that which I need to work, you will be sorry.
Steve on November 15, 2007 11:58 AMMy office has "Hoffing," where you get the raciest picture we can find of David Hasslehoff placed on your desktop the moment you walk away.
Telos on November 15, 2007 12:19 PMThe US Army has a pretty good way of defeating this: your ID card is used to login with a PIN. Of course, when my soldiers forget their ID cards, it's two-fold revenge: an entertaining wallpaper which they're ordered not to change for a week, and about 200 push-ups. I don't get to pull that very often anymore.
UAVguy on November 15, 2007 12:33 PMWhen I was at university -- 1991 to 1993, and we're talking Unix shell accounts here -- this practice was sometimes in force too. Never heard the name "goating" for it (which is my wife's term for flirting, but that's neither here nor there). Most common mode took the form of altering the victim's .login file, so the hilarity would only ensue the next time they logged in. Sometimes the script would even helpfully clean up after itself so the prank only happened once. They actual prank might involve sending out emails, or posting to Usenet, or writing to the consoles of everyone else logged in, or any number of other fun things. It might even display a message afterward explaining what had happened and admonishing the victim never to walk away from a logged-in open terminal again.
Atario on November 15, 2007 12:41 PMScreensaver, wait 5 minutes - On Resume Password Protect
That will protect you from most of the Goatboys.
Why stop pranking because the user "merely" locked their workstation.
If the fool left a bootable drive on their machine you can download bootdisks and BIOS password changers and go to town. Change everything you want.
You could re-arrange all the keys on their keyboard to spell swear words on them.
Mess around all of their monitor display settings making sure you set the display language to Swahili or something, good luck in getting that back to normal.
Flip the 110/220 switch on the back of the power supply to 220v.
And top it off with the old shoe polish on the headphones trick.
Amateurs... Touch my PC and feel my wrath.
David E. on November 15, 2007 12:58 PMHa, this is even better if you do it remotely - which requires that you have remote access to the PC in question, if you're in the administrators group you can.
This is clip2.cmd which requires the sysinternals (now MS, blech!) PS Tools, Google 'em up. Run it from the command line with the NAME of the PC after it, just the name, no "\\". CHange paths to match your system.
REM ~~~~~~~~~~~~~~~~ Start cmd code ~~~~~~~~~~~~~~~~~~
REM Kill Clippy if it's already running, can't run well twice.
C:\util\ps\pskill.exe \\%1 clippy.exe
REM Make a temp dir if it doesn't alreay exist
md \\%1\c$\temp
REM Copy the file(s) to the PC, change path to YOUR PC's
REM local path to Clippy.exe, also can copy clippy.txt
copy C:\util\ps\clippy.* \\%1\c$\temp
REM Run PSExec to start it on their PC
C:\util\ps\psexec.exe \\%1 -i -d C:\temp\clippy.exe
REM ~~~~~~~~~~~~~~~~ End cmd code ~~~~~~~~~~~~~~~~~~
On one of my past places of work, Goating was compulsary if anyone left their computer unlocked. The pranks ranged from the ones mentioned in the blog here to much more creative things. The "desktop screenshot" is a good one, but in combination with switching the mouse buttons and setting the mouse speed to the lowest possible value makes it so much more ammusing.
Sending e-mails to managers are always fun. I once found myself having invited the finance director of the company to a movie and dinner.. Funny thing about that one is that I'm married to her today, and that prank was what got us started speeking.. So thank you to the one who pulled that one!
One of the more elaborate schemes was when I scripted one guys firefox to send him to www.string-emil.de each time he hit the A-key on his keyboard... oh, don't go to that site if someone is watching... or if you are sensitive to middle aged, long haired men in skimpy underwear.
Jens J on November 16, 2007 1:20 AMFirst of all, JPL, Kenneth, Jugimaster...
You wouldn't have to deal with getting mad if you simply locked your PC.
Second,
If you say you work for a company that has no important info... does that mean you don't get paid too???
Third,
3 seconds, how hard is that??? you take longer getting over your anger than locking and unlocking the PC.
Fourth,
It's fun!!! Lock your computers. every company has important info. end of story. no brain surgery included.
me on November 16, 2007 1:33 AMWhy do you think you'd lock down a desktop and not let students change screen resolution? Oh, yes thats because the little darlings change screen resolutions to limits that the monitors don't support. Very clever.
As far as locking screens go, there has been cases of Civil Servents in the UK being disciplined and fired for not locking their work stations - data protection issues mostly.
Our trick at College was to put a "logoff" in the users "logon" script. I did it to one guy who'd just gone to a printer, he went ballistic at the class joker. Felt immature and silly so wrote a small program that locked the screens, and then never did it again.
Oh, and a final note, in XP is it possible to unlock another users workstation (ie log them off) without being a member of the administrator group?
A Schools Admin on November 16, 2007 1:34 AMI've caught several people walking around that others have let in that weren't there for espionage, but for a quick buck by stealing purses/wallets/laptops. We've had others that have not been caught until the police were called in to review tapes and track them down and still others that were never caught.
Several? -Even though your entrances are locked.. ?
Well, what can I say.. As far as I know, that sort of thing just doesn't happen i Helsinki, which is nice.
For the record, I'd find "hoffing" funny too, but not a resignation e-mail sent in my name.
I usually play the nasty "animal sex goating" - no pun intended :P
Where I work, we have an internet filter like Websense, so when you try to access "unusual" sites your request is denied, logged and reported to the admins.
That's why, when my coworkers leave the PC unlocked, I open Explorer and load animalsex.com... then I hit F5... 100 times...
[Hope this comments doesn't get filtered]
Filini on November 16, 2007 2:21 AMI think something that a few of the people offended by the idea of "goating" are missing is that this is really done to people you get along with and that you know can take a joke. I wouldn't do this to someone I don't know or I know would get in a tizzy about it (like the 220 V keyboard guy or the shit on keyboard guy).
ScoPi on November 16, 2007 4:17 AMThanks, techy. I'll check that out.
In other news, I busted two teachers for having their passwords written on sticky notes on or near their computes today. They are slowly learning...
1) Lock!!
2) Don't write down your password so anyone can unlock!
3) Don't share your password either!
What you need is one of these: http://sewelldirect.com/Cables-Unlimited-Automatic-USB-PC-Lock.asp
A USB key for the pc and a transceiver in your pocket. When you get so far away, the pc auto-locks for you.
I've used one in the past. Works great!
Spyder on November 16, 2007 4:49 AMGet one of those "things" that senses your presence and locks the computer when you are no longer in proximity to it...
Mac on November 16, 2007 5:19 AMjeff...you're my hero.
whocares on November 16, 2007 6:17 AMAh the old "wallpaper is a screenshot of your desktop and move all the icons to a temporary folder" trick. I've used that one hundreds of times.
In my more cruel days I bound every key on the keyboard to reboot the machine.
Billkamm on November 16, 2007 6:47 AMSwap the M and N keys round ...
Then turn co-worker's drawer unit round so the back is facing them ...
Then try not to laugh too hard when they realise what's happened and go for their penknife in the drawer to lever the keys off ...
Ghost mouse ...
Tie a piece of string to their mouse and move it as they reach for it (don't do this if co-worker has a weak heart).
And the universal yellow sticky on the bottom of the mouse so the laser can't see any movement... removing ball from old-style mouse
Swap co-workers mice and keyboards around ...
I don't do this stuff any more because I upset someone too much and didn't want to do it again. But if you're in the mood ...
Francis Fish on November 16, 2007 8:22 AMTo A Schools Admin:
They lock down all sorts of stuff. It's windows 2000 and windows xp computers. Since they disable the display control panel, there's no way to change the screen resolution from the default (800x600) to the monitors' native resolution, which is usually 1024x768 or 1280x1024. Fortunately, a few of the computers now have the Intel GMA driver installed, so we can change the resolution that way. They restrict just about everything - we can't lock our workstations, either. Probably because they don't want someone to lock one and leave it like that, but all the teachers are admins and could unlock them, or they could add the Force Logoff button to the computer locked dialog, since the Novell options allow that to be set.
A few more favorites, edit their wallpaper file and put an error dialog box right into the center, of course they can't click it and get riled up because they can't clear the "error".
Decrease resolution to 640x480, increase fonts and icons to maximum - I actually did this to a guy that wore coke bottle glasses and he LOZVED it!
I used to have an executable file that just played a few gun shots, a fart, burp and a scream. Put it in the startup folder and turn their volume up as load as it will go without hissing, log off.
RM on November 16, 2007 9:55 AMAh sweet sweet 'Goating'. My favorite goat technique is to send out an email stating his/her resignation.
Brent on November 16, 2007 11:14 AMIt's not goating. It's goading.
Goad \Goad\, v. t. [imp. p. p. {Goaded}; p. pr. vb. n.
{Goading}.]
To prick; to drive with a goad; hence, to urge forward, or to
rouse by anything pungent, severe, irritating, or inflaming;
to stimulate.
[1913 Webster]
That temptation that doth goad us on. --Shak.
David Leppik on November 16, 2007 11:14 AMyou should really have your computers locked when you're not around. Are you sure that no one in your company dislikes you?
btw, how likely is anyone gonna be suspicious of a person wearing a Fedex/IBM shirt and wandering about in your office premises? Those are *trustworthy* companies.
techy on November 16, 2007 11:46 AMfor the person who's trying to change the screen resolution without admin rights, use this.
http://www.dougknox.com/xp/utils/xp_userdisplay.htm
works a treat. For some very odd reason, every Dell PC with a 17" LCD is set to 1024x768 by default, when it should be 1280x1024.
techy on November 16, 2007 12:07 PMViolence is your answer to a simple prank? You seem to have some anger problems. Not that I endorse all of the suggestions here, but a simple desktop change (not to porn) or a silly email sent to others is a harmless way to add a little embarrassment to the lapse of not locking a computer. Much more effective than just a note on the screen.
Qmanol on November 16, 2007 12:20 PMA very great way to play a prank on someone. An inspiration to teach people the importance of computer security :)
ping on November 16, 2007 12:55 PMPersonally, there's very little someone could gain from accessing my computer with my account, other than the ability to use my email address. I'm even thinking of changing that by ditching Outlook and using the webmail. The only issue there is saving old email, since IT doesn't like anyone storing email on the server for any period of time.
On the other hand, I still have my computer set to lock itself after a couple of minutes. The real issue I have is when someone uses my computer while I'm out of the office, with their own login/password, and manages to screw up the system by installing a virus or spyware, and I end up spending a day or two getting the system back into working order instead of doing any actual work.
Vizeroth on November 17, 2007 4:41 AMOf course, there are the low-level "classics" (for people with really old work hardware!):
http://www.kolumbus.fi/xtmb/goatsefloppy/
http://sam.zoy.org/lmos/
You can use them even if the target computer is locked: just turn off the power, insert disk/CD and wait for the victim to boot up. Both are very NSFW so don't just go and write the disk images on your boss' hard drive...
Goat Fancy on November 17, 2007 6:54 AMAlthough I like a good laugh, I think this kind of behavior is very rude. Accidentally leaving the front door of your house open isn't an excuse for anyone to just go in and spray graffiti all over the wall, is it? Of course it could, and probably should be qualified as "your own dumb fault" but that doesn't make it less rude in my eyes. If you really respect your colleagues you should note them of locking their workstations in a more friendly way.
Thomas on November 17, 2007 11:29 AMWhat's interesting to me is the number of people here who don't see the fundamental difference between (a) changing somebody's wallpaper to something silly (not pornographic), which makes the point but is easily fixed without wasting someone's time, and (b) making changes that will cause the person to waste hours of time and aren't easy to fix.
(b) is not a prank; it's vandalism.
Oh, and a fun one in some versions of Windows was to go into Control Panel Mouse, click the Orientation tab, and move the mouse steadily to the upper-right or upper-left. Alas, I'm not sure Windows XP has that tab anymore.
Kyralessa on November 18, 2007 1:31 AMNice :)
Where I live, i can leave my computer open for all eternity, and nothing bad will happen! Not for the others though.
I will use this here :
a href='http://www.oldschool.gr'www.oldschool.gr/a
The absolute best at my place of employment, where I am the chief perpetrator, is you go into their outlook, then set it to open their Adaware everytime they get an email from someone specific, like yourself or their boss. Then they start to think they have a virus or spyware within 2-3 emails, never fail. Lock your stations!
EP on November 18, 2007 5:44 AMWe have been goa(d)ting at my cube farm for some months now, its getting harder to find unlocked computers these days :)
And my favorite prank is to change the "Target" in the properties of IE shortcut icon in the desktop and quicklaunch to "shutdown.exe -s -t 0" and save the user's open files to a temporary folder and lock their system (so someone else does not do a double prank) and after the user returns, tell them there's some important headline in some news website so they click their IE icon and the system shuts down :D
aravindan on November 18, 2007 5:55 AMThe clippy spoof works great in wine-0.9.47. Thank god the team I lead is using Ubuntu, loathes Windows, has a passion for hating clippy, and for some reason has given me sudo rights on all their boxen...
Freiheit on November 18, 2007 9:40 AMWow I sure am glad I read this! Now i understand why everything is so screwed up in this country! If you actually spent as much time and effort actually doing something productive instead of screwing over your friends and fellow workers, imagine how much more sense everything would make! This goes on in HOSPITALS and stuff too. No I'm sorry, mild electrocution is too nice! Permanent ink in the face should be added at the very least! And any and all instances of goating found should get their butts chewed for decreasing productivity under the raggedly thin disguise of security. Seems like this is the kind of thing causing so much INSECURITY in an office setting. I wouldn't just not feel right about doing this kind of thing, I would be horribly ashamed. And I would never trust you with anything of any importance either because it's quite clear you are still about 12 years old emotionally. No wonder the government is so paranoid, since this is so widespread. Can't you guys see what's WRONG about this? YOU ARE the people we must worry about, not some imagined outside threat! YOU ARE the people screwing up productivity! YOU ARE what you claim to be teaching us to protect ourselves from!I wonder if we cut this bs out for just one week how much better everything would work? I bet you couldn't do it though because it gives you such a sense of power, control and prowess to screw with people doesn't it? GET A LIFE!
D vil on November 18, 2007 11:47 AMI can't believe what kind of managers there are out there. Not locking your computer is a pretty small misstake and I doubt its very likely to lead to a real security problem. I think there are much worse things you should concentrate on. If someone unknown sits by my computer and starts stealing stuff I can be sure someone around starts raising some serious questions.
Ok so you forgot to lock the computer, made a misstake. Do you handle all misstakes the same way. Send out on email to the entire company: "Listen up people! Today John has fucked up again! He did this and that! Shame on him!" Like public humilation for small misstakes? I'm pretty sure your company goes straight to hell with that attitude. If it's a real problem, you take it up with him privately.
Changing a screensaver, well thats funny. Public humilation, or straight out sabotage on someone elses computer is not. Not to mention sending email in someone elses name is a criminal act.
SR on November 19, 2007 1:53 AMYou can still have fun if the PC IS locked ...
Anyone still using a ball mouse? Just remove the ball out of their mouse :) although this DOES make the mouse feel a lot lighter. Or just unscrew the bottom and leave ... when they pick the mouse up, the ball falls out.
Alternatively, having sysadmin privileges is fun when your "target" doesn't.
One guy wrote an AS/400 login script, which required the target to answer "Yes" to 3 questions, (basically admitting his love for a rival football team) BEFORE his login continued. If he answered "no" to any of the questions, he was immediately logged out. The guy left this login script on the targets account for a a good few weeks! Classic!
One particularly excellent instance of 'goating' (incidentally I never knew it was called that), involved a colleague not locking his station, AND leaving himself logged into facebook. Of course it was almost 'de rigeur' that I change his facebook profile picture and tag him in it, the new pic? well that was a naked cowboy sat on a washtub.. god bless you google images!
Scrimmer on November 19, 2007 3:10 AMDude, don't touch my shit. Don't vandalize my mouse, don't swap my m and n keys, don't change my settings, don't send an email from my computer offering free donuts to everyone. If I wanted to work in a God-pounded kindergarten, that's where I'd be.
Do you want me to start spitting in your soda when you're away from your desk?
disconnect on November 19, 2007 7:53 AMI believe that the term "Goating" is in reference to "Getting your goat". The full definition is here: http://www.urbandictionary.com/define.php?term=get+your+goat.
"Goating" in the context used, would be defined as "laying bait in order to attract someone's goat". This practice happens in all areas of life, mind you; not just the workplace.
Jeff on November 19, 2007 8:41 AMBrandon:
There is an actual bluescreen screensaver that is much more realistic than I suspect you can do. No offense or anything, but this thing is amazing. You can find it on microsoft.com. :D
Nerd on November 19, 2007 8:56 AMMy favorite is to append this to the bottom of the victim's .bashrc file in the Linux lab at my school:
alias bash="xeyes bash"
John on November 19, 2007 9:30 AMUsed to do this years ago- Typing MODE CO40 at the dos prompt was an old fave... Back in the days when locking your keyboard involved using a key.
Sean on November 19, 2007 10:49 AMI am glad I read this so I know what kinds of things can happens when one is surrounded by insensitive louts in an office setting, and the manpaper.com link, which has some awesome pictures of guys, in fact, I would not be upset to find most of them on my desktop! Of course I would have to change it at the office, but install it at home.
OF COURSE I had to look up the goatse thing which turned out to be pretty hilarious, I am keeping that one too.
But beware! Touch my PC and it's WAR, and I won't stop at your unlocked PC, I have 1001 uses for things like super glue and more! We will see if you are still laughing when it's all been done. Better yet I am very good at being sneaky, so you may NEVER figure it out! I may even get the evidence to point at your rival or best friend instead. I have EVERY RIGHT, after all you let your guard down didn't you?
It's all for the sake of teaching you a much-needed lesson in proper respect for your co-workers in the workplace, so you can hardly get bent out of shape for my kindness and concern in this matter can you? If so you just need to LOOSEN UP! Like that -um- reciever at goatse.
Which will NOT be quite so horrifying by comparison after I finish my "lesson".
Sleep well tonight little pranksters... I could be lurking in the next cubicle down...
Hi Jeff, long time reader of your blog - some great stuff in there!
In case you haven't heard this news story across the pond, the UK government has been learning the hard way about some other security issues:
http://news.bbc.co.uk/1/hi/uk_politics/7103828.stm
I'm reminded of your post on rainbow tables and how easily password protected data can be cracked, and to know that my details could very well be going to the highest bidder in a few days is not fun :(
Maybe I should take a leaf out of your book and install 'Clippy' on some of the Home Office computers!
Mike on November 20, 2007 12:58 PMHah, I submitted that Jargon File entry back in Summer 1999 from Fitten 411 at Georgia Tech. Good times, Shouts out to my roommate Marcus Kwok!
Nick Black on November 22, 2007 6:13 AMIf goating becomes an issue at a workplace, I recommend a proximity sensor like what Blackberry offers. They have a Bluetooth smartcard reader that offers some decent security functionality. Step away from the desk, your screen locks. Walk back, screen unlocks ready to continue.
Nick on December 28, 2007 12:40 PMI think the thing that all the people who like shit, superglue, and so on are missing is ease of reversibility. My wallpaper's changed, it's a second to change back, porn or not. My icons are shuffled around, it's a few minutes to find them all. In situations like that, I can laugh, because it's not something that harms me or wastes significant amounts of time.
Formatting? Feces and glue on the keyboard? How could you possibly think that's on the same magnitude as moving a few things around?
Ortau on January 3, 2008 11:50 AMAt my previous job we used to send out e-mails from unlocked PCs in huge pink letters saying stuff like george michael fan number one and such.
Until it got old, and then I introduced the un-goating. This is when you don't do anything but warn the person (before they go back to the computer) as if you did. Then laugh as they rush to their place...
In college we were less prudent, often adding hard core pr0n sites to each other's bookmarks (hotmale.com was a favourite)...
GoatSing, not that's a whole different story :D
Ze on August 12, 2008 10:31 AMPersonally I remain a big fan of sending an email to the rest of the team offering to bring pastries the following morning. ;)
Works like wonder
Luk on August 13, 2008 7:26 AMHere's a really annoying prank to play that takes no time at all to do.
Just press ALT+SHIFT in any (windows) application that the person will be typing in and it will change the keyboard layout.
It only persists until they restart the application, or you press ALT+SHIFT again, but it will have them screaming at their keyboard for a while.
Because of the way I use the keyboard I used to do this to myself all the time. Had me scratching my head every time until I worked out how I was triggering it.
Flenser on August 18, 2008 8:17 AMunblock it
rusaina on November 17, 2008 4:55 AMI'm a technician working in pharmaceuticals. Corporate policy is that we lock our computers when stepping away, even for a moment. (Not that my department deals with anything private or sensitive, but still.)
We do this all the time. Mostly we use the corporate instant messaging client of the victim to send a potentially embarrassing message to someone else in the department. ('i luv you man!' is pretty common. Or proclaiming the greatness of a sports team the computer owner hates.)
There are a few (previously) unspoken rules:
1. Never send anything outside the department.
2. Never, ever, ever send anything to the boss. (Like 'I quit', for example.)
3. The message should be pretty obviously not sent by the computer owner.
4. The message recipient should always pick on, make fun of, and generally ridicule the computer owner / apparent sender.
5. Don't do anything permanent, non-obvious, or difficult to undo.
As you can imagine, our computer security is considerably better now than before we started doing this...
Anonymous on June 27, 2009 7:31 AMAll these years and I've been pressing ctrl+alt+numpaddel. winkey+L means I don't have to move my arms as much now!
John Ferguson on February 6, 2010 10:14 PMIt's a shame +L doesn't go back to the unlock dialog though
John Ferguson on February 6, 2010 10:14 PMit's a shame the no html rule also removed my angle brackets in the first comment and 'winkey' in my previous comment
John Ferguson on February 6, 2010 10:14 PMI hadn't seen the Clippy parody. I wrote a macro which I'd add to the default document template at unoccupied workstations with similar behavior - he'd pop up at random intervals and say "This document is no good." Very rarely, he'd bounce around the screen, pong style, and cycle through random animations (and there are lots of them). I think I was the only one who was sad when Clippy was removed from Office, as that prank was now worthless.
A co-worker at an old job pulled a great goating prank - he installed a windows service which allowed remote control (via browser) of the audio playback volume. His cube was in the same room as the victim, who loved to listen to techno on his headphones. The perpetrator would slowly tweak the volume louder, louder, REALLY LOUD... then when the victim lowered the volume, he'd keep making it quieter and quieter. He had fun with that for months - when the victim figured that out, he hacked the other guy's website. It was the start of an entertaining, sort-of-friendly-ish war.
Jon Galloway on February 6, 2010 10:14 PMAnother classic is to create a transparent icon and then set this as the default icon for all mouse cursors.
I had a friend at work go through about 3 mice declaring them all broke last time I did this :)
Aaron Bassett on February 6, 2010 10:14 PMI can't believe how seriously some people seem to take themselves. At our office you will generally just end up with a my little pony wallpaper or a very sentimental email going out to your team.
Also, to the guy who said they don't need to worry about it because their office building has a lock on the door and former employees wouldn't have a key card to get in, good luck with that. Given your attitude about locking your computer, I'm guessing you aren't that well trained on not letting someone into the building because they happen to be walking behind you when you use your key.
Jonathon on February 6, 2010 10:14 PMThe comments to this entry are closed.
Subscribe in a reader
Subscribe via email
|
|
Traffic Stats |