BOFH: 'Twas the night before Christmas, and the ransomware struck BOFH logo telephone with devil's horns The scene opens in the BOFH's office at 2:43pm on the LAST DAY OF WORK. “I... cannot impress upon you how important this is.” the Director says firmly yet quietly after sneaking into Mission Control on the last day of work with an urgent problem. “Will it take long?” I ask as a sack- …
We have a job that looks for any encrypted/password protected files on our network so we can go ask the owner what it is and why its not in an approved secure repository. Apparently in the early days someone password protected a load of critical data on a Friday and forgot the password by the Monday.
Key loggers should be part of every IT toolbox!
Countless times I've dealt with requests for password protected Excel files where the password has been forgotten.
Job is closed with a totally unsymptathic email saying we can't help, that they shouldn't use passwords on spreadsheets like that and strongly worded advice that the files should be secured by virtue of where they are stored not through proprietary app based passwords that only one person knows
You're talking about workbook and worksheet "protection", which are just GUI settings designed largely to make data entry easier. Workbook encryption as practised by MS, does indeed encrypt the whole workbook, which is then no longer a zip file, and is non-trivial to crack.
And by 'non-trivial', meaning AES-128. I'm still thinking strongly of building a brute force cracking box for excel docs out of one of our old VMware boxes (4 sockets, 48 cores, 'enough' RAM) for the next time one of our staff decides to encrypt a document before exiting...
Losing the passwords to encrypted office documents was such a common occurrence at a previous place I worked that I did indeed build a box to crack them. Figuring most of the people used dictionary words it would just try combinations of words out of the dictionary. As a result the set of potential passwords was much reduced, and I could get away with a relatively underpowered machine.
99% of the time that worked, with perhaps "123" or equivalent appended to it. Amazing how many people pick random words out of a dictionary.
The only one that was hard to crack was from a rather cute admin lady who used random letters/numbers and symbols in her password. I borrowed the GPU cluster from the AI guys for that one when it was idle, and it took 4 days of brute force, but got the password (and a dinner date from the lady as a thank you :-) )
Job is closed with a totally unsymptathic email saying we can't help, that they shouldn't use passwords on spreadsheets like that...
Happened to me as well. Some Project Mangler password protected a critical spreadsheet.
Two weeks later he asked me for help with the password. Told him that no, I can't.
He's still stuck with that spreadshit.
We had a chap working in our office on a student placement. He left his pass one night and decided to climb over the wall after a skinfull of booze to retrieve it. Unfortunately it was a government office and people climbing in at night showed up on camera and piqued the interest of the security staff who very quickly apprehended him and handed him over to the plod.
He was suspended pending investigations and I had the task of checking over the stuff he had stored on a network drive. One file was a WordPerfect document called managers.wpd and when we tried opening it there was a password set on the file. Something suggested that his passwords were not going to be too complex and after trying a few permutations of "password" and "toon army" (yes the office was in Newcastle), I tried "fuckoff" which immediately opened the file. It turned out to be a paranoid rant about a number of the managers and team leaders in the department alongside claims that he knew way more than the rest of us about IT.
The unprotected file was handed over to HR along with the details from security of him breaking into the site and he was dismissed. I never did find out if he finished his degree, but his immense technical and professional skills must have come in handy somewhere.
Nah, same technique the gents wot dun threaten us wif the dirty vids they claim to have taken use.
Throw some plausible & google-able terms at non-techs to up the sense of urgency.
In fact, the entire episode could be used to illustrate how these plonkers fall for these scams!
Blindingly great episode though! I was in audible laughter in the office here.
Thank $deity that theres no one else here.
He also says it to the PFY, who doesn't bat an eye at it:“But they DO have a Class-10 USB stick with a key logger on it.”
In teams like those, if you hear a new term it's best NOT to question/argue it.
Besides, "class 10 USB" (which almost starts to rhyme with ID 10 T) could be BOFH/PFY code for "stick with a keylogger", although perhaps the "class 10" bit is a simple moniker for "don't shove this in YOUR computer" with the actual function being separate issue (logger, surge-protection tester, fire-suppression tester....)
This post has been deleted by its author
This year I introduced my 2 kids to Die Hard.
Both boys (7 and 10) complained when my wife and I said we were going to make them watch our favourite Christmas movie.
They were very surprised when the guns came out. :)
After the movie finished we told them not to tell their teachers and definitely not yell "Yippee kai yay motherf*ucker!" when they return to class after the holidays. :)
At least where I am the temperature isn't expected to exceed 35 celsius.
My eldest was working until quite late trying to recover a server that, to quote him,"This server is more important to the client than Jesus is to the Pope". His job was to replace the server motherboard and get it to the stage where the remote support could login through the ilo and rebuild the server from bare metal. However as he was about to leave the data centre, the storage array for that server crashed as well :( Quick call to the support contractors that deal with that and he was on his way :)
However as he was about to leave the data centre, the storage array for that server crashed as well
It never ceased to amaze me that.. In all the tech-type roles I've worked.. Some critical piece of hardware churns away very happily for the whole year without the slightest hint of skipping a beat.. But 20 seconds before holiday o'clock it has a "hard shutdown", one that may involve shedding gears, shredding large drive chains (when you see one with links the size of your hands get caught up in something with a many-multi-tonne flywheel and the inertia to match you'll know), and an urgency to fix beyond your life-expectancy (ie if you don't promise to fix it now, it'll be worth it to management to hire someone to 'encourage' you to deal with it).
Ok I haven't been hit quite that bad, but I can think of at least 10 holidays in the last 20 years where I've been delayed leaving work by several hours. Which is why I own 2 vehicles, so I can do the final pre-hol check on one a few days before and then park it. Been caught out before planning some minor alterations with the Christmas bonus only to not be able to get away from work in time to enjoy it.
..is that people at the director level would likely be able to just find 50K in their sofa cushions, already looted from their underlings who see a pittance of a bonus, if any at all.
But great end of the year BOFH. Thankful I don't have to back to work until the 2nd.
Reminds me of a place I once worked in Belfast. All the staff were looking forward to the usual Christmas bonus only to be told that there wasn't enough to go round that year (which came as a surprise to everyone considering the company had done rather better than normal). When everyone returned from the Christmas period what did we all discover? Both bosses had acquired brand new and fully optioned VW Passats. Purely by coincidence of course.... bloody cockwombles.
Both bosses had acquired brand new and fully optioned VW Passats. Purely by coincidence of course.... bloody cockwombles.
Place I worked at we had a petty cash tray which the boss used to raid quite often. One year us workers decided we'd put a portion of the incoming cash aside and give the boss a surprise at the end of the year.
Sure enough, we gave him quite a considerably sum of cash at the end of the year. Still no bonuses but come Jan, the bosses rather poor girlfriend (with a very bad credit rating) had somehow managed to buy him gifts with a value strangely matching that of the cash we'd saved.
Suffice to say the following year we had a slightly different distribution policy.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
