Don't Forget To Lock Your Computer

A lot us at my office use Vim. When they leave their computers unlocked I like to type ggVGg?. This Rot 13 encodes the the entire file.

This works very well on mobile phones as well.

Word of advice: If you leave you mobile phone unguarded/unattended in my vicinity, you’d better learn how to operate it in arabic - mean, I know ;o)

My top two “goating” (Good term for it) tactics I’ve seen were:

2. Take screenshot of desktop. Set as wallpaper. “Hide icons on desktop”

3. Wallpaper as http://www.aquarionics.com/fun/lemming/back.html

I imagine the term ‘goating’ comes from people sticking Goatse (if you don’t know what it is, don’t google it - you’ll have nightmares for years - and probably get fired if you are at work) pictures as backgrounds.

Jeff, thank your lucky stars no one has ever goatse.cxed your work machine.

I’m a gov’t employee with access to your data. Yes, I mean you, and you, and millions more of you. The gov’t makes lots of noise about PII and security and all the rest of it, yet we continue to use IE 6, and one idiot downloading a movie can take down the entire network. 7 letter passwords change every month. Lock a workstation? I do, but I don’t see other people doing it consistently, so you can walk around my building and see personal data on screens all the time, because this is a cube hive, and the gov’t is too cheap to give us desktop printers. So to print documents, a constant part of the job, we have to get up and walk some distance, and everybody leaves the workstation open. Lock the screen, come back, and have to login again? Please. .

A great productivity killer is having a scheduled task pop up a browser to a specific site at a non obvious interval. People are convinced they have spyware and will spend a long time trying to rid themselves of it.

I used to work in a place with high security requirements. Goating there was common, and it was struck me as an essentially childish practice, depending on how far you go with it. Basically, this is just an excuse to play a practical joke. If you truly wanted to help security and your employer, you’d simply lock the unlocked station instead of sitting around wasting everyone time.

It was sometimes a great annoyance: I would get up and return to my seat in 30 seconds. I didn’t want to waste time. Also there were no unauthorized people around. The only person who could touch my PC at that time was someone who decided to make a childish point. So now I had to break my concentration to undo whatever damage that person done. Great job! Thank you for wasting my time and everyone else’s.

At some point these became so annoying that I created the following policy: “If you don’t touch my PC, I will not format yours”. Goating incidents dropped dramatically afterwards.

I regularly lock my workstation when I leave it, but was stung for my care the other day. The intranet had been shaky all day, and apparently unlocking a computer logged into a domain requires a connection to the domain controller. I came back to my desk after lunch and couldn’t even unlock my machine. All I could do was pull the plug or wait and see if the network came back.

This goating thing happened to me once.

My computer was unlocked[1] while I was somewhere else in the building a security auditor went in, went through all my email, found some questionable correspondence[2], and I ended up with a record on my permanent file.

H-I-L-A-R-I-O-U-S.

[1] only reason why my computer was unlocked was because I had to kill the screensaver while remote desktopping in from somewhere else in the building.

[2] never found out what it was exactly… email forwards I received but hadn’t deleted?

The “goating” policy (it’s actually part of the AUP) at my current workplace is to send an e-mail to everyone from the unlocked machine, offering to buy doughnuts for everyone in the company. It works quite well as a deterrent, although it plays havoc with the diet!

I generally go for the three strikes rule.
First time they leave their PC unlocked is minor, but by the third time they should know better.

First Strike:
Change desktop wallpaper to rival sports team, which is bound to annoy them.

Second Strike:
E-mail to whole deparment with something silly, and also mention in the e-mail that they really should lock their PCs when they leave them alone. Plus make use of Outlook’s send later feature for even more fun.

Strike Three:
Draw a crude image in MS Paint, set it as wallpaper.
Set default homepage to a site they’ll dislike.
Change desktop colours / theme to something garish.
Change their keyboard mapping to another language that doesn’t use QWERTY, or if possible Dvorak.
Change thier sounds so everything is the alert ding.
Change default Word template to have a message saying that they really should have locked their PC.

My favourite is to replace an often used word like “the” in MS Office’s auto correct feature with another word or phrase, every time the person types a document it comes out fairly different to what they intended.

Basically, this is just an excuse to play a practical joke. If you truly wanted to help security and your employer, you’d simply lock the unlocked station instead of sitting around wasting everyone time.

Exactly!

What I’m saying is that there should be no evildoers traipsing around in your office anyway, so what you’re shielding yourself from is this kind of “hilarious” office humour.

I’m certainly not averse to humour, and I’ve been known to even smile every now and then, but I wouldn’t feel comfortable in an environment like that. There are other ways of building a good atmosphere/spirit at the workplace.

Besides, some of these pranks I’ve heard of are downright nasty. Think of it this way: what if your co-workers kept secretly attaching “I’m a dork!” signs on your back without you noticing? What if they did that every single time they could?

You know, just because you should learn to “watch your six” at all times. After all, you never know when that habit might come in handy!

Damien: I do have access to things, but just about every single office building in Helsinki has its doors locked all the time, and employees use keycards/whatnot to get in.

This means that disgruntled former employees can’t get in either because they won’t have keys anymore. On the other hand, if all offices are open to anyone in America, then it definitely is a good idea to lock your computers. But if you’ll get punk’d for spending 30 secs away from your computer, it could be that your co-workers are not paying enough attention to their work.

Think about the awesomitude of not having to worry about pranks all the time…

Geez, I cannot believe the number of vandals on this site. Here is an analogy most of you should relate to - when you see someone leave their house door opened and unlocked (because they just went to collect the mail, or throw out the garbage, or go pick something from the car), do you run into their house and pull some prank? Of course not.

So don’t do similar things for peoples PC’s. I stepped out for coffee, with an office full of collegues to monitor for intrusions. The company trusts its employees. It is very detrimental to overall productivity for you pranksters to play practical tricks on a collegeus PC, and in my world can lead to a written warning before dismisal.

At home I’ve never really needed to worry about physical security. Now I’m at University I’m having to give consideration to things like this. It’s quite frankly a pain.

Luckily where I live, workplaces are such that you can leave your computer open for all eternity, and nothing bad will happen!

Well, there’s no way that statement will come back and bite you in the arse.

I am very happy with this article, I knew people played pranks in the office, but before I read this, I had no idea how to defend myself or recover from such attacks.
I’ve heard that there is a way to get past a workstation lock, so if someone really wants to get in, can’t they?

Well, there’s no way that statement will come back and bite you in the arse.

At least as long as I live here, the statement is very likely to hold true.

You just keep on having “fun” though.

I am glad this does not happen where I study. If it did though I would only lock my computer until I got my hand on some wires that I could attach to the keyboard. That would ensure that whoever thought they where funny only did it once. 220V through the fingers does not kill but you fingers will shake for quite some time.

This could even be made safe for me by rigging up some RFID to automatically turn it off.