The only thing worse than when people find out you're in the "computer industry" and ask you to diagnose why their USB-powered combo blender/Easy-bake oven keeps giving them the BSOD is when they find out you're in the "computer security" field and ask you to diagnose why their Symantec (nee Norton) Uber Blocking Pop-Up Personal Firewall prevents them from connecting to AOL.
Sometimes, however, I feel compelled to volunteer myself when I know I can quickly help so I can feel good about "giving back" and make the world a more secure place.
Today was such a day.
I took the kids to our local candlestick bowling joint en route to a matinee screening of "Hairspray" the movie (very good, by the way.) As the kids were knocking down frames thanks to the bumpers in the gutters, I went to the ATM for monetary reinforcement in order to buy the requisite pop and pizza.
As I approached the machine, the floor manager -- noticing that I was going to use the ATM -- scurried to plug the machine in so I could use it. Noticing that it was a Tranax unit since this particular marque has been in the news lately due to security concerns, I happily queried the manager as to whether or not they had changed the default password on the machine.
I don't really know why I did this. Perhaps because I wanted to settle a bet with myself or just to show off my mad security current event skillz. Honestly, I think I just wanted to see what would happen under controlled circumstances. Nevertheless, I asked and waited patiently for a response as the machine whirred and clicked.
She looked at me puzzled and asked what I meant and why. At which point I was going to be content in alerting her to the potential that someone could easily use the Internet to gain 10 seconds of courage and rip them off by re-programming the ATM to think it was giving out $5 bills instead of $20 bills by gaining access to the admin. interface via the default password.
At the exact moment I said this, the machine finished booting as she walked away shrugging her shoulders wondering no doubt why this tattooed idiot in bowling shoes was trying to "help." As she did this, the screen started blinking alerting me that the cash magazine was empty and if would I like to enter the Administrator mode.
I called her back over to the ATM and said "watch" at which point I was queried for the administrative password which I dutifully keyed in as "######" (not shown so I don't enable those idiots who can't manage to find the real number via Google.) The myriad of administrative options was splayed out before me and we walked through the various scenarios that might appear should we execute.
Das machine was owned and now she understood.
We agreed that this was a bad thing and that she should unplug the machine until the owner who serviced the unit could be contacted. I suggested that she find a way to make sure that nobody could plug it back in easily and I walked her through changing the password.
I figured I'd done a good deed and proceeded go out into the parking lot and scour my car for loose change so I could at least buy the kids a soda since I could no longer get cash and I didn't exactly trust their security to use my credit card at this point.
I returned to find the manager giving me back the $23 I paid for bowling in return for the security lesson.
I thanked her for the trade and got the hell out of there before she asked me how to update the anti-virus signatures on the point of sale terminal that took credit card payments...
The moral of the story? Don't be afraid to offer a little security help every once in a while. You never know, it might earn you $23 and some free bowling. Karma. Nice.
Now I'm going to visit the Mobil station down by the highway...they have the same machines. I could always use some free gas ;)
As Cutaway would say..."Go forth and do good things."