Shark Tank: Spoofing the easy way

FRAMINGHAM (04/24/2000) - A nervous senior IT manager whispers to this software-guru pilot fish, "What's it take to spoof an e-mail?" Seems someone got a phony message apparently (but not really) from the CEO. The fish runs down the list: cracking the password file, a systems administrator gone bad, someone sneaking into the CEO's office while he's at lunch. Then he tries something simpler: At a test workstation he logs on as the CEO, using the CEO's user ID as the password. "Turns out we didn't need any sophisticated or underhanded method to spoof the CEO," says the fish, "just his name."

Postscript: Repeating the story to a co-worker a month later, the fish tries it again - and it still works.

PILOT FISH'S TEAM is tasked with testing a diagnostic tool that took another five-programmer team a year to develop. The sample test cases work fine, but the fish's team can't get the tool to diagnose real-world problems. Friday at 3, the fish's boss sets up a Monday meeting with the head of the tool's development team so she can explain how to use it. Monday, 9 a.m., she no-shows. At 10 a.m., the fish finds out why: The missing manager resigned on Friday at 4:30.

NEW LAPTOPS for a state court system's judges come with Windows 2000 preinstalled. But the pilot fish prepping the PCs discovers the default configuration won't work properly on the network. "Will we get the Win 2k CDs to reconfigure them?" asks a fish. No, says the boss. "What happens if we need the CDs to install software?" the fish presses. Boss, with a straight face:

"Try to work around it."

SOME LONELY BRAIN CELLS OUT THERE Last Monday, a pilot fish starts getting messages that obviously contain macro viruses. (You know the ones: "Important Message From" subject line, and the Word file inside remails itself 20 times.) IT quickly warns everyone to delete the suspect messages, but the mail server still crashes. Finally, all's calm. Back to work, right? Nope. "I get the same mail message again, from the same user who started it all," says the fish. "She opened the file again."

What comes after 12? Sharky hears the next release of Sybase's Adaptive Server won't be 13; that might be, um, unlucky. And 14 is no good because in some Asian cultures that's also supposedly bad news. The current plan is to dub it 15 - unless a higher bid comes in. Make your bid to score a Shark T-shirt: sharky@computerworld.com. And take the daily dive at computerworld.com/sharky.

Join the newsletter!

Error: Please check your email address.

More about Sybase Australia

Show Comments