Reply to post:

Sysadmin cracked military PC’s security by reading the manual

David Knapman

Thankfully this was during integration testing, and I was doing my best to break things.

~Year 2000

We were developing a secure system for the MOD. The client machines we were working on were going to be running a locked down version of Windows NT with keyboard equipped with a magnetic card reader. To log in you had to insert the card and that supplied your username, effectively. You then entered your password and logged in. Any removal of the card had to lock the machine or abort the login process and leave the machine secure. That seemed to work fine.

Separately, we had additional software installed that, after login, but before showing the desktop, would show you information about your last login session - e.g. when/where. That seemed to work fine.

Unfortunately, whilst that dialog was being shown, it was impossible to lock the machine. Which meant that so long as you choose to remove the card before acknowledging the dialog, you'd end up logged in with no card inserted.

Loved showing that one to the guys who had lovingly crafted these separate systems.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019