Pages

Wednesday 13 January 2016

Memories of a hacker

This is another one from International Wool. We got a new computer, an HP 3000. It was very different from the PDP 11/44 we had before; with the PDP you submitted a pack of punched cards, and eventually you got back a printout. Or you didn't.

With the HP3000, we all had monitors on our desks, and we could use the computer interactively. It was at that point that I discovered the Colossal Cave Adventure, which was probably the first ever adventure game in the world. I played it a lot. I mean A LOT. Other people did too, and we compared how far we'd got into the cave, it was a lot of fun. Meanwhile, I was also reading all the manuals for the computer, learning what else I could do with it. At the time, I was an economist, or at least that's what my job description said, but actually I was a programmer, always have been, using the computer to do the work that I was supposed to be doing on an ancient desk calculator.

So all this playing of Colossal Cave came to the attention of The Powers That Be, and a fatwa came down, forbidding the game. Fair enough, this was a working computer, it was work time, we shouldn't have been playing games. So naturally, I obeyed the fatwa ...NOT. Fatwas glance off me like water off a duck's back. But this fatwa was enforced by using the computer security system to make the game unavailable.

Oh well. So instead of playing the game, I explored the computer, using the knowledge that I'd gotten from the manuals. And one day, I found a file that looked interesting. I hexdumped it, and found inside the system manager's password. It was "rubella". I checked it out, and it worked. Well, that's interesting. What can I do with that, I wondered.

Here's what you can do. You can tell the HP3000 to make a list of all the authorised users, and their passwords (and that was very bad, that should *NOT* be possible, it should have stored a one-way hash of the passwords, not the passwords themselves). And I printed that out on the line printer.

I left it on the desk of Bill, the senior manager in charge of the computer department for him to find the next morning.

I got in early next day, sat at my desk looking innocent, and waited for the explosion. When it came, it was satisfyingly huge. Even better, Bill came straight to my office. "Was it you?" he demanded. I grinned. It was indeed.

I don't think he was angry. Well, maybe a bit. But I hadn't done any damage, I'd just demonstrated a monstrous hole in our computer security, and I explained to him how I'd done it, so he could fix it.

But what I didn't tell him, was that while I was logged on as system manager, I gave myself access to Colossal Cave.

You can access it here or on your Android phone here.

3 comments:

  1. Much of my undergrad life was spent getting lost in twisty little passages.

    ReplyDelete
  2. And I've just discovered it's available for free in the App Store for Windows 10.. - oh dear, here goes another three years!

    ReplyDelete
  3. Let me know if you need any help, I've done the whole thing.

    ReplyDelete