The office in which I work has the dubious honor of supporting all of the campus Novell and AppleTalk networks for our University. Because of this, we maintain "SERVICE" accounts on every network, and a "SUPERVISOR" account on the networks we directly administer (such as the ones in the campus user rooms). We use the same password for all of these accounts. In addition, all of our personal accounts have supervisor (root) access and privledges.
At a recent staff meeting, we decided to change our SERVICE password, and do away with all the personal accounts on non-essential servers. While this resolution was passed with mummers of approval from everyone present, we neglected to tell anyone to actually _do_ it. Needless to say, no one did.
About a week later, a co-worker (A) was editing the generic STUDENT account (changing PATHs, etc) when another coworker (B) logged in and realized that we had another staff meeting approaching and the passwords still had not been changed. He immediately took it upon himself to start the task.
Coworker B deleted all the personal accounts and changed the SERVICE account password on one server before he started on the next. Coworker A (the one working on student stuff) got a message saying "Your connection is no longer valid". He turned around and tried to relogin, to no avail. He then tried to login as SERVICE with the old password. No luck. Novell used its automatic intruder lockout feature to suspend the account after five unsuccessful tries. This coworker immediately called another coworker (C) with a message like "There's a hacker in the system!"
Coworker C tried to log in as a student (as a test). He got messages from DOS that the environment was out of space and every time he tried to do something, he received an "Invalid drive in search path" message. He told "A" that it did, indeed, appear as if there was a hacker in the system and to down all the servers immediately.
Coworker C then logged in to another server as "SUPERVISOR" and noticed that the SERVICE account was in the process of editing the user records. He placed a lockout on the account and cleared its connection.
Coworker "B" downed the local server and ran down the hall to another office to down our "development" server. While doing this, he ran past the office of coworker "A". "A" asked if something was wrong. "B" said that yes, not only was something wrong, but there was a hacker in the system. "A" turned around to look at his computer when he noticed that his connection had been terminated. "You must be right!" he said and off the two of them went to down a server accross the street.
Meanwhile, coworker C telephoned one of the main campus user rooms and told the room monitor to "Down the server, down it now! This is an emergency." The monitor lept across the room and yanked the plug from the wall in a frenzy.
Across the street, in another major campus user room, coworkers A and B arrived and noticed that "STUDENT" was the only one logged on. Rather than immediately downing the server, they stopped and tried to log in themselves. "B" tried to use his personal account. "A" said that he had just killed that one. "A" tried to use the SERVICE account. "B" said that he had just locked that one out. Both men began to realize what had happened and turned to each other with gleams in their eyes.
Sent in by sone guy named Dank
Submitted By: Anonymous