DevOps Zone is brought to you in partnership with:

Troy Hunt is a Software Architect and Microsoft MVP for Developer Security. He blogs regularly about security principles in software development at troyhunt.com and is the author of the OWASP Top 10 for .NET developers series and free eBook of the same name. Troy is also the creator of the recently released Automated Security Analyser for ASP.NET Websites at asafaweb.com. Troy is a DZone MVB and is not an employee of DZone and has posted 63 posts at DZone. You can read more from them at their website. View Full User Profile

40 Inappropriate Actions to Take Against an Unlocked PC

10.17.2013
| 11280 views |
  • submit to reddit

I’m a security-minded guy, that probably comes as no surprise. Other people – not always so much and as a result you inevitably see a lot of unattended, unlocked Windows desktops around the place. Naturally the responsible thing to do when seeing such risky behavior is to help the victi.. uh, I mean “individual” understand the risky nature of such behavior.

Having recently observed such a situation I thought I’d reach out and ask for some guidance on how one might deal with it:

What is the correct action to take when someone continually leaves their PC unlocked? No, "lock it" is not the right answer, be creative!

It turns out that my followers are devious misfits who had some truly insightful suggestions. Here are some of the best:

Non-damaging humor

This will cause minor frustration to the amusement of observers around this. There’s no destruction and a minimal loss of productivity followed by a mild degree of sheepishness.

  1. Take a screen shot of the desktop, set it as the wallpaper then hide the taskbar and all the icons and see how many times they reboot to try and fix it
  2. Change the wallpaper to a Blue Screen of Death image and hide the icons; again, count how many reboots it takes to figure it out
  3. Add a very subtle image to the wallpaper (i.e. a small animal somewhere) then continue to add more on subsequent unlocked occasions
  4. Complete wallpaper change – not subtle but sometimes appropriate (depending on content)
  5. Invert the entire desktop (look for options in the video drivers)
  6. Combine the previous point with the first one (rotated screen but rotated wallpaper image as well so everything looks upright whilst actually being upside down)
  7. Switch the mouse from being right-handed to left-handed
  8. Perform some goating
  9. Write yourself an email from their PC on a random topic then reply tomorrow and leave them wondering what they were thinking the day before
  10. Leave an embarrassing message in their Facebook status box but don’t submit, just let them ponder the consequences…
  11. Change the mouse “pointer” icon to the “busy” icon
  12. Leave inappropriate pages open in tabs that aren’t in the forefront and wait for them to switch over to them
  13. Remap the space bar to type “SPACE” every time it’s hit
  14. Leave some very officially titled documents on the desktop with “creative” contents
  15. Set the screen saver to lock after one minute of inactivity
Medium-level inconvenience

This will either seriously mess with productivity, take extra effort to track down the source or extend the scope of the victim’s security laziness to other people. It might not be destructive but it’ll blow time and fire up those with a short fuse.

  1. Change the machine language to Turkish (only really effective when the target individual is not Turkish!) and see how hard it is to change back
  2. Write a background process to randomly lock the machine throughout the day
  3. Install a custom theme – this one came highly recommended plus there’s always computerunlocked.com
  4. Change the screen saver to The Blue Screen of Death (yes, that’s a real screen saver) and see how many reboots you get out of it
  5. Change the keyboard layout from QWERTY to Dvorak
  6. Install this amusing version of Clippy
  7. Send an email to the team with an offer of free cake or to buy lunch (or other offers of an inappropriate nature)
  8. Customize the sounds for common events (choose the level of inappropriateness of the sounds)
  9. If the email client supports delayed delivery, write up something to be sent to a large group when you know they’ll be back at their desk
  10. Send out meeting invites at inconvenient times and with creative titles
  11. Change Microsoft Word auto-corrects, substitute them with foreign language equivalents for extra creativity
  12. Open the user’s Facebook and surreptitiously change their birthday to tomorrow
  13. Configure the scheduler to randomly launch various apps or open documents at different times (be creative!)
  14. Change the path of various shortcuts to point to other apps
  15. Reverse the buttons on the mouse
  16. Write a “creative” out of office message and turn it on
Major carnage

The title says it all – significant impact on data or career prospects! Only to be used in times of absolute necessity.

  1. fdisk – say no more
  2. Create a command file to shut down the machine on boot
  3. Send a resignation email to the boss
  4. Install Windows Vista
  5. LOIC (no really, don’t do this!)
Bonus material for locked machines

There were some goodies here that’ll work even when the target has done the right thing and locked the machine, let’s not have them go to waste.

  1. Switch keyboard and mouse between two co-located machines so that each person is controlling the other’s PC (works best when they both arrive back at the same time)
  2. Add an additional mouse or keyboard that you control then give it small adjustments while they’re working
  3. Leave a Linux Live CD in the drive which will boot them into a foreign OS when the machine is next turned on
  4. Tape over the sensor on a laser mouse
What did I miss?

C’mon, this is far from exhaustive! Comments below.



Published at DZone with permission of Troy Hunt, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)