Wednesday, August 19, 2009

Hack

Last week I mentioned that my boss called a meeting for today (Tuesday) which meant I had to go in to the office on the day I normally work from home.

So what are your meetings like? Do they wander off in tangents, lack order, and end with a general feeling that no one is quite sure what the expectations are or what was accomplished? If they're like that then you can step right into my shoes, haha..

Later in the day I learned how to hack the password for a Word document. We had a form from a vendor that needed to be modified but it was password-protected. So I simply did an internet search asking how to remove password protection from a Word document.

There were numerous results, all under the guise of "I forgot my password, how do I recover it?" Yeah, right. At least I was honest in my search. How do I figure out someone else's password!

And as you might expect, I found the answer quite quickly. It's not too hard to do as long as you possess a bit of computer savvy. I tried it and it worked like a charm! Disclaimer: don't attempt to do this in your own environment.

I told our sales manager - he was the one who needed the document modified - and he just remarked about how you can find out how to do anything on the world wide web. Probably even breach the national security system, he said.

I told him yes, you could probably find that out by reading the blog of one of the employees over there.




4 comments:

Anonymous said...

Whoot! Brute force using a script? Good on you. I was in a mood altering discussion (what they call a meeting) with the president. On the agenda was an item about email security. Since it was on old business and I had not been at the previous meeting I killed the silence by boasting that I could get anyone's password in under 5 minutes and actually told them how. I had to explain two things. That all the passwords are the employee numbers and cannot be changed and how social engineering works. VP in charge of IT was typing like crazy on her Atom processor, but the system has not been changed. It would not have been a mood altering discussion if it had.

Rickie Miyake said...

Employee numbers as passwords?? That's pretty stupid! Although people think of great ones themselves. We had a sales manager whose password was.. "1234" seriously.

As for the Word password - it wasn't brute force or a script or anything. It involved a couple of steps but the method I read about goes directly to the password and shows how to convert the document into not having one. Then you save it as having no password and then go back and open the document. Pretty simple.

Anonymous said...

Yep, pretty stupid.
Yesterday we had meetings all day. To make sure that we stayed, they had a sign out sheet. First time I ever saw that in the 25 years I've been there. I called the sheet a phishing sheet as it we had to put our employee numbers on it. I said it out loud and some VP said it was not his password. I corrected him. He said he had changed his. I pointed to him and said " You lie."

Rickie Miyake said...

May I safely assume that people do not seem to be completely at ease at the meetings you attend? lol..