[iterateoften]

violating security policies in order to “teach a lesson” is a sure fire way to get people to lose trust in you.

Accessing someone’s computer and manipulating the software was instant termination at my old company. Some new security guy joined and tried to do what you did. Find unlocked computers and mess with them to prove a point. He lasted a week.

[rhet0rica]

There is a time and place for everything—and you should not assume a business environment is the only possible setting in which colleagues might pass by unattended workstations.

Ideally the prank is pulled in a high-trust, low-stakes environment like a college campus or high school computer lab, before corporate policies are part of one's life.

It is also a rich tradition, from the days of yore, before robust security practices became standard:

• http://catb.org/jargon/html/B/baggy-pantsing.html

• http://catb.org/jargon/html/D/derf.html

• https://www.multicians.org/cookie.html

I would much rather my colleagues be taught this lesson (even if just through a verbal reprimand) than work with someone who is allowed to remain ignorant of the risks of their behaviour.

[Sammi]

Man if you can't trust the guy sitting next to you to pull this prank on you, then you've got serious issues.

[alfiedotwtf]

At the same time, a new hire could actually be a pentester, investigator, or corporate espionage actor. I know people who’s job this was to take over employee computers while the target went to lunch

[Sammi]

The guy who sits next to you regularly...

[Volundr]

It depends on the company and probably even the team. At least when I was running an IT team I generally viewed a colleague doing something like this as more effective than me nagging some sysadmin about them leaving their computer unlocked. Would have never tolerated someone on my team doing it to someone outside the team though.

[do_not_redeem]

It all depends on the company of course.

I worked at a place where if you left your laptop unlocked, anyone could use your slack account to announce you were buying breakfast for the team tomorrow. That was more effective than any training video they could have made us watch. But I obviously wouldn't do something like that as a lone wolf.

[KineticLensman]

> to announce you were buying breakfast for the team tomorrow

Where I used to work the thing was to reply-all to emails simply saying "I love you very much".

[maeil]

Similar here at a big company that placed a lot of emphasis on opsec. It worked.

[thaumasiotes]

> Accessing someone’s computer and manipulating the software was instant termination at my old company. Some new security guy joined and tried to do what you did. Find unlocked computers and mess with them to prove a point. He lasted a week.

That's a very strange policy to apply to your security team. They have good reason to make a point about leaving your workstation unsecured.

Working for NCC Group, the expectation was that if you left your computer unsecured, something would happen to it, and you, not the person who followed office policy by highlighting your mistake, would look bad.

[benreesman]

I’m of two minds about it. I agree that these days it’s by far the safer choice to steer clear of such antics.

But I do sort of miss the days when we had a little more fun with computers even at work. Twenty years ago it was pretty ubiquitous to get a goofy desktop background if you left your machine unsecured all the time and I never saw any harm come from it.

Times change I suppose.

[bee_rider]

It is definitely a better CYA move to just have a policy that nobody touches the unlocked computers, but is it actually more effective? If the company mostly employs adults that can be trusted to keep their pranks reasonable, it seems like a good way of self-policing.

If calling out somebody’s unlocked computer gets them punished for real, nobody will call out their friends…

[ireadmevs]

Good times when I used to do a screenshot with notepad window open and use that as their new background wallpaper

[cyberax]

At Amazon there was a "unicorn game". If you find an unlocked computer, you could send "I love Unicorns" message using the credentials of the logged on person.

There was even an internal site with the unicorn image.

[mosselman]

It sounds like this guy came out on top in this, he found out really quickly that he joined a shit company.

[alfiedotwtf]

I guess it’s a company cultural thing. In one past company, the SECURITY guys were the ones to do this to us teach us a lesson.but rather than a panic screen, it was porn.

To this day a few milliseconds before I stand up I wiggle my mouse to lock the screen. Muscle memory because lessons were learned

[FeteCommuniste]

At my office it was either a picture of a shirtless David Hasselhoff as your desktop background, or an email sent to the networking+devs list announcing that you were giving away $20 bills at your desk, lol.

[arccy]

There's definitely a difference in company culture. One place I worked at you'd shout donuts into the office chat from your coworker's unattended laptops (and they'd be on the hook to bring in donuts or equivalent).

Always easy to catch the people who usually work from home.

[LandR]

One jnr dev at a place I worked left his desktop unlocked and a very elaborate email about his love for my little pony and wanting to start a company my little pony fan club was sent from his account to whole company lol.

[BoingBoomTschak]

Oh, we do that with croissants here!

[darkwater]

What a sad company you worked for

[goguy]

We used to send an email from their account saying lunch/donuts are on me!

[userbinator]

Ironic, given that a ton of the security dogma these days is "don't trust anyone" --- you can guess why that started happening; precisely because of people like him.

[saagarjha]

It’s because people like him are usually less polite.

[albert_e]

Yeah I lean on this side - avoid doing pranks and other practical jokes.

When there is any actual malware or security incident, you don't want your colleagues to think of you and go "Maybe this is just Dave pulling one of his clever pranks".