Dear Users... (A thread for Sysadmin, Technical Support, and Help Desk people)

[alfaniner]

That used to be (might still be) a big security hole in some operating systems. If you could get to view the failed login attempts, which often required normal or only slightly elevated access in some systems, you could make a reasonable stab at getting someone's password. Just scan the failed logins for something that looked like a password and not a login name, then match that with whatever user logged in 10 seconds later.

I'd think that's a method probably exploited by scam websites. Once they have an email and password (which many people don't differ among sites), just try a few banking sites to see what works. Fortunately, many have gone to two-factor authorization or other security checks.

 

[JoeMorgue]

I'd think that's a method probably exploited by scam websites. Once they have an email and password (which many people don't differ among sites), just try a few banking sites to see what works. Fortunately, many have gone to two-factor authorization or other security checks.

XKCD ran a comic a few years back where it opined that all one had to do was start up a free website that ran some middlingly useful service; picture storage for instance, and collect a bunch of user names and passwords under the assumption that a fair amount of those users would use the same user names and passwords for other more important websites and you have, for no more sunk cost then a few months of webhosting, a huge collection of perfectly valid usernames and passwords.

I can't actually think of a reason that wouldn't work.

 

[The Man]

How can I tell whether NumLock is on on my laptop when I can't see the password I'm typing?

Type some letters into the User ID field and see if they come out as numbers.

Oh yeah, what a great idea! Never thought of that. (proceeds to type their entire password into the User ID field)

I was once giving a presentation to a large team, part of of it required me to login live to the company's network. I was typing away and realised people were rather amused, yep on the large screen behind me I was typing my password into the user name field!

A couple of people have done that here and then didn't flush the browser memory. As a result the passwords showed up as user name auto fill ins.

 

[arthwollipot]

Oh joy. Major maintenance over the weekend has had the usual results.

 

[Norman Alexander]

Oh joy. Major maintenance over the weekend has had the usual results.

For very small values of "results", no doubt.

 

[arthwollipot]

Just lots of calls. RAS is down until Wednesday, which has made some people unhappy. But for some reason all passwords were expired and had to be reset at login. It's a straightforward process, but of course a lot of people had problems with it.

It's just one of those tiring times where you don't get a break.

 

[catsmate]

Oh joy. Major maintenance over the weekend has had the usual results.

Any serious injuries?

 

[Faydra]

Issues here over the weekend as well. SAP goes down and batch jobs fail and create over 3000 tickets. Nobody thinks to flip the switch to stop the batch jobs until the problem in SAP is fixed. Sigh.

 

[Blue Mountain]

Just lots of calls. RAS is down until Wednesday, which has made some people unhappy. But for some reason all passwords were expired and had to be reset at login. It's a straightforward process, but of course a lot of people had problems with it.

It's just one of those tiring times where you don't get a break.

What kind of "maintenance" expires everyone's passwords and leaves a server out of order for two or three days? I realise you're not on the technical team so you may not actually know the reasons. It does sound like a major "oops" on the part of the technical team.

 

[JoeMorgue]

What kind of "maintenance" expires everyone's passwords and leaves a server out of order for two or three days? I realise you're not on the technical team so you may not actually know the reasons. It does sound like a major "oops" on the part of the technical team.

//Spitball// Licensing for Remote Access can be a goddamn nightmare and most RAS software for security failsafes to "Don't let anyone in" state when anything is wrong.

 

[arthwollipot]

Any serious injuries?

No, nothing serious. But a lot of calls. The largest volume of calls that I can remember.

What kind of "maintenance" expires everyone's passwords and leaves a server out of order for two or three days? I realise you're not on the technical team so you may not actually know the reasons. It does sound like a major "oops" on the part of the technical team.

To be fair, it was apparently a major update to lots of systems. Lots of interacting parts. I don't know the reason why everyone's password was expired, but that was the reason for most of the calls. When 8,000 users all try to change their password unexpectedly on the same day, there are going to be a lot of issues. You know how people are with their passwords.

//Spitball// Licensing for Remote Access can be a goddamn nightmare and most RAS software for security failsafes to "Don't let anyone in" state when anything is wrong.

That's plausible. Why it's down for three days I don't know.

 

[Norman Alexander]

That's plausible. Why it's down for three days I don't know.

Long weekend.

 

[arthwollipot]

Long weekend.

We just had one of those. A double one. With an extra day off in the week after.

Damn, that hit my budget hard.

 

[Faydra]

I got the weirdest email from someone today. I'm honestly not sure how to answer her.

This is a cut & paste.

Just want to let you know, your image on the outlook is very cute. Is it your cat?

I couldn't remember what I had put on there, so I went to have a look.

This is the image she looked at and wondered if it was my cat.

 

[xterra]

If not yours, whose cat could it be?


Does your cat have only three legs?

 

[Faydra]

No, I have a normal three dimensional cat.

 

[Dr. Keith]

No, I have a normal three dimensional cat.

FTFY

 

[xterra]

No, I have a normal three dimensional cat.

Assuming that "no" here means "no, I do not have a three-legged cat," you have solved your original problem. You should tell your correspondent that she has mistaken your cat for someone else's cat.


As for Dr. Keith's emendation, he is correct. There is no such thing as a normal cat. Gaussian distributions do not apply to cats.

 

[Norman Alexander]

Assuming that "no" here means "no, I do not have a three-legged cat," you have solved your original problem. You should tell your correspondent that she has mistaken your cat for someone else's cat three-legged feline of indeterminate species.

Let's be specific.

 

[arthwollipot]

Them: I'm having x problem with my phone handset

Me: Okay, I need the SEP number of the phone. Can you carefully pick up the phone and read me off the number from the sticker?

Them: Okay, I... *click*

Me: I said carefully!