Comment by Bloomy22

9 hours ago

This has reminded me of an anecdote. I work on a corporate social network. One day a colleague from the parent company comes to us scared because instead of seeing the people photos and the attached images, he saw strange images. As in the past we had some scare with xss reflected, we immediately got scared and went straight to investigate the matter. It turned out that the colleague had a Firefox extension installed that changed his images for Nicholas Cage's faces. He didn't remember having done it, but we did remember his blunder hahaha

24 comments

Bloomy22

fooker 1 hour ago

Here's anecdote from Google's glory days! We had a similar extension, with Larry Page instead of Nicholas Cage. And anyone leaving their computer unlocked were subject do it.

This became widespread enough to be mentioned at the new employee orientation.

mocamoca 8 hours ago

At university, we used this extension to teach our classmates about good security practices, such as locking their computers when left unattended. It was fun, especially when professors didn't lock their computers. And my former classmates did learn to lock their computers :)

pjerem 1 hour ago

A pretty good one is https://fakeupdate.net
I once pranked a coworker/friend with a Windows installation screen after lunch break. He was … astounded. The thing is, we were all using Debian in this company.
iterateoften 7 hours ago
violating security policies in order to “teach a lesson” is a sure fire way to get people to lose trust in you.
Accessing someone’s computer and manipulating the software was instant termination at my old company. Some new security guy joined and tried to do what you did. Find unlocked computers and mess with them to prove a point. He lasted a week.
- rhet0rica 3 hours ago
  
  There is a time and place for everything—and you should not assume a business environment is the only possible setting in which colleagues might pass by unattended workstations.
  Ideally the prank is pulled in a high-trust, low-stakes environment like a college campus or high school computer lab, before corporate policies are part of one's life.
  It is also a rich tradition, from the days of yore, before robust security practices became standard:
  • http://catb.org/jargon/html/B/baggy-pantsing.html
  • http://catb.org/jargon/html/D/derf.html
  • https://www.multicians.org/cookie.html
  I would much rather my colleagues be taught this lesson (even if just through a verbal reprimand) than work with someone who is allowed to remain ignorant of the risks of their behaviour.
  
  1 reply →
- Volundr 6 hours ago
  
  It depends on the company and probably even the team. At least when I was running an IT team I generally viewed a colleague doing something like this as more effective than me nagging some sysadmin about them leaving their computer unlocked. Would have never tolerated someone on my team doing it to someone outside the team though.
- do_not_redeem 7 hours ago
  
  It all depends on the company of course.
  I worked at a place where if you left your laptop unlocked, anyone could use your slack account to announce you were buying breakfast for the team tomorrow. That was more effective than any training video they could have made us watch. But I obviously wouldn't do something like that as a lone wolf.
  
  1 reply →
- benreesman 7 hours ago
  
  I’m of two minds about it. I agree that these days it’s by far the safer choice to steer clear of such antics.
  But I do sort of miss the days when we had a little more fun with computers even at work. Twenty years ago it was pretty ubiquitous to get a goofy desktop background if you left your machine unsecured all the time and I never saw any harm come from it.
  Times change I suppose.
  
  2 replies →
- darkwater 20 minutes ago
  
  What a sad company you worked for
- mosselman 2 hours ago
  
  It sounds like this guy came out on top in this, he found out really quickly that he joined a shit company.
- thaumasiotes 2 hours ago
  
  > Accessing someone’s computer and manipulating the software was instant termination at my old company. Some new security guy joined and tried to do what you did. Find unlocked computers and mess with them to prove a point. He lasted a week.
  That's a very strange policy to apply to your security team. They have good reason to make a point about leaving your workstation unsecured.
  Working for NCC Group, the expectation was that if you left your computer unsecured, something would happen to it, and you, not the person who followed office policy by highlighting your mistake, would look bad.
- userbinator 7 hours ago
  
  Ironic, given that a ton of the security dogma these days is "don't trust anyone" --- you can guess why that started happening; precisely because of people like him.
- cyberax 3 hours ago
  
  At Amazon there was a "unicorn game". If you find an unlocked computer, you could send "I love Unicorns" message using the credentials of the logged on person.
  There was even an internal site with the unicorn image.
- albert_e 5 hours ago
  
  Yeah I lean on this side - avoid doing pranks and other practical jokes.
  When there is any actual malware or security incident, you don't want your colleagues to think of you and go "Maybe this is just Dave pulling one of his clever pranks".

greazy 9 hours ago

That's hilarious. Sounds like someone was pranking your colleague.

Was this the extension? https://addons.mozilla.org/en-US/firefox/addon/niccage/

sam_bristow 8 hours ago

Damn, I was half hoping it was doing some deepfake face swapping rather than just totally replacing the whole image. Part of me would love to install a "Being John Malkovich" style face replacement plugin onto someone's machine.
Bloomy22 9 hours ago

Yes, it was that one!

nunez 4 hours ago

Stuff of legends.