In 1992 I was a young geek of 19 years. My programming experience consisted of the BASIC programs in the manual that came with our Commodore 64 and a few others in our schools Apple II lab. I had also written a few HyperCard and FileMaker apps on the Mac in my bedroom, where I did all the typesetting for my Dad’s print shop. [Thanks so much dad, for buying that first Mac Plus instead of a Compugraphic typesetting machine].
My vocational training in Mechanical Drafting had landed me an entry level position at Kysor/Cadillac as the blueprint clerk. Before long I rearranged the print room to maximize the efficiency of the engineers and myself, leaving me with hours of spare time each day. Often I would roam the engineering department, in search of engineering projects, much to the delight of the engineers who could often find drudge work to offload.
During one of these lulls, I was chatting with David, a bright young lad who worked in the QA department. David was also quite fond of computers and told me of an escapade in which some students at his school had written a login simulator that captured and stored passwords when users logged into an system infected with their program.
Our engineering files were stored on a Novell Netware server connected by a token ring network. Each DOS computer logged in using a Novell program (login.exe, IIRC). The password capturing program seemed like an interesting challenge so I acquired my first DOS compiler (Qbasic or PowerBasic, I can’t recall which I used for this task) and wrote login.bas. I simulated the login screen perfectly, stored the passwords to a file, and then passed them on to the real login program, logging the user in. It offered the user no indication that foul play was at hand.
Pleased with my results, I showed Rick, our network admin. I explained that I hadn’t inspected the contents of the file, knew what was in it, and turned my back while he inspected it. It turns out that Rick wasn’t terribly fond of being informed that his network security wasn’t all that secure. A few of his heated words I recall were, “that’s not your job!” He immediately escalated the matter to Keith, our VP of Engineering, intent on having me fired.
On that day, it was quite fortunate for me that I had set a precedent of doing a lot of engineering work that was not my job. Unbeknownst to me, the wheels of my first promotion were already set in motion specifically because of the extra-curricular not my job work I had been doing. That day ended with me getting a stern talking to. Soon thereafter, I was promoted and my new job involved writing software for Kysor.