What got me Interested in Cyber Security?
All of us that are interested in cyber security enough to be online reading about it can probably remember the first time we did something with a computer and what we expected to happen was not what actually happened. Some of us grew up to study how systems work and understand how bugs, exploits, etc are uncovered and utilized maliciously by bad actors. Some of us just hit the wrong button a few times and discovered a harmless bug and thought it was cool that we found something that we did not know about before. Earlier today I was in class and my professor was having trouble logging in to her administrator account on Windows Server for whatever reason, and it reminded me of the first time I saw a bug in an operating system, in Microsoft Windows to be exact, and as far as I can remember, I believe it was the first time that I saw with my own two eyes, any kind of bug in technology.
I don’t remember the exact year, I believe it was 2012–2014, late in my middle school years, I had a few computer classes. Computer classes were not widespread at my school, and would not be until nearly my high school graduation when my school began issuing students laptops and incorporating more modern methods of teaching (whether this is for better or worse is up for debate), but moral of the story, I went from being on a computer 24/7 at home, whenever possible, to being in a class room with access to computers. Naturally the students that were interested in technology knew a thing or two about the systems we were using. Since this was so long ago, I would be lying if I remembered what we were running, Windows Server of some sort. I had been teaching myself some programming at home, learning FreeBASIC, C++, HTML, GML (The GameMaker game engine’s native language) and bits and pieces of other languages when it would benefit me to know them. I had a little bit of experience working in command prompts.
One day I walked in to class and saw a classmate talking about how he could log in to any account on the computer, without knowing the password. I knew enough about how computers worked to understand priviledge escalation, and figured he was resetting passwords from his own account, or something along those lines. My young mind failed to realize that our student accounts did not have the proper permissions to do this, and chances are, none of us knew how to get around that. So naturally, I was curious and wanted to see if he knew what he was talking about.
He said if you hit the “Enter” key fast enough at the login screen, and keep hitting the “Enter” key whenever a failed login message comes up, you will eventually be logged in to the account, without ever inputting the password.
So essentially, spam “Enter” until you gain access. I thought he was joking, because it made so little sense how something like this would be possible, so naturally, everyone started trying it, spamming the “Enter” button, and to my surprise, it actually worked.
We found out later, that after utilizing this bug to gain access to our accounts, our accounts would be locked the next time that we tried to log back in, though admittedly, that was a small price to pay for the thrill of seeing an operating system bug in action for the first time in my life.
Nothing malicious was ever done with it, nobody logged in to accounts that they shouldn’t have, everyone was just curious to see if it could work on their own accounts, and gave it a try, and within a week nobody cared anymore.
I remember trying it again a full year or two since I had first come across that bug, and it was still working. Though not too long after that, it stopped working. Shows a lot about how slow public schools are to update their software. Chances are a bug like that probably got found and patched pretty quickly, but due to a lack of manpower, concern, or whatever else, my school district took quite a long time to update the operating system and get rid of this potentially dangerous bug.
This story wasn’t meant to excite anyone, or make you feel inspired enough to go out and change the world of cyber security. My only goal with this, was to remind us all of the wonder that we once found when we worked with technology, the wonder that many of us still find to this day when we go about our lives, whether in cyber space, or otherwise.
Take a few moments to remember what it is you are interested in, in life. Remember what it was like when you first discovered that thing you are interested in. Sometimes we all need to revisit the things that helped shape who we are, to motivate us to continue in our craft!
