I received a phone call from the Provost of the University of Pittsburgh for hacking their main computer system.

therrall pointed out:
I think if that happened, you’d have been in some serious shit, ’cause it’s a Federal Crime to hack anyones computer. :p

So, I get this nifty, neato job at Pitt. I am Lead Macintosh Engineer for the University of Pittsburgh. And my first job was to make Mac OS 7.0 a multi-user login environment that took its password library from Kerberos over AFS and then mounted application servers through Novell.

For the non-techie-lay types, this was to take 3 puzzle pieces from three different puzzles made on 3 different media in 3 entirely different shapes and build a picture out of them that no one had ever seen.

For the techie types who understand the technology at the time I’ll say that a lack of multi user technology coupled with the lack of Novell APIs for the Mac was… a challenge.

Back to the NTL types. An API is a list of commands a computer program can make to assist the program with tasks he shouldn’t need to write from scratch. Commands like DrawWindow(at position here) to save me from commands like, “Okay to draw a window you start with how to draw a boarder, how to paint it in, blah blah blah”

Novell was the big bad server environment that could authenticate files, folders, volumes, users, groups, devices, flavours of ice cream, bathroom stall locks… it was all very ZEN ™ Unfortunately, this was about ’96 when people were asking me (upon hearing the job title), “Didn’t Apple go bankrupt or something” {Apple fans are thinking, ‘yeah which time….’}

As a result, Novell really didn’t play well with Macs. In fact they didn’t play at all. The APIs I had were from 91 and were for something like Novell 2 and we were on Novell 5. All I needed it to do was let me say, “Yeah, I’ve checked out this user… they are legit, can you let me have volume ‘foo’ with all the mac software the management decided to store on it (for reasons we never could argue).. .Oh and I’d like to show the volume on the mac’s desktop.

Two weeks I plumbed thru a lack of documentation that equaled out to binary dumps of the interface library. (NTL-types: translation — loud wretching noises) I finally found a command NVMOUNTVOL(userid) or something to that effect.. the details are kind of furry.

So, I made my test program and used me as the guinea-pig.

>run

“Illegal access, server intrusion violation: user gt42”

Dialog appears on my screen.Actually, it was kind of neat because it appeared on my coworker’s screen too.

I made a change or two and ran it again.

“Illegal access, server intrusion violation: user gt42”

Just about then my manager called me. He wanted to know what I was doing. Apparently, that message was being sent out to every user logged into that Novell Volume. He was curious because he got the message and then got a call from the Provost who wanted to know who user gt42 was and why he was hacking the main system.

15 minutes later, my research turned up that I was using a depreciated (read: old discarded, you really shouldn’t use) API that told the servers in the main computer warehouse to force themselves to give me the rights to tell them to add and remove entire tape libraries on their end for public consumption.

I explained this first to my manager and then after we figured out how to ‘dumb down’ the explanation… I took a call from and spoke to the provost to guarantee him we (and especially I) were working for the university to strengthen security and that was proof that the stronger security was in place.

Remember the last post… Kids: it does not pay to be a hacker. Especially with intentions to cause problems. ๐Ÿ˜‰

« »