THE WORST SECURITY MEASURE IN THE WORLD
by Hazed
Now, even though the old computer had died, I was pretty sure the hard disk was still OK. Since I hadn’t been as diligent with backups as I should have been, there was plenty of info on it I needed to retrieve. So I had ordered a hard disk dock from Amazon which arrived in time for the new computer.
Once I had the new machine set up to my liking, I decided it was time to rescue what I could from the old hard disk. I opened up the casing, found the hard disk, unscrewed it and unplugged it, blew off the dust and put it carefully to one side.
Incidentally, while I had the computer opened up, I found a lot of cat hair inside… that might have something to do with the reason it died!
Then I unpacked the gadget I had bought. It is a fairly cheap plasticky device, but then it only cost just over £16 ($25). It plugs into the mains, and has a USB cable to attach it to the computer. I slotted the old hard disk into the dock, sat back and waited.
I didn’t have to wait long. Windows found it, installed its driver, and treated it as an extra drive. Brilliant! I was able to copy my missing files off it.
Except… a lot of my files were kept in the “My documents” folder. Now that isn’t a real folder on the hard disk, it is a shortcut that maps to a sub-folder deep in the Users directory. It took a bit of searching but I was able to figure out where it was, and clicked on the folder to open it up… but Windows wouldn’t let me.
I didn’t have permission to open the folder.
Well, bugger.
So I right-clicked on the folder and checked out its properties, and found that it was possible to change the permissions, to give myself permission to open the folder.
Yes, Windows said I didn’t have permission to open the folder, but I did have permission to give myself permission to open the folder.
What kind of security measure is that?
Imagine you are trying to enter a swanky nightclub. The bouncer on the door stops you with a big, beefy arm. “You can’t come in,” he says. “You are not on the guest list.” He brandishes a clipboard which contains the lists of the favoured few who are allowed to go in.
But instead of turning away, despondent, you say to the belligerent bouncer, “Well can I add my name to the guest list?”
“Sure,” he replies, and hands you the clipboard. He even lends you a pen. You scrawl your name on the list and hand it back to him. “Now can I come in?” you ask. “Of course you can. Welcome.” And he unclips the little red silken rope and allows you to enter the palace of delights within.
How stupid is that? You might just as well not have any security at all.
