Computer-based simulators and tutorials are often employed in teaching the ways of the com-pany computer system. These programs mimic the computer screens users would see if they were to log in to the actual network. Tutorials and simulators differ from the actual network in that they talk the user through a typical use
of the system, per-haps showing off special features available to the user. If the user isn't given a guided tour, there is often a workbook that is to be used with a scaled-down version of the actual system, often one with extensive help facilities to teach the new user the ropes.
Tutorials and simulators give new users hands-on experience with the problems and poli-cies of software they will encounter. They are very often used for training purposes instead of the ac-tual system, or as a supplement to it. There are several reasons for this. What if the system is still be-ing installed " or undergoing a
renovation? Or per-haps not enough terminals are connected yet for all employees to access the actual system. Using simulators eliminates these problems since they can be set up on any computer.
Temporary employment agencies may use software from a specific company to pretrain their workers, especially if the agency gets a lot of jobs from a specific company. Or regular employees may want the convenience of being able to borrow a tutorial disk from the company library to practice on at home. Finally, a good tutorial program or simulation can ensure that everyone receives the same quality instructions, without leaving out im-portant details which a human instructor might forget to teach.
How to get them? Simulation programs may be available from corporate, special or even academic libraries. You may also get hold of one from the publisher. Write to a software publisher,' saying you're interested in making a large purchase and ask if a demonstration disk is available. And you may be able to procure one from a friendly member of the company's computer department (do some social engineeringi - pretend you're a company manager or supervisor).
Simulators and tutorials are great things for a hacker to come across; the usefulness of them should be self-evident. They will help you learn the systems, and perhaps reveal default entry-words, and might even come with descriptions of system bugs.
Social engineering is the act of talking to a system user, pretending that you are also a legal user of the system, and in the course of the conversation, manipulating the discussion so that the user reveals passwords or other good stuff. Sometimes you have to use your imagination to find other ways in which online simulators can help. I was waiting in an office one day to see someone. The receptionist stepped out for a mo-ment and I stepped behind her desk and borrowed a computer disk I'd noticed stuck in a book. e disk held a program called ARRSIM (ARRangement SIMulator) which was actually a copy of a program they used on-line, only with a minuscule database of names. The program was used to teach employees how to use the computers to arrange and schedule meetings between custom-ers and potential contractors.
When I got home I booted it up and started playing around. At one point I tried changing an address and the computer responded, "Supervisor Approval Required" and put a cursor on the screen. Apparently it wanted a password. I tried the one that was used to log into the simulator (which was scribbled on the disk label) but
that didn't work. I scanned through the disk with a file maintenance utility, but could find no text (i.e., hidden pass-word) that I had not already seen.
Now, it occurred to me that address changes were probably something that everyone had to do every once in a while. So why had it asked for a password when I tried to change an address? Ob-viously the program had been designed by your usual paranoid manager who did not trust a recep-tionist to change a name or address by herself.
So I called my favorite receptionist at the com-pany, and after some suave insider gossip about company matters ("So Sheila's a grandma! Was it a boy or a girl?" I had heard her discussing this with a coworker the day I was there), I popped the question: "Gaye, do you know what to type when it says 'Supervisor App'- "
"Oh isn't that silly!" she laughed. "It's really horrible. Type 'morris.' I don't know why they have that there. Nobody's supposed to know about it but we use it every day!" I thanked her and - you know what? -'morris' didn't work as a password on the simulator (I don't think anything did). But it was the password used to get into the actual net-work. Apparently only supervisors were supposed to be able to log on the terminals scattered throughout the offices.
