- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Yeah. I hate that guy too. He really should stop writing for this site.
Admin
Screw you all, I like Remy. Summons 'corns and doesn't afraid of anything.
Admin
Seconded. Way to go, dude.
Admin
Never mind that, he'd probably have a pretty good defence--double jeopardy--if they tried to punish him for it. He'd already served the punishment for hacking; might as well do what you've served the punishment for.
Admin
Admin
Admin
Well, that explains the idiotic mustache you're wearing, I suppose.
Admin
Admin
I could see this kind of incompetence being real. As a bonus, it's not only technical incompetence, but common sense incompetence as well. Even with no technical knowledge, any competent person should at least be able to understand that this kid was just pointing out a bug.
As a personal experience: I had no technical experience in high school. My family did not have a computer, I typed all school papers on a typewriter, and I had one semester of a computer class that taught how to type and use Word, Excel, etc. Well, I sat in the back row with 3 other guys. One day we all three were called in to the principal's office. Apparently someone had installed Doom on those computers and supposedly we were the only students that ever sat in that row so we were all suspended for a week. I was a junior, never had any other disciplinary actions, straight A student, played varsity football and involved in other clubs and activities. I didn't even know what Doom was at the time, nor did I know how you would even install something on a computer.
I had never seen the other guys playing the game and have no idea who did install it or when (maybe after school or something). But we still had to pay the price.
Admin
Admin
Back in 1990, when I was 16, I changed schools, and the new school had a fantastic (for it's time) computer setup. I'd been used to rooms of standalone BBC Model B's as the standard in UK schools, but this place had a well-functioning network of IBM PC clones, a basic GUI interface, authentication and a fileserver that gave every student a whopping 50k of space (which was quite a lot, when all you had was a plain text 'word processor'.
Well, 50k wasn't nearly big enough for me to put a copy of Elite Plus or Rogue in, and although I had floppies, many of the floppy drives didn't work and the machines with working drives were always the first taken.
So, one day I hovered behind the school 'Computing' teacher (who had set the system up) and got the admin password by watching him type it. 20 minutes later I had 500k of space instead of 50k, and I had a copy of Elite and Rogue that I could run from any PC in the school, regardless of floppy drive. I was happy.
Except I got caught. I was naive enough to put the extra storage space on my own login, rather than creating a new login or something similarly anonymous, and a few weeks later I was hauled up in front of the headmaster, my parents were called in, and I was given a 2 week suspension from school.
Why is this a WTF, you ask?
I'm now 36, and I've been working for the last 15 years as a network security specialist.
So, the only thing I ever learned at school that was directly useful in my eventual career, I was suspended for 2 weeks for learning :)
Zad
Admin
Puhleeze. If I were going to do that much effort, I'd be making a sock puppet. Odds are, you're probably one of my sock-puppet accounts. I'm using Matt Westwood to troll the thread to bump up the comment count and drive pageviews.
Or am I?
Admin
No surprise to me that the education system has failed.
Admin
Dear Alex,
In case you can’t tell, this is a grown-up place. The fact that you insist on skipping the Monday update shows that you’re too young and too stupid to be using 1998 internet.
Go away and grow up.
Sincerely, Remy Porter
Admin
Proper hacking 101...
If you find a hole - tell the admin how to fix it. If they accuse you of breaking their system, then do it.
Seriously, that kid could have done MUCH worse than send a polite communication (email) alerting them of their stupidity.
Admin
Ahem... excuse me... still a bit salty. Anyway, I can always prove that I am who I say I am based on my username, "Matt Westwood". So there can be no doubt that this is me, tired out after a heavy day of cock-munching. Please don't swap user accounts to pretend you're someone else, even I don't do that and when you suck as much cock as I do it really helps to have some anonymity. Be proud of who you are, even if you suck a lot of cock like me.
Admin
Who's sharing that sweet salty goodness?
Admin
Unfortunately nothing has changed in 12 years. The web is still crawling with idiots and, being open to the whole world, it probably always will be. You attempt to inform them and you get shot for being the messenger who can see the emperor is naked.
Unless you are hired as a security pro to evaluate your customer's site -- AND have a written "get out of jail" contract -- the best thing to do when you see a security flaw is to shut your eyes and hope a badguy comes along and teaches them a very very painful lesson. It's the only way they'll actually learn. Maybe. Or their web site will be dead, which is probably the best possible outcome anyhow.
Admin
That's profound. I'm a big money computer guy who tutors others in math. What does that make me?
What about when I help my kids with their homework? Am I someone who can or can't.
I hate people dissing teachers.
Admin
those who can't teach, skip writing Monday articles
Admin
Admin
"Study Hall" is the name given to a class period when a student has no scheduled class. Since they can't be allowed to roam freely lest they disturb hard-working students who are in class, they're assigned to "study hall", where they're supposed to study for their real classes. Frequently seen as punishment by the students.
Admin
Admin
On the contrary, I think it was quite likely that the principal understood that he had discovered a flaw, and that's exactly what he was so upset about. Finding out about things that authority figures would rather you didn't know is inherently bad, you see.
This sort of thinking, "If nobody is allowed to know about it, then it won't be a problem," is hardly limited to computing contexts. Think about how abstinence-only sex education is supposed to work, for example.
Admin
Admin
I stopped reading after you wrote that. If you didn't need to say it, why did you tell us you didn't need to say what you told us?
Admin
Was this some sort of attempt to come up with a story that was more poorly told and less believable than the submission? If so, congratulations. If not [Insert Bert Glanstrom meme here].
Admin
I call BS on the story. If the headmaster's son had made a website for another school then why would he ask one of the students to do it, bypassing the opportunity for a good bout of nepotism
Admin
Admin
See, I worked out something much more useful: if you ask the sysadmin nicely for space to stick a game or two on your account, he'll probably say yes. For the cost of fetching the odd cup of tea, I had whatever privs I wanted, all the way through school. As always, the security of the network is only half the story.
Admin
+1
Admin
I'd set it up on a friend's computer, mess with them a bit, then explain what was going on to them and close it out. It didn't actively avoid being closed (you just hit F9 to hide the parent window and F9 to bring it back up, and closing the window stopped the hook). It didn't distribute itself to other computers, nor did I ever put it on one (I just kept a copy on my flash drive) and it didn't install itself in any way - you had to run it just like any other program. Totally harmless. Get a sense of humor.
Admin
Admin
Considering you're my alt, I don't know why you're calling yourself pathetic. I think you're a finely crafted alternate identity.
Admin
Admin
Admin
Admin
"Study hall" is more common in high school (the 4 years before college/university) and sometimes in middle school (the 3 years before high school), so this person might be 16, or could be much younger.
Admin
Admin
When my daughter was in high school, they had a rule that students could not run "any exe or com files". I'm not exactly sure what they expected students to do on the computer. Literally interpreted, I think that rule would ban you from even turning the computer on.
She was also quite amused when she discovered that a web site that I run was on her school's list of blocked sites. "My father was banned from the school!" I don't know why, it certainly isn't pornographic or nazi or any such thing. Personally I'd be interested to know if someone actually reviewed it and manually added it to the list or if it got picked up by some automated filter because it included key words they search on or some such.
Admin
I went back to school at 45 to finish an undergrad degree
Weirdness scale for nontraditional (older) students
1 - Some students in the class are the same age as your own children
2 - You are older than the instructor
3 - The instructor used to work for you
4 - the instructor asks you to fill in for him in a class
Admin
If all you know about the US is what you've seen in movies, you must think this country is primarily composed of corrupt cops, kids with incredibly stupid parents, sexy female spies, and homicidal religious fanatics.
I read once that the two main characters on a cop show set in Miami that was popular at the time killed more people each season than the entire Miami police force combined did in real life.
It makes me wonder now and then what ideas I accept without question about other countries based solely on what I've seen in movies that are totally off-the-wall.
Admin
So... when I was in high school at about the same time (actually, my story dates to Spring of '98), a friend of mine and I realized that every computer in the network's password was its name. There was no security in place to speak of. (I believe my quote was, "Sure, there isn't a security problem, you put your disk in a machine and get a virus, no problem.") I decided to play some pranks.
Anyway, I got more than a two week suspension from the computer lab and the school's computer user agreement was amended a little...
Admin
5 - The school teaches as "ancient history" what you learned as "current events".
Admin
At our school, some doors had the bar that retracts when you turn the knob accessible from outside, but they had only fixed handles outside, so people considered it secure to just pull the door closed. After poiting out to a teacher that they might want to really lock the door (as otherwise, the door can be opened by just pushing the bar back), I was explained in a very aggressive tone that they didn't expect so much "criminal energy" from me, that I shouldn't mention it again and that they might as well consider me a suspect next time something gets stolen and can be glad they don't punish me just for knowing...
At the same school, the custom blacklist of the censorship proxy stopped working. They chose one of the four people who could really use a computer (probably threw some dice) and got him into deep shit for it, nearly ruining his school career. Basically on any occasion the director could he made the life of this student a hell. After it turned out that the "hacking" was a broken patch, noone cared to say sorry, take back the restrictions placed on that student or anything.
I also reported one bug in a library software (password encryption using one-byte XOR) to the manufacturer and actually offered them free help with fixing it if they needed it. In the reply, they said their software was secure, that I could not have found that out without violating the EULA and that they would like to know my address because they like to know who they are talking about.
Since then, anything I report goes via an one-way account and TOR, unless the company is known for correct behaviour. If they seem reasonable, I may then start talking to them. If they don't, the report goes to full-disclosure and/or 4chan and/or (if it is a service accessible via the web) I fire up good ol' TOR and have some fun.
We also got in trouble for violating the school's computer usage rules by installing unauthorized software (there was a software running that reverted all changes on every reboot...) - the unauthorized software was a virus scanner and we used it to find out what else the admin may have installed besides the poorly hidden keylogger. As putting keyloggers on computers also used by others is quite illegal in my country, and he was trying to get us into deep shit, we actually did not even have much choice when we reported him to the authorities.
CAPTCHA: ludus ("play" in latin) = This ain't no game you're plaing. This is serious crime, dude.
Admin
Oh, I forgot: If the company is known for being a dick, I go directly to the "not reasonable" part, skipping the report to them.
Admin
You should have given her a Linux LiveCD ;)
Admin
At my college the computer accounts were automatically created. User names AB101, AB102... and all given the SAME password.
I guess you can work out the story from there. I had a couple hundred unused accounts, so the minute they killed me off for loading a forbidden game, I was back in.
Easy as it was, after a while it got tiresome fighting them, and fortunately one of the administrator's passwords was his wife's first name... 5 letters...
This was a mainframe. If they took it down for maintenance, you could dial in to a certain modem and get the equivalent of a BIOS boot screen. Enter the right command and system is back up! Games continue!
I requested a special type of file to store a database I was working on. They said their disk didn't have room for that kind of stuff. I created it anyway. A year later I happened to check and it was still there. So much for not enough room.
You could launch a batch job from the command prompt. One of the options was what user ID to run under. No password required.
The program to create user accounts was executable by all. The only problem was the inscrutable syntax. We picked away at it for months... no luck. So I went to the vendor and asked to buy a copy of the manual. They said they would only sell me a manual if I bought a mainframe to go with it. There it was! Security by obscurity! The only security that actually worked was that lame.
Ahh... school days... I learned so much from them about what NOT to do.
Admin
Oh and how could I forget? There was a subroutine, used throughout the system, which today would probably be named get_user_ID. I looked at the assembler code, reversed the instruction that said move string from A to B, now it said move string from B to A and I had my own set_user_ID!
Admin