- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Same in Australia, we call them "Free periods" and you can use them for whatever you like. Not allowed to go off school grounds, though we usually did anyways... Long way to the shop if you want a sausage roll and all that :P
Admin
I actually work as a school IT Admin, having lived through all the "omg this kid is hacking our computers" crap in primary school I make sure the kids are actually doing something above and beyond and not just finding a whole in my Group Policy. Example been using a proxy site won't get you in front of the principal, setting one up for private use (aka password protected) will get you booted. I remember at primary school getting blame for anything that went wrong with the computers, including been blamed when the printer ripped the ribbon on a day I was off sick!
High School was good as the IT Admin there was competent, not the best one ever but he knew his limits and didn't try and compensate by going on power trips, other than taking remote control if you were playing a game just to make you lose.
Admin
Should have published the interface on every hacking site he could find. Sort of an early 4chan idea.
Admin
You're a few years late on that comment. Get back in your Tardis and try again!
Admin
The IT Admin use to just take control of the game to make you lose? My school admin use to login to the server as another player and basically beat you in every way...he was really good at Q3. (Mind you, that was only 4 years ago....I don't want to know what it was like 15+)
Admin
Also, "1" is not a valid computer name for a Windows 2000 computer (reference).
So, with the BS removed from the post, it boils down to "We were fooling around in computer lab and got in trouble".
Admin
No way you can go off school grounds nowadays in the US. Insurance policies for schools are so expensive that they can't afford a lawsuit if a student get hurt off school property during the school day. And if there aren't enough teachers in the building for core or extra classes, you go into study hall with a substitute teacher or an aide.
Admin
That's a bit interesting...
RedHat at late 90s should at least come with ipchains if they really installed everything. While arguably it isn't as powerful as iptable (as of kernel version 1.2.X), at least you could do something to help.
And Linux, like other *nix variant, do not require you to shutdown anything that's not kernel to upgrade. The "ghost" of libraries will continue to exist as long as the application require them are running. (Newly started processes can't see them, just can see the new libraries you installed.) This makes hot fixes pretty readily applicable.
So you should at least have the chance to significantly reduce the attack surfaces.
Admin
Yup, I was "banned" from school computers. Thankfully a few teachers knew better and didn't care. I got blamed for a whole bunch of stuff because I knew how to actually fix things. "You fixed it, you must have caused it"
We had a mac classic in our library with a 9600 baud modem that could be used for calling other library computer systems to get book transfers. Most of us used it to login to a few BBS systems and play tradewars or LORD. I used it a bit to access IRC right before they finally started wiring classrooms with ethernet in 1994 or 1995.
Admin
Pretty likely actually. I remember TELENETing into servers that were supposedly 'ARPANET' (had a message saying that hackers would be prosecuted, no authentication or anything tho) and using them to outdial to phreaking and hacking BBS's in the states (at glorious 2400 or slower).
Ahh, good days.
The shocking thing is that I never really believe it was 'ARPANET' or armed forces servers, as there was NO authentication. Lucky I wasn't a motivated russki hacker.
Admin
At my neice's school, usernames are first inital, last name, and a number to make them unique. Everyone else is jsmith00, btables00, etc. she's jdoe01... which makes all the badly written scripts that assume '00' fail, so that almost nothing works for her.
Admin
Ahhhh...little Bobby Tables. Such a good kid.
Admin
Our computing department was neat for the most part. I vaguely recall being called to see the IT admin for something, but I probably deserved it.
The librarian, on the other hand...
As someone else mentioned, I've been kicked out of the library for "Hacking" because I had a QBasic window open. I explained to her that it was for computing class (which was true), so she said "Oh, OK." and went away. About 10 minutes later, she came back: "I've warned you once already about hacking!"
Also, she had a vendetta against my friend for several months as he "hacked" the library-office printer. Hacked, in this case, means "printed to over the network".
This was around 2005, so it seems the ignorance about computers has merely moved. (And yes, I'm young).
Admin
This story takes me back as well. But I'm obviously older than most of you guys, as my story takes place in 1978 (no Windows, no internet).
I was at the 'Gymnasium' (Danish equivalence of high school/college, three years ending at the age of 19 or 20).
In 1978 we got the first computer at the school. This was an RC7000 (probably not familiar outside Denmark). This computer consisted of a main box the size of a refrigerator, a tty (teletype, a noisy typewriter with endless rolls of paper) and a separate card reader for reading punch cards.
We were two or three guys that played around with the computer (gaming and polishing our physics report and just basically fooling around).
The language was COMAL, a BASIC dialect, and I discovered you could write something link this:
10 WRITE ">" 20 INPUT PASSWORD$ 30 IF NOT PASSWORD$ = "(insert funny word here)" THEN 40 WRITE "(insert funny sentence here)" 50 GOTO 10 60 ENDIF
At one point we inadvertently left this on the machine running, so basically nobody could use it unless they knew the password.
Only one teacher really used the computer at that time, and he couldn't figure our what we had done to it (except of course he knew that we had 'hacked' it in one way or the other).
He never asked us what we did, but to get out of it he had to install the entire operating system, compiler and everything from scratch (and this consisted of a huge stack of punch cards). This operation took several hours, so we of course tried to refrain from 'hacking' it again.
Ah, the good old days :-)
Admin
I have a similar story, though much shorter...
I was in a brand-new programming elective at my high school. They were trying to teach us Java, and some Borland IDE was supposed to be installed for us. I didn't see it, so I started browsing around the disk, looking for it.
The network admin walked into the room -- probably for something unrelated (it was a small school) -- and "caught" me with Windows Explorer. Something like, "Stop. I don't know what you're doing, just stop."
I didn't get in any sort of serious trouble, and I suspect this was just the reaction of someone out of his depth as an admin, so I very much doubt that he had a legitimate rationale for not wanting me to browse the hard disk, but I found one anyway. Turns out, although I was in no way an admin, large chunks of the local hard drive, including pretty much all of Windows, were world-writable. It would have been fairly trivial to root it, and even more trivial to destroy the machine.
A more practical discovery was that while the systems all restricted which programs could be run, it was by executable name. All we had to do was rename doom.exe to notepad.exe and we were good to go! I suppose that would be somewhat more difficult without the Windows Explorer...
I still have to wonder why schools end up in situations like this -- why not hire a competent admin, even part-time, rather than forcing a teacher (who knows just enough to be dangerous) into system administration?
Admin
Please don't. People might think it's me who's driving this pointless series of postings.
Admin
Ahhh yes. The good old hacking the open door routine...
I totally believe it because something similar happened to a friend of mine. Here's how this works.
Knowledgeable student stumbles over security hole and tells admin. Admin doesn't understand enough about IT (which is probably why the security hole exists in the first place) and: a) misinterpets the warning as a threat or b) gets pissed because a student told him that he made a mistake So admin then runs up the hierarchy until he find someone with: a) enough power to get the student into trouble and b) little enough knowledge to be scared into doing something. c) bonus points if it's a relative And the shit starts rolling downhill.
Ass Covering Behavior 101
Admin
The USA is not a nation. It is a jail.
Admin
After many disorienting visits, I finally came to the double conclusion that:
a) Most of what most Americans know about America is what they've seen in movies.
b) Most of them seem to think they're in one.
Admin
Yep, that'd be par for the course for education. Always hated school for reasons like that. The fact that people get paid at all to be teachers/principals is disgusting. A drunk monkey can do better for free!
Admin
Even if you add online newspapers, I still come to the same conclusion. Perhaps the USA does not exist, it was invented by Hollywood?
Just a question: is it US or USA? Because if I'm not mistaken, México = United Mexican States (Estados Unidos Mexicanos). Does that sometimes cause confusion in states on the USA-Mexico border?
Admin
Back in the early 2000's a friend of mine was playing around on the school network and found a major hole in the version of Linux running on the schools email servers. Apparently the sysadmin didn't believe in patching things on a regular basis. My friend used my username and password with my permission to login to my account to verify the security hole. After that he emailed the network admin from an anonymous email account to notify them.
Well, for about two weeks afterwards, the entire CS student body kept getting emails about the penalties involved in hacking, criminal charges, etc., etc., etc.
Lesson learned: if you find something wrong, keep your mouth shut and let the fools in charge take the blame.
captcha: transverbero - a rare form of dyslexia that only involves verbs.
Admin
Why this disparity, you ask? Well, one of the previous posters wrote "USA is a jail." I think the fact that people illegally undergo dangerous conditions just to live here proves quite the opposite. My guess is that both sides think the rules around immigration are irrational and unfair (much like our ridiculous 65mph speed limits here), and simply choose to ignore them. The middle class here in Texas also enjoys having the most inexpensive houses and the lowest cost of living in the nation.
Who doesn't like it? Lazy white trash who can't be bothered to learn Spanish or to compete for bottom-of-the-ladder jobs with humans who are willing to work harder for less. At least the ones who have not yet learned how to milk the welfare system.
Admin
There are an amazing amount of websites where /admin has no protection. The other good one - and I've actally seen someone who worked in web dev do this - is having /phpMyAdmin sit there completely unprotected.
Security through obscurity is not security. It's hoping for the best before the worst happens.
Admin
Although somewhat different in scope, none-the-less tragic was our old sysadm. at school, that was suspended for allowing students (primary school, so children) watch porn on school computers... What had happened was a teacher had told a class to open www.jubii.dk (The then largest search site in Denmark, with a name that even translates to yahoo) and a banner advert on top of the page appeared for www.side6.dk an early danish porn site... Banner had breasts in the nude (which is quite common to find on Danish beaches aswell) and no real porn (no intercourse etc.) but the teacher was horrified and dismissed class and made a complaint that the sysadm was to blaim and the poor chap was fired because of the incident...
On another vaguely related thread... Is the US DMCA law not also supporting this? That any unauthorized digital access is criminal no matter the lack of protection or intent of the accessor? So this guy just have to be happy he did not do this today or he could end up in jail!
Admin
You're right, there's obviously no such thing as a PS/2.
Admin
...wow, I successfully pointed out what was already pointed out. Serves me right for not reading more comments, huh?
Anyway, I will NOT stand for any smack-talk about the PS/2! It was excellent for it's time!
Admin
Admin
Admin
I regularly see repeated attempts for /pma, /phpmyadmin, /myadmin and /admin in my access logs. How long was it before some automated scanner found it?
Admin
Admin
b) is correct. People tend to assume other people are basically good, which is why stories like this happen again and again -- most of the time, such an e-mail would be met with either silence or a polite "thank you", but once in a while you'll get somebody with a bad temper who has the right connections to really screw things up for you.
Regarding a), however, there most certainly were lots of free e-mail services in the 90s. Heck, although many had terms of service prohibiting duplicate accounts, in practice they had no real way of stopping you. And then there was Penet. I knew several people who communicated entirely through Penet. anon.penet.fi was a anonymous automated remailer service hosted in Finland that made your e-mails REALLY anonymous, by stripping all identifying information from the header and then remailing it from a different address. It was originally created just to prove a point (that the Internet would always find a way around any method of requiring authentic identification) but after a few breaches and legal challenges from the Church of Scientology, it shut down in 1996. It was never a particularly strong service (as one would expect from a service created mainly for the sake of argument), but it enjoyed quite a bit of popularity for a few years. It wasn't the only anonymous remailer, nor even the only one that permitted you to receive replies without compromising your true e-mail address, and some are still operating today. However, Penet's case clearly shows that you could send anonymous e-mail in the '90s. In fact, in many respects it was easier then than it is now.
Admin
Not necessarily; DMCA can make this sort of action criminal, but it depends on the situation. Also, whether or not this incident would fall under that banner would depend on when it happened. The DMCA was signed into law in 1998, but would not have become instantly effective. Odds are, this action predated the DMCA and thus could not be considered a violation of it. What's more, there are certain exemptions in the DMCA which he may have been able to use in defense of his actions.
In practice, the DMCA has mainly been invoked in civil court by copyright owners trying to shut down what they perceive (rightly or wrongly, depending on the case) to be infringers. The ease of submitting a DMCA takedown notice to your ISP has encouraged a certain level of abuse; some have been known to stifle criticism by claiming a copyright violation and ordering an ISP to take down the offending websites.
Admin
Admin
When I was a high schooler back in the 1970s, I went into the "career center" one day to fool around with the terminals and found that someone had switched the keycaps around. I pointed it out to the lady at the desk and for some reason she thought I had done it and started yelling at me to put them back. I protested that I hadn't done it, and she snagged a passing dean, who started yelling at me even louder. It was obvious how the keycaps came off, so I knuckled under to the yelling and fixed the problem, which to them was "proof" that I was the original vandal, and I was banned from the facility from then on.
Admin
Like I said, services like that do still exist. But there was a freshness, a newness, and idealism to it all in those days. The halcyon days of the early Web..... Maybe I'm just getting nostalgic for my college years. ;-)
Admin
That's changing, though - I'm told my old high school has started being stupid about spares. (I was lucky - I got out the year before the "mandatory daytimers" were introduced).
For that matter, I was very lucky that my high school had decently competent Computer/IT teachers. They gave us a fair bit of room to work with, and had a policy of "if you find a hole, tell us. As long as you didn't abuse it, we won't abuse you." Very nice.
And one of the Capital S Smartest things they did was physically isolating the teacher network from the student one. (As in, literally no access from one to the other). If you wanted to hack your marks, you had to physically get into the teacher's lounge/staff room.
Admin
At our high-temperature steel strip rolling mill we had people google for "hot strip" first time they got web access. Fun times.
Admin
He should have replaced that title page picture with a penis and kept his mouth shut...
Admin
while in high school, year 12 i believe, i got in deep strife by decrypting the SAM file on the local machine's administrator. as some machines still had floppy drives (and boot off them) i found a password recovery site which would decrypt the SAM file hash and reveal the password about 2 weeks later i had essentially allowed myself access to the local administrator account on every XP based computer in the school, local disk, settings and unrestricted internet
got a suspension of my login, a good talking to from the computer managers at the school and the company that does their software also they had to manually change the 300+ computer administrator passwords that where affected.
Admin
If it's an organization rather than a company, shouldn't it be at www.<whatever>.org instead?
Admin
Only if it's an organization for orgy porn. Haven't you been paying attention?
Admin
The Dauterives were from New Orleans
Admin
Was this before or after you helped Joshua learn the futility of war?
Admin
I bet it's not exaggerated.
I had an almost identical conversation with our sysadmin back at high school when I used net send to ask him what was wrong with our connection to the internet and when we could expect it to be fixed.
He even patted the monitor and told me "he got it all logged".
I had my novell account suspended. Good thing with Novell is everything you had to do was remove the TP cable before logging in and you got in with administrator access.
Admin
I think that you overestimate what someone with no technical knowledge can comprehend. I think a lot of nerds fail in these kinds of situations because they are unable to translate what they are trying to say into something the other party can understand.
I think a lot of people have no concept of a "bug".
But then I made similar mistakes in school.
Admin
You should have turned off the monitor and said that deletes the log. He might have believed it
Admin
Was this story sent to 2600 around 2000-2001? I think I read this in 2600 years ago.
Admin
Admin