If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(NPR)   Students hack into school-issued iPads and start accessing not-educational programs and websites within a week   (npr.org) divider line 150
    More: Obvious, iPads, educations, web sites, high schools, Los Angeles Unified School District, University of Rhode Island, music streaming, ipad minis  
•       •       •

7457 clicks; posted to Main » on 27 Sep 2013 at 8:18 PM (28 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



150 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

First | « | 1 | 2 | 3 | » | Last | Show all
 
2013-09-28 03:09:54 AM

fusillade762: All they had to do was delete their personal profile. That's hardly a hack.


A hack doesn't have to be obscure to be a hack.  Most of the best cracks are simple shiat like this.
 
2013-09-28 03:15:46 AM

Fade2black: Pretty ingenious idea.  All joking aside, many argue that indoctrination starts in the schools...80% of teachers are usually left-leaning liberals, and they preach that in some form or another to their students.  Now I'm not trying to start a flamewar, but I bring up my primary point:  Very smart of Apple to get them going on ipads so early.  It brainwashes them into wanting those in the future, as opposed to the myriad of other options out there.  Clever!

/not a fanboi, but I do have an iphone.
//just an observation


They started with Apple IIe
 
2013-09-28 03:39:05 AM

Jim_Callahan: fusillade762: All they had to do was delete their personal profile. That's hardly a hack.

A hack doesn't have to be obscure to be a hack.  Most of the best cracks are simple shiat like this.


Nope.
 
2013-09-28 03:45:26 AM
Yeah, because it would really be bad if people under 18 could access the Internet. Just look what happened after we started letting them use phones in the 50s.
 
2013-09-28 03:48:07 AM

Fade2black: Pretty ingenious idea.  All joking aside, many argue that indoctrination starts in the schools...80% of teachers are usually left-leaning liberals, and they preach that in some form or another to their students.  Now I'm not trying to start a flamewar, but I bring up my primary point:  Very smart of Apple to get them going on ipads so early.  It brainwashes them into wanting those in the future, as opposed to the myriad of other options out there.  Clever!

/not a fanboi, but I do have an iphone.
//just an observation


Um. Old tactic: create a market for a product where there was none. This is how Macs became ubiquitous in schools in the first place, zo it's not surprising to see distribution continue. But smart of you to bring it up, Ric, just so you could fire off a bit of right-wing derp. Clever!
 
2013-09-28 04:17:12 AM

Pincy: Why are we giving students iPads?  You can't actually do any work on an iPad.  They are for entertainment purposes only.


This.

I would think that a Windows based laptop or a windows 8 based tab would be a lot easier to lock down and would be a lot more productive for education.
 
2013-09-28 04:36:13 AM

ecmoRandomNumbers: One of my eighth-graders got me past the school's firewall when I needed to check my Facebook messages. God bless those kids. Then he says, "Hey Mr. ecmoRandomNumbers, can I check mine when you're done?"

"Sure."


No wonder kids these days have shaitty work ethics.
 
2013-09-28 04:37:24 AM

ongbok: I would think that a Windows based laptop or a windows 8 based tab would be a lot easier to lock down


School isn't really about work (or learning, or education). It's mostly about waiting around waiting for other people to do shiat. So an entertainment device is probably a net benefit.
 
2013-09-28 04:39:20 AM

baorao: Apple will let third party mdm solutions *monitor* a lot, but they wont let you *block* jack shiat.


Apple wants people to like and buy the iPad. Solutions that block things are typically contrary to Apple's goals, even if the administrator has other goals.
 
2013-09-28 04:43:23 AM

PrYgMMa: If it was on the white list it was allowed; if was disallowed they'd see a picture of  "billie the manatee" and the word 'PWN'D'.


And if they used a DNS proxy you were PWN'D and they were too smart to brag about it.

99% of networks that allow any Internet access allow unfiltered DNS queries (via a proxy or directly). It's a bit slow, but it's far and away the most reliable method to smuggle data across an uncharacterized firewall/proxy/filter.
 
2013-09-28 05:40:26 AM

Billy Bathsalt: 80% of teachers are usually left-leaning liberals


95% of idiotic statements are usually written by right-leaning right-whingers.


114% of statistics are made up on the spot!
 
2013-09-28 05:45:43 AM

ornithopter: Billy Bathsalt: 80% of teachers are usually left-leaning liberals


95% of idiotic statements are usually written by right-leaning right-whingers.

114% of statistics are made up on the spot!



It was my understanding that there would be no math.
 
2013-09-28 06:26:12 AM

ecmoRandomNumbers: Burn_The_Plows: *You're

*facepalm*

Lulz.

I've burnt myself several times correcting the grammar of others. I know that feeling.


/FIFY
 
2013-09-28 06:45:09 AM
This brings back bad memories....

Everyone always paints this image of super-hax0r teens that can't be stopped.  The truth is, it's just gross incompetence among our 'professionals' tasked with managing the school's IT.
 
2013-09-28 06:59:01 AM

sethen320: WordyGrrl: TheMega: Tom_Slick: "They told me Friday, 'I would do it for you because you're my friend,' " she says. "They told me that!"
If you weren't a friend, the hack would cost $2

$2.00 really, I bet they could easily charge $5, fire that school's Economics teacher.

No shiat... was getting $5 for a nicely written excuse slip 20 years ago!

/now I feel old... make me a cup of tea, put some lemon in it.

If $2 is the market rate, then hacking is not the cash cow I thought it was. Oh well. I was done with DOS commands anyway. So there.

Contrary to what Hollywood has told you, using DOS is not "hacking".


Legally speaking - 'anything' can be hacking.  It's largely about intent.  For example - let's say you log into your new bank and see that the URL is
www.YourBank.com/Accounts/Account7

And you think - gee, that's odd.  Account7?  Huh.  I wonder what happens if I go to
www.YourBank.com/Accounts/Account8

*THAT* is hacking.

It's absurd.  It's ridiculous.  But YOU knowingly, and willfully tried to circumvent the existing protections and access ANOTHER ACCOUNT.  It doesn't matter if the 'existing protection' was as simple as not sending you to that URL - you modified the URL.  It doesn't matter that browsers are meant to visit URLs either.  Sadly, I'm not joking.  They'll say that 'Stealing is stealing, it doesn't matter if the door is unlocked' and they'll ruin your life just the same.

I was pulled into the Principal's office in high school, along with my computer class teacher, and some guy from the district I'd never seen before.  I had to explain what 'Changing the resolution' was and why I did it.  I'm not making this up.  I'd written a program, in my programming class, that would change my resolution because 800x600 was a lot nicer than 640x480 for writing code.  This was one of my 'hacking crimes'.  I explained, as calmly as I could; that the resolution was 'how many pixels were on the screen'.  And if I had a higher resolution, it gave me 'more space to work with'.

The principal listened as told my tale.  When I'd finished, she waited some more.  Her face was turning more and more visibly angry.  Finally she said, 'SO YOU WERE SEEING PARTS OF THE SCREEN THAT STUDENTS WERE NOT SUPPOSED TO SEE?!'

*facepalm*

Nothing I did or said, would convince them otherwise.  It was exactly like the horror stories you hear about involving police.  'Never say anything!' - and it was true.  Every single thing I said was just an opportunity for them to twist my words.  To anyone who understands anything about computers, it is obviously ridiculous....but it didn't matter.  Clueless people with power aren't in the practice of admitting they are clueless.   These were the people tasked with educating the future generation (IL school district 211).

The laws are written in such a way that ANYTHING is hacking.
 
2013-09-28 07:02:32 AM

Fade2black: Now I'm not trying to start a flamewar, but

...

You're sounding like one of those "I'm not racist, but..." folks.
 
2013-09-28 07:56:51 AM

Tom_Slick: "They told me Friday, 'I would do it for you because you're my friend,' " she says. "They told me that!"
If you weren't a friend, the hack would cost $2

$2.00 really, I bet they could easily charge $5, fire that school's Economics teacher.


Came here to say this.  If the hack is a one-time-per-device thing, you could charge $10 or $20 if you're the only person who knows how to do it.  If it's easily copied or repeated, give up all hope of making money off of it.

I got my first taste of piracy in 10th grade chemistry, making TI-83 calculator programs with cheat sheets on them.  I'd only ever sell 2 or 3 copies but the whole class would have them.
 
2013-09-28 09:12:15 AM

Fade2black: Very smart of Apple to get them going on ipads so early.


This isn't new.  Apple has had deals with schools since the IIe days.  Of course for me Apples sucked so bad while I was in school it cemented my aversion to them. (IIe, Power MAC, iMAC's all sucked).  Now that Apple doesn't suck it might prove to finally pay off.
 
2013-09-28 09:16:46 AM

DrBrownCow: Keep believing that giving these kids iPads and laptops will somehow turn them into techno-savvy geniuses.   It actually meant something in 1987 when a kid knew how to use a computer.  They were devices of production that had a steep learning curve, specialized skills knowledge, and basic understanding of the underlying technology.  Today, most people are using these devices for consumption purposes and a grandma can learn to use it in a day.  No understanding of the underlying technology is required to use it.    Folks, there are certain things that need to be learned in tangible, physical ways if one wants to understand inner-workings and inter-relationships.    You know, just because we can do something doesn't mean we should, and more is not better.   The fact that most kids latch strongly onto these learning tools is something we should question rather than accept as proof of legitimacy.  Even if the intended lesson is learned more quickly, what underlying lessons are lost by removing the physical environment including books, pencils, paper.


You forgot to yell at the kids to get off your lawn.
 
gja [TotalFark]
2013-09-28 10:07:27 AM

WinoRhino: The town IT director owns all the switches used at the schools because the town's WAN goes through them as well. So he has locked the school's IT group out of the switches and BILLS their department if he has to upgrade the firmware or make a settings change.


LOL. It would take me about 1 minute to do a recovery on those switches and I could hand you the new password on a platter.
This procedure is well known and well documented. It is also a basic skill anyone who has spent any time in infrastructure possesses.
You need better I.T. folks. I am not jesting in the least.

Then you kick the directors' little Napoleonic ass to the curb. And let him know that using that tactic will get him on the wrong side of a lawsuit.

profplump: PrYgMMa: If it was on the white list it was allowed; if was disallowed they'd see a picture of  "billie the manatee" and the word 'PWN'D'.

And if they used a DNS proxy you were PWN'D and they were too smart to brag about it.

99% of networks that allow any Internet access allow unfiltered DNS queries (via a proxy or directly). It's a bit slow, but it's far and away the most reliable method to smuggle data across an uncharacterized firewall/proxy/filter.


This is true.
Most nets I put together end up with a Packeteer style device, and Websense or something equal to it. Also, a SEIM system and full capture capability.
You try that crap on one of my networks and you trigger an event. The event triggers a capture. The capture gets analyzed by the SEIM engine. The SEIM engine sends me your MAC and IP. My switch control tells me which port you are on, (or which AP you are associated with, and your location), and then you have my face in yours. Quickly.
 
2013-09-28 10:13:11 AM

zzottt: The system needs to have a full OS that is locked out if they want full control of how the device is used. If it's software locked, someone will crack it


Full control of an Apple device? lol. They don't even give you that from the factory.
 
2013-09-28 10:19:19 AM

ZzeusS: Put Untangle or something on the gateway and by default it blocks porn sites.  Blocks a ton of crap, actually.  Put in the AUP that if they bring a mobile hotspot to bypass it, 3 day suspension.

Problem solved.


A cell phone is a "mobile hotspot"
 
2013-09-28 10:40:53 AM
Why is reporting so difficult anymore? It took me way to long to find anyone reporting on what the district had in place that was bypassed.

Found it here:  http://arstechnica.com/apple/2013/09/students-gleefully-teach-admins- t hat-mobile-device-management-is-hard/

The district was using simple ActiveSync profiles instead of an enterprise MDM.
 
gja [TotalFark]
2013-09-28 10:47:35 AM

StevieKo: ZzeusS: Put Untangle or something on the gateway and by default it blocks porn sites.  Blocks a ton of crap, actually.  Put in the AUP that if they bring a mobile hotspot to bypass it, 3 day suspension.

Problem solved.

A cell phone is a "mobile hotspot"


And all wireless systems I install have rogue AP detection and containment.

Why don't all WLANs include this? I don't know, but mine sure do.

That cellphone hotspot is useless within range of the WLANs I run.
Now, using the cellphone via USB? That's another story completely. I a corporate device is setup so sloppily to allow unauthorized devices then that I.T. team are losers.
 
2013-09-28 10:48:24 AM

gja: WinoRhino: The town IT director owns all the switches used at the schools because the town's WAN goes through them as well. So he has locked the school's IT group out of the switches and BILLS their department if he has to upgrade the firmware or make a settings change.

LOL. It would take me about 1 minute to do a recovery on those switches and I could hand you the new password on a platter.
This procedure is well known and well documented. It is also a basic skill anyone who has spent any time in infrastructure possesses.
You need better I.T. folks. I am not jesting in the least.

Then you kick the directors' little Napoleonic ass to the curb. And let him know that using that tactic will get him on the wrong side of a lawsuit.

profplump: PrYgMMa: If it was on the white list it was allowed; if was disallowed they'd see a picture of  "billie the manatee" and the word 'PWN'D'.

And if they used a DNS proxy you were PWN'D and they were too smart to brag about it.

99% of networks that allow any Internet access allow unfiltered DNS queries (via a proxy or directly). It's a bit slow, but it's far and away the most reliable method to smuggle data across an uncharacterized firewall/proxy/filter.

This is true.
Most nets I put together end up with a Packeteer style device, and Websense or something equal to it. Also, a SEIM system and full capture capability.
You try that crap on one of my networks and you trigger an event. The event triggers a capture. The capture gets analyzed by the SEIM engine. The SEIM engine sends me your MAC and IP. My switch control tells me which port you are on, (or which AP you are associated with, and your location), and then you have my face in yours. Quickly.


But why?

//Seriously, this is part blame on "people should be responsible with the web at work" and part "network admins are insufferable data trolls".
///Nee
 
2013-09-28 11:19:32 AM

James10952001: I hacked the school Macs back in highschool. This was back in the 90s so security was a joke. I knew more about the computers than the "expert" teachers who administered them. Anyone else remember Foolproof on the System 7 Macs? Boot floppy would bypass it completely, or load ResEdit and delete the Foolproof extension.


I fail to see how ResEdit would have helped you in that situation...

However, holding down shift to keep turn them off? That sounds better....
 
2013-09-28 11:28:37 AM
If they wanted to prepare students for the real world, they would train them on actual business machines, not toys. This isn't about education, this is about Apple's market share.
 
gja [TotalFark]
2013-09-28 11:30:16 AM

italie: gja: WinoRhino: The town IT director owns all the switches used at the schools because the town's WAN goes through them as well. So he has locked the school's IT group out of the switches and BILLS their department if he has to upgrade the firmware or make a settings change.

LOL. It would take me about 1 minute to do a recovery on those switches and I could hand you the new password on a platter.
This procedure is well known and well documented. It is also a basic skill anyone who has spent any time in infrastructure possesses.
You need better I.T. folks. I am not jesting in the least.

Then you kick the directors' little Napoleonic ass to the curb. And let him know that using that tactic will get him on the wrong side of a lawsuit.

profplump: PrYgMMa: If it was on the white list it was allowed; if was disallowed they'd see a picture of  "billie the manatee" and the word 'PWN'D'.

And if they used a DNS proxy you were PWN'D and they were too smart to brag about it.

99% of networks that allow any Internet access allow unfiltered DNS queries (via a proxy or directly). It's a bit slow, but it's far and away the most reliable method to smuggle data across an uncharacterized firewall/proxy/filter.

This is true.
Most nets I put together end up with a Packeteer style device, and Websense or something equal to it. Also, a SEIM system and full capture capability.
You try that crap on one of my networks and you trigger an event. The event triggers a capture. The capture gets analyzed by the SEIM engine. The SEIM engine sends me your MAC and IP. My switch control tells me which port you are on, (or which AP you are associated with, and your location), and then you have my face in yours. Quickly.

But why?

//Seriously, this is part blame on "people should be responsible with the web at work" and part "network admins are insufferable data trolls".
///Nee


You ask "But why?".
Because I work somewhere that has tremendous governmental oversight and regulation. If we fail to do our job or prove that we are doing our jobs we are DONE.
It isn't unheard of to do time for a serious breach in my sector, certainly huge fines and a ruined career and name is on the menu.
Besides, the company I work for has custody and access to personal info for tens of thousands of folks just like you and me. All those people have a right to expect I do my damned job.

I am not an insufferable data troll.
I have the limits set to where it takes something that adds unacceptable risk to the company before you get facetime from me.
This allows me to say to the auditors "Yes, we are doing the right thing and I can prove it."
If you work with me you come to know I allow no exception for myself either. I respect the same rules as all my coworkers. I am even-handed and fair.

These schools need to approach security in the same manner. We have a right to expect our children are protected from undue risk, and we also have a responsibility as their elders to show them we will enforce limits and boundaries on them. Because in a civilized society people need to obey certain rules and laws or it all goes to crap. Kids need to be shown there is a reasonable degree of authority they must respect. REASONABLE, not overbearing.
Keeping them focused on scholastics while in school is reasonable. Making certain their info systems are secure and hold them to certain boundaries is reasonable.

And I am not an "admin", more of an enterprise architect. Security and risk mgmt usually ends up in my lap because of my experience and ability to be diplomatically firm. Comes with age I suppose. The old fatherly touch.
 
2013-09-28 11:39:47 AM

bojon: I wonder who will be responsible if they are lost or stolen? They are going to have bigger problem.


About 2 dozen are already 'missing'.
The LAUSD is already drowning in red ink and they buy stupid crap like this.
 
2013-09-28 11:47:19 AM

Saul T. Balzac: Fade2black: 80% of teachers are usually left-leaning liberals.

[upload.wikimedia.org image 300x163]


On the right, Gross estimates that economic conservatives comprise just 4 percent of academia, and that 23 percent of academics are social and pro-military conservatives.

Taken from a left leaning article that attempts to say that even if education is overrun with liberals it's no big deal.

http://www.motherjones.com/politics/2013/04/higher-education-liberal -r esearch-indoctrination
 
2013-09-28 11:51:55 AM

PrYgMMa: That's why when I was a network admin in a 9-12 charter school, I managed all filtering on the network level. All traffic was routed through a proxy via pfSense. There was MAC based authentication to allow or disallow access to any port or address. If it was on the white list it was allowed; if was disallowed they'd see a picture of  "billie the manatee" and the word 'PWN'D'.

God, they hated me... but my network was always up and the kids never saw a minute of porn. They'd say stuff like "Can't you just turn Facebook on for a little while, in the morning or at lunch?" or "All of my friends use SSL proxies, why don't those work here?"...


Most sys admins don't want to put in that much work.
We're a Windows shop at work and boy do I love me some GPO control and network level security :)
 
2013-09-28 12:18:39 PM

Tom_Slick: Fade2black: Very smart of Apple to get them going on ipads so early. It brainwashes them into wanting those in the future, as opposed to the myriad of other options out there.

Apple's been doing this for years in the mid-90s I could buy an apple desktop loaded with all kinds of great software through my college bookstore for less than the software would cost for a Windows machine.


Wow, because when I went to college in the mid 90s my college bookstore not only had apples at discount prices, but ibm pcs at discount prices, but also every MS product at *gasp* discount prices.
 
2013-09-28 12:19:45 PM

OgreMagi: On one side you have a handful of overworked, underpaid, inexperienced techies setting the security on these things.

On the other side you every teenage boy in Los Angeles wanting porn.

Guess who will always win?

Hell, I'm extremely experienced and highly confident of my skills.  I don't think I would win this little war.


This. And then you have good students who want to take ten-minute breaks or internet surf after getting their work done. I only learned about proxies and how to ask friends for hacks because my school's idiot admin kept blocking all the sites I used to unwind.
 
2013-09-28 12:32:41 PM

gja: LOL. It would take me about 1 minute to do a recovery on those switches and I could hand you the new password on a platter.
This procedure is well known and well documented. It is also a basic skill anyone who has spent any time in infrastructure possesses.
You need better I.T. folks. I am not jesting in the least.

Then you kick the directors' little Napoleonic ass to the curb. And let him know that using that tactic will get him on the wrong side of a lawsuit.


You misunderstood-- that's not my district. That's the neighboring town's situation. It's somewhat the opposite where we are. My boss, the IT director for the schools, and myself (net admin) have everything well in hand. Like them, our town also has segregated IT departments: one for the school district and one for the town buildings. The town has completely lost faith in their IT department, and a few buildings simply do not let them touch their equipment any longer. The public safety building has locked them out, and the veteran's affairs building just calls the school IT department (me) when they have issues. Inept doesn't even begin to describe them. They call consultants to upgrade firmware. Their idea of providing wireless for the town hall was to plug in a Linksys router with no security on it.  They never change any of the default passwords on their devices either (routers, switches, etc).
 
2013-09-28 01:22:55 PM
Must be a short bus school, if it took that long.
 
2013-09-28 01:33:42 PM

drdonks: Far more impressed by the kids in Africa who were messing with Android within 5 months of their first exposure with a computer:


http://www.theregister.co.uk/2012/11/01/kids_learn_hacking_android/


Not really. What they did was minor and kids 25+ years ago were doing a lot more with a lot less.
 
2013-09-28 03:23:45 PM

gja: italie: gja: WinoRhino: The town IT director owns all the switches used at the schools because the town's WAN goes through them as well. So he has locked the school's IT group out of the switches and BILLS their department if he has to upgrade the firmware or make a settings change.

LOL. It would take me about 1 minute to do a recovery on those switches and I could hand you the new password on a platter.
This procedure is well known and well documented. It is also a basic skill anyone who has spent any time in infrastructure possesses.
You need better I.T. folks. I am not jesting in the least.

Then you kick the directors' little Napoleonic ass to the curb. And let him know that using that tactic will get him on the wrong side of a lawsuit.

profplump: PrYgMMa: If it was on the white list it was allowed; if was disallowed they'd see a picture of  "billie the manatee" and the word 'PWN'D'.

And if they used a DNS proxy you were PWN'D and they were too smart to brag about it.

99% of networks that allow any Internet access allow unfiltered DNS queries (via a proxy or directly). It's a bit slow, but it's far and away the most reliable method to smuggle data across an uncharacterized firewall/proxy/filter.

This is true.
Most nets I put together end up with a Packeteer style device, and Websense or something equal to it. Also, a SEIM system and full capture capability.
You try that crap on one of my networks and you trigger an event. The event triggers a capture. The capture gets analyzed by the SEIM engine. The SEIM engine sends me your MAC and IP. My switch control tells me which port you are on, (or which AP you are associated with, and your location), and then you have my face in yours. Quickly.

But why?

//Seriously, this is part blame on "people should be responsible with the web at work" and part "network admins are insufferable data trolls".
///Nee

You ask "But why?".
Because I work somewhere that has tremendous governmental oversight and regulation. If we fa ...


So one more question, do you block Fark?
 
2013-09-28 04:47:17 PM

saturn badger: Fade2black: Pretty ingenious idea.  All joking aside, many argue that indoctrination starts in the schools...80% of teachers are usually left-leaning liberals, and they preach that in some form or another to their students.  Now I'm not trying to start a flamewar, but I bring up my primary point:  Very smart of Apple to get them going on ipads so early.  It brainwashes them into wanting those in the future, as opposed to the myriad of other options out there.  Clever!

/not a fanboi, but I do have an iphone.
//just an observation

Tried and true indoctrination. How do you think the Apple II made such inroads into the schools? This is just history repeating itself. They were a loss leader but the future students went Apple.


Maybe some of them did. My schools were all Apple but most of the geeks I knew had a PC at home. Most normal people had no computer at all back then though.
 
2013-09-28 04:56:35 PM

sethen320: WordyGrrl: TheMega: Tom_Slick: "They told me Friday, 'I would do it for you because you're my friend,' " she says. "They told me that!"
If you weren't a friend, the hack would cost $2

$2.00 really, I bet they could easily charge $5, fire that school's Economics teacher.

No shiat... was getting $5 for a nicely written excuse slip 20 years ago!

/now I feel old... make me a cup of tea, put some lemon in it.

If $2 is the market rate, then hacking is not the cash cow I thought it was. Oh well. I was done with DOS commands anyway. So there.

Contrary to what Hollywood has told you, using DOS is not "hacking".


Sadly the legal system an school admins have a very broad definition of hacking. Even back in the 90s they got the police involved after a prankster bypasses Foolproof and printed some inappropriate stuff on the main office printer. Anything that bypasses any security measure is hacking from their standpoint.
 
2013-09-28 05:03:09 PM

Fark_Guy_Rob: sethen320: WordyGrrl: TheMega: Tom_Slick: "They told me Friday, 'I would do it for you because you're my friend,' " she says. "They told me that!"
If you weren't a friend, the hack would cost $2

$2.00 really, I bet they could easily charge $5, fire that school's Economics teacher.

No shiat... was getting $5 for a nicely written excuse slip 20 years ago!

/now I feel old... make me a cup of tea, put some lemon in it.

If $2 is the market rate, then hacking is not the cash cow I thought it was. Oh well. I was done with DOS commands anyway. So there.

Contrary to what Hollywood has told you, using DOS is not "hacking".

Legally speaking - 'anything' can be hacking.  It's largely about intent.  For example - let's say you log into your new bank and see that the URL is
www.YourBank.com/Accounts/Account7

And you think - gee, that's odd.  Account7?  Huh.  I wonder what happens if I go to
www.YourBank.com/Accounts/Account8

*THAT* is hacking.

It's absurd.  It's ridiculous.  But YOU knowingly, and willfully tried to circumvent the existing protections and access ANOTHER ACCOUNT.  It doesn't matter if the 'existing protection' was as simple as not sending you to that URL - you modified the URL.  It doesn't matter that browsers are meant to visit URLs either.  Sadly, I'm not joking.  They'll say that 'Stealing is stealing, it doesn't matter if the door is unlocked' and they'll ruin your life just the same.

I was pulled into the Principal's office in high school, along with my computer class teacher, and some guy from the district I'd never seen before.  I had to explain what 'Changing the resolution' was and why I did it.  I'm not making this up.  I'd written a program, in my programming class, that would change my resolution because 800x600 was a lot nicer than 640x480 for writing code.  This was one of my 'hacking crimes'.  I explained, as calmly as I could; that the resolution was 'how many pixels were on the screen'.  And if I had a higher resolution, it gave me 'more space to work with'.

The principal listened as told my tale.  When I'd finished, she waited some more.  Her face was turning more and more visibly angry.  Finally she said, 'SO YOU WERE SEEING PARTS OF THE SCREEN THAT STUDENTS WERE NOT SUPPOSED TO SEE?!'

*facepalm*

Nothing I did or said, would convince them otherwise.  It was exactly like the horror stories you hear about involving police.  'Never say anything!' - and it was true.  Every single thing I said was just an opportunity for them to twist my words.  To anyone who understands anything about computers, it is obviously ridiculous....but it didn't matter.  Clueless people with power aren't in the practice of admitting they are clueless.   These were the people tasked with educating the future generation (IL school district 211).

The laws are written in such a way that ANYTHING is hacking.


And thus deny, deny, deny. Resolution? I don't even know what that is, I just tried out my program an the screen went all wonky, I have no idea what happened. It works better than trying to explain what you did to morons. If they don't know what you're talking about, it's a lot harder for them to prove what you did.
 
2013-09-28 05:06:17 PM

gja: WinoRhino: The town IT director owns all the switches used at the schools because the town's WAN goes through them as well. So he has locked the school's IT group out of the switches and BILLS their department if he has to upgrade the firmware or make a settings change.

LOL. It would take me about 1 minute to do a recovery on those switches and I could hand you the new password on a platter.
This procedure is well known and well documented. It is also a basic skill anyone who has spent any time in infrastructure possesses.
You need better I.T. folks. I am not jesting in the least.

Then you kick the directors' little Napoleonic ass to the curb. And let him know that using that tactic will get him on the wrong side of a lawsuit.

profplump: PrYgMMa: If it was on the white list it was allowed; if was disallowed they'd see a picture of  "billie the manatee" and the word 'PWN'D'.

And if they used a DNS proxy you were PWN'D and they were too smart to brag about it.

99% of networks that allow any Internet access allow unfiltered DNS queries (via a proxy or directly). It's a bit slow, but it's far and away the most reliable method to smuggle data across an uncharacterized firewall/proxy/filter.

This is true.
Most nets I put together end up with a Packeteer style device, and Websense or something equal to it. Also, a SEIM system and full capture capability.
You try that crap on one of my networks and you trigger an event. The event triggers a capture. The capture gets analyzed by the SEIM engine. The SEIM engine sends me your MAC and IP. My switch control tells me which port you are on, (or which AP you are associated with, and your location), and then you have my face in yours. Quickly.


Systems like that were fun. Change the home page on the browser to something sketchy then sit back and watch from a distance as the IT nerd gets in the face of the preppy kid who just sat down and opened the browser to look something up.
 
2013-09-28 05:09:26 PM

Walt_Jizzney: James10952001: I hacked the school Macs back in highschool. This was back in the 90s so security was a joke. I knew more about the computers than the "expert" teachers who administered them. Anyone else remember Foolproof on the System 7 Macs? Boot floppy would bypass it completely, or load ResEdit and delete the Foolproof extension.

I fail to see how ResEdit would have helped you in that situation...

However, holding down shift to keep turn them off? That sounds better....


They fixed the hold down shift loophole in later versions so that Foolproof would load anyway. ResEdit would let you delete files even when they were in use, so you could delete FoolProof and reboot.
 
gja [TotalFark]
2013-09-28 06:34:58 PM

italie: You ask "But why?".
Because I work somewhere that has tremendous governmental oversight and regulation. If we fa ...

So one more question, do you block Fark?


Yes. We do. I access it via MY laptop with MY cellular card. This laptop does not touch the corp network.
 
gja [TotalFark]
2013-09-28 06:36:08 PM

James10952001: Systems like that were fun. Change the home page on the browser to something sketchy then sit back and watch from a distance as the IT nerd gets in the face of the preppy kid who just sat down and opened the browser to look something up.


Yeah, about that. You couldn't. Locked down via GPO. Sorry. Try something else.
 
gja [TotalFark]
2013-09-28 06:45:32 PM

WinoRhino: gja: LOL. It would take me about 1 minute to do a recovery on those switches and I could hand you the new password on a platter.
This procedure is well known and well documented. It is also a basic skill anyone who has spent any time in infrastructure possesses.
You need better I.T. folks. I am not jesting in the least.

Then you kick the directors' little Napoleonic ass to the curb. And let him know that using that tactic will get him on the wrong side of a lawsuit.

You misunderstood-- that's not my district. That's the neighboring town's situation. It's somewhat the opposite where we are. My boss, the IT director for the schools, and myself (net admin) have everything well in hand. Like them, our town also has segregated IT departments: one for the school district and one for the town buildings. The town has completely lost faith in their IT department, and a few buildings simply do not let them touch their equipment any longer. The public safety building has locked them out, and the veteran's affairs building just calls the school IT department (me) when they have issues. Inept doesn't even begin to describe them. They call consultants to upgrade firmware. Their idea of providing wireless for the town hall was to plug in a Linksys router with no security on it.  They never change any of the default passwords on their devices either (routers, switches, etc).


Wow. that district sounds like a techno-hellhole. They have my deepest condolences. You must rue having to deal with them on ANY level.
 
2013-09-28 07:12:05 PM

gja: James10952001: Systems like that were fun. Change the home page on the browser to something sketchy then sit back and watch from a distance as the IT nerd gets in the face of the preppy kid who just sat down and opened the browser to look something up.

Yeah, about that. You couldn't. Locked down via GPO. Sorry. Try something else.


Oh I would if I were still in highschool but those days are long past. The more security measures, the more fun it was to break them. People take that stuff too seriously now.
 
2013-09-28 09:36:29 PM

gja: italie: You ask "But why?".
Because I work somewhere that has tremendous governmental oversight and regulation. If we fa ...

So one more question, do you block Fark?

Yes. We do. I access it via MY laptop with MY cellular card. This laptop does not touch the corp network.


Do your minions get to play by those rules?


/Most corporations with access to sensitive information would frown on that type of thing, being able to compromise security with a USB stick 'n all
//Just saying.
 
2013-09-28 09:50:23 PM

italie: gja: italie: You ask "But why?".
Because I work somewhere that has tremendous governmental oversight and regulation. If we fa ...

So one more question, do you block Fark?

Yes. We do. I access it via MY laptop with MY cellular card. This laptop does not touch the corp network.

Do your minions get to play by those rules?


/Most corporations with access to sensitive information would frown on that type of thing, being able to compromise security with a USB stick 'n all
//Just saying.


You notice how he emphasized the word my? He is doing that with his personal laptop, not his work issued laptop. He is saying his work issued laptop is used for work only, he uses his personal laptop to Fark around at work and he uses a cellular card to access the internet.
 
gja [TotalFark]
2013-09-28 11:07:21 PM

ongbok: italie: gja: italie: You ask "But why?".
Because I work somewhere that has tremendous governmental oversight and regulation. If we fa ...

So one more question, do you block Fark?

Yes. We do. I access it via MY laptop with MY cellular card. This laptop does not touch the corp network.

Do your minions get to play by those rules?


/Most corporations with access to sensitive information would frown on that type of thing, being able to compromise security with a USB stick 'n all
//Just saying.

You notice how he emphasized the word my? He is doing that with his personal laptop, not his work issued laptop. He is saying his work issued laptop is used for work only, he uses his personal laptop to Fark around at work and he uses a cellular card to access the internet.


Yeah, you seemed to have got it. italie not so much.
I toe the line. I don't have 'minions'. Nobody 'works for me'. They work on my team. I do not 'own' them. They are professionals and I detest those who say "i have all these people under me". What a jackbooted way of thinking. I pity those with bosses that think like that. My reports are ALL excellent pros.

My work machine isn't a laptop. It is a virtual desktop. It never leaves the server center. Integrity, it matters at work.
 
2013-09-29 08:08:40 AM

gja: ongbok: italie: gja: italie: You ask "But why?".
Because I work somewhere that has tremendous governmental oversight and regulation. If we fa ...

So one more question, do you block Fark?

Yes. We do. I access it via MY laptop with MY cellular card. This laptop does not touch the corp network.

Do your minions get to play by those rules?


/Most corporations with access to sensitive information would frown on that type of thing, being able to compromise security with a USB stick 'n all
//Just saying.

You notice how he emphasized the word my? He is doing that with his personal laptop, not his work issued laptop. He is saying his work issued laptop is used for work only, he uses his personal laptop to Fark around at work and he uses a cellular card to access the internet.

Yeah, you seemed to have got it. italie not so much.
I toe the line. I don't have 'minions'. Nobody 'works for me'. They work on my team. I do not 'own' them. They are professionals and I detest those who say "i have all these people under me". What a jackbooted way of thinking. I pity those with bosses that think like that. My reports are ALL excellent pros.

My work machine isn't a laptop. It is a virtual desktop. It never leaves the server center. Integrity, it matters at work.


I get it, I just don't agree with it. Every secured facility I've ever work for has drawn the line at personal gear coming in or out unless it was worked over to the same extent as the company gear.

You never answered the question as to whether you "colleagues" get to play by the same rules. There are quite a number of business hour posts by you. I have never come across a boss, network admin, "security expert" or otherwise who would allow people to bring in their own equipment in such a secured environment...especially if it serves no purpose to the company other than to surf Fark (assuming that anything not needing to touch the internal network serves no useful purpose). Most would have a heart attack upon seeing the cellular card. If everyone else gets to bring in unprotected personal gear, there is no point in blocking web traffic to the extent you do...because you have no control over data in the building anymore.

Listen, I'm not claiming to know your situation. I am saying that you go to extensive lengths to secure your networks, and yet here you are Mon-Fri, and on your own gear/pipe. You block Fark, so obviously your company frowns upon it, yet hear you are Mon-Fri.

I've heard the "Fair and balanced" speech from every gatekeeper I've come across. Almost all of them (at least all the ones worth a damn) are data trolls who will be "In your face" at the slightest hint of activity deemed inappropriate. I get it. Comes with the job. What I don't get is the double standard.
 
Displayed 50 of 150 comments

First | « | 1 | 2 | 3 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report