My school fails at computer security...

The school experience. School related queries, discussions, and stories that aren't specific to a subject.

Moderators: gmalivuk, Prelates, Moderators General

Re: My school fails at brainbox security...

Postby hintss » Thu Mar 31, 2011 6:05 am UTC

gear-guy wrote:... sending a mass email of a picture of a cat that crashed the mailserver and blowing up a electric socket..

Can I get a copy of that? sounds funny
"s/god/flying spaghetti monster/"
User avatar
hintss
 
Posts: 1294
Joined: Wed Nov 25, 2009 7:19 am UTC

Re: My school fails at brainbox security...

Postby gear-guy » Thu Mar 31, 2011 6:22 am UTC

hintss wrote:
gear-guy wrote:... sending a mass email of a picture of a cat that crashed the mailserver and blowing up a electric socket..

Can I get a copy of that? sounds funny


when i say picture, its really one of those annoying screenmates, this one advertising felix cat food. The main reason it crashed was because it had to send an email to over 1000 people at the exact same time. And just to clarify; the socket thing is unrelated, that belongs in physics.
User avatar
gear-guy
 
Posts: 22
Joined: Thu May 06, 2010 6:05 pm UTC
Location: Edinburgh-ish, Scotland

Re: My school fails at brainbox security...

Postby Lord Aro » Thu Mar 31, 2011 6:27 am UTC

Hi!

Here be my experiences with a British high school...
  • The security seems to be pretty tight (all PCs running XP), with .exe, .cmd, .bat all blocked. Only access to 'your' drive (N) and two other shared, read-only drives.
  • Command prompt is disabled.
  • All known proxies are blocked, coming up with the error message 'Banned Proxy Script' so it seems to be recognizing the script itself, rather than the individual URL.
  • Numerous attempts to get into the C:\ drive failed - blocked as well as hidden, with only certain folders being able to use, and of course not being able to bring up any of these in windows explorer.
However, i have recently discovered that .bat in zipped files work! :) (I'll probably report it in a while if i can't think of anything to do with the information :roll: )
I have tried with my own laptop yet, but a quick look with a friend's suggests that something more might be possible (accessing other computers etc)

Any tips? :lol:
Lord Aro
 
Posts: 1
Joined: Thu Mar 31, 2011 6:02 am UTC

Re: My school fails at computer security...

Postby TangoEight » Sat Apr 02, 2011 8:07 pm UTC

At another British high school (leaving in a few weeks :)) the security looks tight but it isnt if you look.

On the main network:
  • all computers running xp sp3
  • command prompt blocked
  • task manager blocked
  • desktop and start menu/taskbar properties blocked
  • can see all of the computers on the network
  • can access the bios and edit boot order (I didnt do it)
  • .exe files are not blocked, these are the most obvious ones so all other files probably arent blocked
  • most (of the good) websites are blocked

On the netbooks (off the network)
  • even safely remove hardware is blocked
  • same web filtering
  • wiped on every boot
  • slower and worse to us than the full size laptops that have slower cpus and less ram than my phone :evil:
TangoEight
 
Posts: 2
Joined: Sat Apr 02, 2011 4:28 pm UTC

Re: My school fails at computer security...

Postby Technical Ben » Sun Apr 03, 2011 8:19 am UTC

Serial numbers is another thing. I often wonder how many XP/Windows 7 CD keys you could get just by walking through a shop/office with a notebook. (Hint, it's on a sticker on the cases. :roll: )
It's all physics and stamp collecting.
It's not a particle or a wave. It's just an exchange.
Technical Ben
 
Posts: 2989
Joined: Tue May 27, 2008 10:42 pm UTC

Re: My school fails at computer security...

Postby Sokh » Thu Apr 14, 2011 1:38 pm UTC

Assuming they're bound to the same microsoft for schools license that we are. The license we agree to with microsoft means we have to have that sticker with the original CD key visible on the case. The computers are all actually on another key that is used on all the machines, that's just the key that was on the machine when we bought it (licensing means we have to purchase computers with a windows OS on it). So although its visible, out of our hands, and not being used anyway.

But serial numbers, seriously, don't peel them off, or vandalise the asset numbers. It angers us greatly, and makes us want to assault you all with large pointy objects. I speak on behalf of all technicians for that point.
User avatar
Sokh
 
Posts: 274
Joined: Thu Jun 10, 2010 1:03 pm UTC

Re: My school fails at computer security...

Postby gear-guy » Mon Apr 18, 2011 9:21 pm UTC

Sokh wrote:But serial numbers, seriously, don't peel them off, or vandalise the asset numbers. It angers us greatly, and makes us want to assault you all with large pointy objects. I speak on behalf of all technicians for that point.

What about taking down mailservers, does that anger you?
User avatar
gear-guy
 
Posts: 22
Joined: Thu May 06, 2010 6:05 pm UTC
Location: Edinburgh-ish, Scotland

Re: My school fails at computer security...

Postby watchpigsfly » Sat Apr 23, 2011 6:14 pm UTC

Sorry if I'm reposting any points about bad school security, I was eager to share the awfulness of mine.
-All of the student computers have the same username and password.
-Running Windows XP, no security holes fixed.
-All teacher accounts have the same format: teacher last name for username, password is room number followed by first name.
-All network drives are accessible by everybody, I've been able to see every file in the network before.
-Too many holes to count, my friends have joked that we could remap a key to set off a prank worm whenever we want.
-Still running IE 6 or whatever, the one that shipped with XP

My science teacher is well aware of all of this, and God bless him, he runs a Mac that isn't connected to the network, he just plugs in his little Verizon hotspot thing. I wonder if the high school is just as bad (guess I'll see in a couple months).
watchpigsfly
 
Posts: 3
Joined: Sat Apr 23, 2011 5:54 pm UTC
Location: Monrovia, CA

Re: My school fails at computer security...

Postby altalt667 » Sat Apr 23, 2011 8:51 pm UTC

My school is funny. They have IP matching for the wifi, so even though everyone knows the password is the principal's last name, no one can use the wifi (suggestions to get around this would be cool). The webfilter (Web-washer) is inneffective because of Ultrasurf which is really a gem, just about all of the teachers use it as well. They installed some big-brother program called K-box which you can terminate the process for to get rid of it. They also have all the computers logged into one general student account, so there are about 100 games (halo, unreal tournament, starcraft, warcraft). The IT people are completely incompetent, so i'm amazed there aren't more security vulnerabilities.

EDIT: Funny anecdote. the webwasher used to block our orchestra website because of "pornography"
----------
Lame signature
altalt667
 
Posts: 15
Joined: Fri Apr 15, 2011 8:37 pm UTC
Location: Boston soon...

Re: My school fails at computer security...

Postby gear-guy » Fri Apr 29, 2011 10:09 am UTC

Before i had very little problem with the web filter, if there was something i needed that was blocked i'd just use my HTC as a hotspot for my netbook, but now i have a huge problem with it. They blocked google. Yes google. The incompetent bastards say because of the way google images works now they cant properly filter innapropriate images. Now google.com and google.co.uk redirect to yahoo, but virtually all other google domains still work. They fail at failing.
User avatar
gear-guy
 
Posts: 22
Joined: Thu May 06, 2010 6:05 pm UTC
Location: Edinburgh-ish, Scotland

Re: My school fails at computer security...

Postby rath358 » Sat Apr 30, 2011 7:47 pm UTC

ours blocked all of Google's domains that I know of a couple months ago, but only on wireless. it is a little strange.
TEAM SHIVAHN
Pretty much the best team ever

Red Hal wrote:If you can't tick all the boxes then you don't have privilege! Privilege; it's a multiple-input AND gate!
User avatar
rath358
almost, but not quite, the prettiest princess
 
Posts: 865
Joined: Wed Jan 14, 2009 6:02 am UTC
Location: RPI

Re: My school fails at computer security...

Postby Neodymium_Modem » Sun May 01, 2011 5:41 am UTC

At my school, the Wi-Fi is unsecured, but you need to have the correct IP, DNS, etc. A few months ago, a friend of mine sat outside the school with a laptop running a packet sniffer, and got all of the info in a few minutes. He gave that info to me, and now sometimes I sit in science class with my iPod, browsing Funnyjunk.

The web filter is a POS. Funnyjunk, which is NSFW, gets through fine. No big deal. Randsinrepose is fine, even though the site is littered with swears and thus should be blocked. Yahoo Answers is blocked, even though most student research comes off of there.

On the school Macs, all programs can be opened, and new ones can be downloaded. At least 35 people in my 200 person school have Minecraft on their school machines. Keyloggers and Apple VNC are installed and running on all computers at all times, and a ping is sent to the computer guy's computer every time a student shuts off their AirPort.

The school's library search system is hosted on the district server over at the high school. The server is incredibly old from what I hear, and it deals with all web traffic and network storage for the entire school district. I could bring the entire network down with my laptop running LOIC...

On top of all that, EVERY computer on the network can be accessed. It's fun to log into the librarian's computer and move files around. Nobody has caught me.

They really try extremely hard to make the network secure. It keeps out the morons that need help finding the power button (about 95% of people in the school), but people like me look at their "security" and laugh. Hard enough that the sound waves from our laughter travels over to the high school and causes a server hardware crash.

EDIT: Also, to charge somebody's lunch account, all you have to do is put in their student ID, which can easily be found just by looking at the keypad when they put their ID in. Everybody except me in the school has one that starts with 1070... Mine starts with 1117. Everybody's computer has the same password. Their online class login is just their student ID and their first name. The grade checking system is the student's ID, but with a custom password, which I could probably get with either some social engineering, hacking, or just peeking over somebody's shoulder.
Neodymium_Modem
 
Posts: 6
Joined: Sun Apr 24, 2011 3:16 pm UTC

Re: My school fails at computer security...

Postby cjmcjmcjmcjm » Sun May 08, 2011 4:30 am UTC

Yahoo Answers is blocked, even though most student research comes off of there.
This is a very good thing.
frezik wrote:Anti-photons move at the speed of dark

DemonDeluxe wrote:Paying to have laws written that allow you to do what you want, is a lot cheaper than paying off the judge every time you want to get away with something shady.
User avatar
cjmcjmcjmcjm
 
Posts: 1122
Joined: Tue Jan 05, 2010 5:15 am UTC
Location: Anywhere the internet is strong

Re: My school fails at computer security...

Postby Parsifal » Mon May 09, 2011 12:09 pm UTC

Just be careful. I did something like this in high school (actually, demonstrated how students in the majority of classes could alter their grades at will) and almost got expelled. Remember that, whatever your intentions, you are threatening the job security of a district IT goon who has nothing else to do but get rid of little troublemakers who make his life difficult.
Parsifal
 
Posts: 114
Joined: Thu Feb 28, 2008 1:35 am UTC

Re: My school fails at computer security...

Postby jakash3 » Sun May 22, 2011 11:38 pm UTC

During the first half of my junior year in highschool, I obtained full control of 40 student computers in a lab. I did it with my famous sticky keys hack where I booted to an alternate OS, mounted the disk, replaced sethc.exe (sticky keys program) with a copy of cmd.exe. After that, I get full system access before logging in by pressing shift 5 times where the would-be sticky keys dialogue that would come up is instead spawned as command prompt. From there, I run pwdump and jtr the passwords at home. The local admin password for all 40 computers in that class was "rugrats".

To make things easier and sexier, I made a gui program as a front-end for sysinternals pstools suite for manipulating the network. I gave some copies to my friends and we were easily able to remotely transfer, execute, kill, and suspend programs. A really fun experience where we would frequently freeze people's halo pc program while they were playing it or open IE windows of porn.

Also, some user folder permissions were messed up in the domain, so we set up a hidden folder in one user's folder so we could share files across the network. Unfortunately, It was already too late by the time I myself found out that the admin had a RAT running on every computer (even made more apparent when the admin sent some message pop-ups to us). We were busted and expelled from using school computers. The sad part though was that the VP didn't know what she was punishing us for, all she knew was that it was hacking and just swiftly suspended and took away our computer privileges forever to get her job for the day over with. She even gave the same punishment for the innocent user who's folder we used as a file share. Her social engineering to get my dumb friends and the innocent user to admit to things they didn't do or don't know about was brilliant and malicious.

The admin/teacher who reported us doesn't even teach. Everyday she does nothing not even speaks to us while the abandoned students get a free hour of play time on the computer. I'm like the only coder in my school and there are no programming classes or anyone interested in such an area in my school.
jakash3
 
Posts: 3
Joined: Sun May 22, 2011 10:55 pm UTC

Re: My school fails at computer security...

Postby TheGrammarBolshevik » Mon May 23, 2011 1:13 pm UTC

Congratulations. You compromised a machine to which you had physical access.

Also, after your campaign of randomly fucking with your classmates, you're blaming your principal for unfairly punishing one of them?
Nothing rhymes with orange,
Not even sporange.
User avatar
TheGrammarBolshevik
 
Posts: 4619
Joined: Mon Jun 30, 2008 2:12 am UTC
Location: Going to and fro in the earth, and walking up and down in it.

Re: My school fails at computer security...

Postby Revolution0 » Tue May 24, 2011 10:46 pm UTC

altalt667 wrote:My school is funny. They have IP matching for the wifi, so even though everyone knows the password is the principal's last name, no one can use the wifi (suggestions to get around this would be cool).


Well, you could run a wifi card in passive sniffing mode to pull some authorized MACs, then spoof it.

Source: Some ancient Ars Technica article on why you shouldn't rely on MAC authentication.
Revolution0
 
Posts: 12
Joined: Mon Oct 19, 2009 5:06 am UTC

Re: My school fails at computer security...

Postby SWGlassPit » Thu May 26, 2011 4:40 pm UTC

The only problem, of course, being that duplicate MACs on a network can get a bit confusing, as your computer will be responding to traffic it didn't solicit.
Up in space is a laboratory the size of a football field zipping along at 7 km/s. It's my job to keep it safe.
Image
Erdös number: 5
User avatar
SWGlassPit
 
Posts: 312
Joined: Mon Feb 18, 2008 9:34 pm UTC
Location: Houston, TX

Re: My school fails at computer security...

Postby Chant » Sun May 29, 2011 5:28 am UTC

Just starting to learn this kinda stuff as I go along probing around my school's security.
can't task manager with ctrl-alt-delete, but right clicking the start menu works. I found MeSuAx.exe (vision6) and although you can only access student drives I got into c with firefox - file:///c:/. I can see all the files and run explorer, but can't write anything.
side note: in a week my school gets out and I'm planning on visiting a friend next school over, says his teachers will be ok with it. What do I put on a flash drive? got DotA, minecraft, a LAN chat thingy, some dumb .bats, command.com, ultrasurf, and 91 MB left.
Chant
 
Posts: 5
Joined: Sun May 29, 2011 5:21 am UTC

Re: My school fails at computer security...

Postby Isofox » Mon May 30, 2011 8:17 pm UTC

At my school, you could access the student records, including names, DoB, exam entries, photos, addresses, medical details, etc., as well as the administrator password on an open share on one of the server. The I told them about it, and it was fixed. A few months later they did it again, and I told them again. This has happened three times so far. Also, most PCs are free to download and run whatever you want, as they get blanked whenever you turn them off. On the few that are secured, to only have MS Office, and access to a memory stick, it's trivial to type `cmd` into a MS Word document, and save it as plain text called something.bat. From there, the rest is easy.
Isofox
 
Posts: 9
Joined: Sun Jan 18, 2009 5:20 pm UTC

Re: My school fails at computer security...

Postby hintss » Thu Jun 02, 2011 8:26 am UTC

jakash3 wrote:...

The admin/teacher who reported us doesn't even teach. Everyday she does nothing not even speaks to us while the abandoned students get a free hour of play time on the computer. I'm like the only coder in my school and there are no programming classes or anyone interested in such an area in my school.

everyone in your group needs to read these:
http://wiki.stealthiswiki.org/wiki/Security_Culture
http://wiki.stealthiswiki.org/wiki/Legal_Advice
"s/god/flying spaghetti monster/"
User avatar
hintss
 
Posts: 1294
Joined: Wed Nov 25, 2009 7:19 am UTC

Re: My school fails at computer security...

Postby markop2003 » Wed Jun 22, 2011 10:18 pm UTC

My HS didn't even try. The teachers gave out the admin account to bypass the web filter for 'research purposes' and as long as you didn't use windows explorer you could explore the entire storage network as much as you wished including access to the library login system which was synced with the active directory logon database.
markop2003
 
Posts: 60
Joined: Sun Jun 06, 2010 4:21 pm UTC

Re: My school fails at computer security...

Postby Enokh » Mon Jul 11, 2011 7:46 pm UTC

As a troubleshooter for four public schools (it's a small district -- 2100 kids or so), this thread has brought me great joy.
Enokh
 
Posts: 473
Joined: Mon Jan 17, 2011 1:55 pm UTC

Re: My school fails at computer security...

Postby Neodymium_Modem » Tue Jul 19, 2011 9:44 pm UTC

Enokh wrote:As a troubleshooter for four public schools (it's a small district -- 2100 kids or so), this thread has brought me great joy.


... Mr. Kapetsky?
Neodymium_Modem
 
Posts: 6
Joined: Sun Apr 24, 2011 3:16 pm UTC

Re: My school fails at computer security...

Postby nathanrael » Tue Aug 16, 2011 4:41 pm UTC

Alright, so here's the down-low on my school's tech department. This past year, I've been pretty good friends with my school's computer teacher. I had an hour of "independent study" under him where I basically chilled in the lab and did nothing unless something needed to be fixed with the computers. I now know all the important passwords; BIOS, DeepFreeze, etc etc.

So, I learned to re-image computers (we use an outdated version of Norton Ghost). I learned about how underfunded our tech programs are; that teacher was essentially the building's only tech support (which wasn't part of his job). I discovered how to access the admin login page of our network filter, as the district uses Fortiguard. I never managed to get in, but I will this year. Aside from that stuff, I eventually set up an SSH server on my home computer and set up PuTTY on my flash drive along with a couple other modifications and had myself a little secured tunnel for my internet traffic. I still have to set it back up so I can use it with my new laptop this year.

I never really did anything malicious, even though the tools are there. I would like to set up some type of non-harmful senior prank, but *meh*. I'll probably crack the password for the wireless network, since it's useful to have around.

I'll edit this post if I think of anything else.
User avatar
nathanrael
 
Posts: 4
Joined: Tue Aug 16, 2011 2:28 am UTC
Location: Lurking.

Re: My school fails at computer security...

Postby csssuf » Fri Aug 19, 2011 3:03 am UTC

My high school has pretty decent computer security. The computer systems are all student-run and student-administrated, and most of our systems are Linux (the workstations in the main lab are Gentoo). Thus, there's more "creativity" in how the admins can and do implement security. They're also good at what they do since I go to a science & tech school. However, there's not much need for some common areas of school computer security. All but the worst of websites are accessible, and the Wi-Fi is freely available, and in fact is meant to be used, since many students bring their own laptops to school. We're allowed to play games before school and during lunch in the main computer lab, and computer usage regulations are overall very reasonable. There is a Windows system, which is partly run by a staff member, but the student admins do most of the work. Nearly everything computer related is run by the students: the website, the Intranet (for announcements and signing up for activities), and the webmail service. There's even a mirror with quite a few Linux distro builds. We do have access to command prompt, task manager, and the C:/ drive on the Windows computers, but as far as I know there's never been a reason not to.
Overall, the computer systems at my school are well run and the users are educated and mature.
User avatar
csssuf
 
Posts: 5
Joined: Thu Aug 11, 2011 2:46 pm UTC

Re: My school fails at computer security...

Postby GenericAnimeBoy » Fri Aug 19, 2011 4:24 pm UTC

csssuf wrote:My high school has pretty decent computer security. The computer systems are all student-run and student-administrated, and most of our systems are Linux (the workstations in the main lab are Gentoo). Thus, there's more "creativity" in how the admins can and do implement security. They're also good at what they do since I go to a science & tech school. However, there's not much need for some common areas of school computer security. All but the worst of websites are accessible, and the Wi-Fi is freely available, and in fact is meant to be used, since many students bring their own laptops to school. We're allowed to play games before school and during lunch in the main computer lab, and computer usage regulations are overall very reasonable. There is a Windows system, which is partly run by a staff member, but the student admins do most of the work. Nearly everything computer related is run by the students: the website, the Intranet (for announcements and signing up for activities), and the webmail service. There's even a mirror with quite a few Linux distro builds. We do have access to command prompt, task manager, and the C:/ drive on the Windows computers, but as far as I know there's never been a reason not to.
Overall, the computer systems at my school are well run and the users are educated and mature.


Wow, a school that doesn't fail at computer security. I'm impressed!
In light of the impermanence and absurdity of existence, I surmise that nothing is better for us than to rejoice and to do good in our lives, and that everyone should eat and drink and enjoy the good of his/her labor. Such enjoyment is a gift from God.
User avatar
GenericAnimeBoy
 
Posts: 372
Joined: Tue Feb 01, 2011 1:33 pm UTC
Location: Houston, TX

Re: My school fails at computer security...

Postby cjmcjmcjmcjm » Sat Aug 20, 2011 6:22 am UTC

csssuf wrote:My high school has pretty decent computer security. The computer systems are all student-run and student-administrated, and most of our systems are Linux (the workstations in the main lab are Gentoo). Thus, there's more "creativity" in how the admins can and do implement security. They're also good at what they do since I go to a science & tech school. However, there's not much need for some common areas of school computer security. All but the worst of websites are accessible, and the Wi-Fi is freely available, and in fact is meant to be used, since many students bring their own laptops to school. We're allowed to play games before school and during lunch in the main computer lab, and computer usage regulations are overall very reasonable. There is a Windows system, which is partly run by a staff member, but the student admins do most of the work. Nearly everything computer related is run by the students: the website, the Intranet (for announcements and signing up for activities), and the webmail service. There's even a mirror with quite a few Linux distro builds. We do have access to command prompt, task manager, and the C:/ drive on the Windows computers, but as far as I know there's never been a reason not to.
Overall, the computer systems at my school are well run and the users are educated and mature.

A school with half-decent policies! I'm astounded!
frezik wrote:Anti-photons move at the speed of dark

DemonDeluxe wrote:Paying to have laws written that allow you to do what you want, is a lot cheaper than paying off the judge every time you want to get away with something shady.
User avatar
cjmcjmcjmcjm
 
Posts: 1122
Joined: Tue Jan 05, 2010 5:15 am UTC
Location: Anywhere the internet is strong

Re: My school fails at computer security...

Postby Internetmeme » Sun Sep 11, 2011 7:09 pm UTC

Here I am, in the middle of my senior year. I'll post some things in my district this year:

-There are at least two networks: the general school network and computer labs (possibly are split for a third) and the library network. Both have differing settings. The teacher in a computer class has limited ability to control program access via a program called SyncronEyes.
-----Windows explorer can access the C drive and rename files. You can use this to rename various SyncronEyes dlls and disable it. This will give you more control over your system. If the teacher is paying attention, he might notice depending on what you do.
-----Renaming any exe to a common exe, such as calc.exe or iexplore.exe, will allow you to run it. I use this to play Dwarf Fortress :P
-The Band Room has the computer with the least security in the school. A side room off the main band room has the music library. In this library is a computer with passwords for internet use and logon to the computer. No teacher watches this, and students in there don't really care.
-----Any program can be run, any setting changed, and any software installed. The only catch is that the internet is censored like the rest of the school network. In a nutshell, your home computer on XP with admin hooked up to a censored internet.
-The district's "mobile lab" (read: "a set of laptops we purchased because we didn't want to buy new computers for every school in the district, so we share them with the various schools like a mobile computer lab") computers are places where you have slightly more control over your computer. I decided to be a jerk one day and generated a 17,000-ish hertz sine wave, a la mosquito tone. Quickly turned it off, since I only wanted to see if I could do it.


And they took off Google Cache! You used to be able to bypass the search filter by clicking google's Cached Page.
But there is something worse: You have to use Bing for image searches. FUCKING BING. What sort of sadistic individual would force people to use this horrid website when better alternatives like Google images are available for use? And they've done it in a painful way too, that gives you a false sense of hope: It's perfectly alright to go to images.google.com, or click the images link anywhere on google. The moment you type a search query into the images searchbar though, it redirects you to Microsoft's newest failure.
You are now breathing manually.
Also, you just lost a certain Game...

Spoiler:
Image
Image
User avatar
Internetmeme
 
Posts: 1388
Joined: Fri Jul 25, 2008 3:16 pm UTC
Location: South Carolina, USA

Re: My school fails at computer security...

Postby nehpest » Sun Sep 11, 2011 7:19 pm UTC

Internetmeme wrote:I decided to be a jerk one day


I don't mean to call you out specifically (in fact, I wouldn't say you did anything jerkish at all), but roughly 50% of this thread can be summed up in those 8 words.
Kewangji wrote:Someone told me I need to stop being so arrogant. Like I'd care about their plebeian opinions.

blag
User avatar
nehpest
 
Posts: 520
Joined: Fri Jun 12, 2009 9:25 pm UTC

Re: My school fails at computer security...

Postby Steax » Tue Sep 13, 2011 8:05 am UTC

Internetmeme wrote:... via a program called SyncronEyes.


A bit of a tangent, but why do software companies love making punny names? I mean, what were they thinking? Synchronize... Eyes... Synchron.. Eyes... eheheheheheh

This thread is quite informative of telling me what to look out for, if one day I run a school computer lab/network.
In Minecraft, I use the username Rirez.
User avatar
Steax
SecondTalon's Goon Squad
 
Posts: 3037
Joined: Sat Jan 12, 2008 12:18 pm UTC

Re: My school fails at computer security...

Postby maxh » Wed Sep 14, 2011 8:02 pm UTC

So far I've noticed only two thinsg:
1) The library computers are set up with a modal custom-built application at startup to ask what you're doing. This application is EXTREMELY FUCKING SLOW. Fortunately, it doesn't take up the entire screen, so it's possible to open a command line and kill it. (And computers outside of the library don't have it in the first place, so I just use those.)
2) It's not possible to log off or lock any computer. Only shutdown and restart are available. Probably a badly-planned energy saving idea.
maxh
 
Posts: 66
Joined: Thu Jul 22, 2010 12:14 am UTC

Re: My school fails at computer security...

Postby Darryl » Thu Nov 10, 2011 6:57 pm UTC

At my high school, they used Novell NetWare with an alternative environment in an attempt to forestall shenanigans. It doesn't really work.

For example, since you couldn't open Windows Explorer, you couldn't run programs they didn't want you to easily (and you couldn't use IE, either. We had Netscape Navigator 4.0 - when it was new, in 2000). You could, however, use Lotus Notes, or 1-2-3, and the open file dialog, changing the field to all files, to find the Netscape preferences file, move it to a different folder (so you could move it back after), to remove the net filter. Which you had to do if you wanted to get any real research done, as the filter was a very dumb one.
yurell wrote:We need fewer homoeopaths, that way they'll be more potent!
Darryl
 
Posts: 327
Joined: Mon Sep 22, 2008 2:32 pm UTC

Re: My school fails at computer security...

Postby Internetmeme » Wed Nov 16, 2011 3:04 am UTC

And, ladies and gents, here it comes!
They've finally decided it's worthwhile to upgrade to Windows 7, plus we're getting new hardware.

The upgrade to 7 is a colossal fucking waste of money. I can see getting new hardware, but everything that can be done on 7 can be done on XP (within reason of a public school environment). The school had to lay off teachers not even six months ago, the county has raised the price of lunch, yet they now have the money to pay for brand new computers when the old ones were sufficient? That's just a slap in the face to the faculty.

Glad I'm a senior who won't have to deal with it next year! :mrgreen:
You are now breathing manually.
Also, you just lost a certain Game...

Spoiler:
Image
Image
User avatar
Internetmeme
 
Posts: 1388
Joined: Fri Jul 25, 2008 3:16 pm UTC
Location: South Carolina, USA

Re: My school fails at computer security...

Postby csssuf » Wed Nov 16, 2011 3:17 am UTC

The hardware at my school is so varying...most boxes are on Core 2 Duos. A few new computers in the main lab have i5's (i think second generation), but I think a few boxes around the school are still on Pentiums. However, the servers are kick-ass. Here's a nice page of info about our servers: http://www.tjhsst.edu/admin/livedoc/index.php/Main_Page
I can't use [url], so...
User avatar
csssuf
 
Posts: 5
Joined: Thu Aug 11, 2011 2:46 pm UTC

Re: My school fails at computer security...

Postby nehpest » Wed Nov 16, 2011 3:55 am UTC

Internetmeme wrote:And, ladies and gents, here it comes!
They've finally decided it's worthwhile to upgrade to Windows 7, plus we're getting new hardware.

The upgrade to 7 is a colossal fucking waste of money. I can see getting new hardware, but everything that can be done on 7 can be done on XP (within reason of a public school environment). The school had to lay off teachers not even six months ago, the county has raised the price of lunch, yet they now have the money to pay for brand new computers when the old ones were sufficient? That's just a slap in the face to the faculty.

Glad I'm a senior who won't have to deal with it next year! :mrgreen:

Not to sneeze in your Cheerios, but many publicly funded schools get grants that they can only use on new technology; they buy new computers or it goes away, essentially. One then makes a case for "why no grants for faculty development and retention", but that's another rant.
Kewangji wrote:Someone told me I need to stop being so arrogant. Like I'd care about their plebeian opinions.

blag
User avatar
nehpest
 
Posts: 520
Joined: Fri Jun 12, 2009 9:25 pm UTC

Re: My school fails at computer security...

Postby Kick » Thu Nov 17, 2011 7:38 am UTC

I liked our schools security. It seemed as if the tech crew there purposely set it up so that people who didn't know how couldn't get past the filter, but anyone who really wanted to could. For instance, simply running Firefox off of a flash drive got past Websense (their filter) because the settings to connect through it had to be set in the browser. Of course, there were sneakier ways, namely running Firefox off of a microSD card which never caught any attention.

Yeah, looking back on it I got away with way too much. Having friends in IT goes a long way (I worked there one summer)...I had a staff account in my Senior year, which made the whole process of evading the filter (which was a pain in the ass) a lot easier.
User avatar
Kick
 
Posts: 112
Joined: Thu Nov 17, 2011 6:24 am UTC
Location: Pennsylvania

Re: My school fails at computer security...

Postby d0nk3y_k0n9 » Sat Dec 10, 2011 7:01 pm UTC

My high school (this was a few years ago now) had a system set up where every computer had a "Student" account with essentially zero privileges (you basically couldn't modify anything or save anything to the computer) and then an account on the server for each student and each teacher. The students' accounts and most of the teachers' accounts had normal privileges with some restrictions on the students' accounts; some of the teachers, those who worked in IT or anything related, had full administrator privileges on not only every computer but also on the server. However, the "root" account (they were running Mac OSX) was not enabled at all. A friend and I were able to go in through a backdoor in single user mode and enable the root account, setting its password to whatever we want. We then gave the generic "Student" account on a few of the computers-- the ones we sat at in AP CS class-- full admin privileges. Now, we were unable to affect anything on the network, so we weren't creating any significant problems on the overall system. We just removed the restrictions on the "Student" accounts on our computers so that we could access anything on those individual machines.

Eventually, the IT department caught on because we were dumb enough to disable their ability to remotely access those two computers-- we did it so they couldn't see that they were playing games--which they discovered when they tried to install an update. They were able to track it to us based on timestamps and on the fact that we were the only ones using those machines with the knowledge to do something like this. We managed to get out of trouble because:
a) We were just messing around trying to see what we could do and didn't do anything malicious.
b) We told them what we had done and how we had done it so they could prevent it in the future (although I don't think they ever did anything about it).
c) Our school's assistant principal's brother works for the NSA, and his job is to try to break into government computer systems so they can learn how to prevent such attacks. As a result, the assistant principal thought that what we were doing was awesome.




Another time, in middle school (I think we were in sixth grade), someone discovered that you could screw up people's dropboxes on the server by creating random files (either word documents or empty folders) each with different names, then copying them a bajillion times and sending them to people... basically making it very difficult for them to find anything in their dropbox. Of course, this is easy to get around and not that creative, but at the time it seemed like a great way to prank each other. It was fine, until it got out of hand when someone else heard about it and started doing it to random people who weren't in on it. Then the school got a little bit pissed.


TL;DR: In middle school I was an annoying prankster but didn't do anything special, while in high school I got out of trouble beacuse my school's assistant principal is cool.
d0nk3y_k0n9
 
Posts: 97
Joined: Sun May 03, 2009 4:27 pm UTC

Re: My school fails at computer security...

Postby Pingouin7 » Thu Feb 16, 2012 2:33 pm UTC

Last year:

- We were able to install Ubuntu on the computers by simply putting the CD in the DVD drive and it would install. We could have done a lot with this, but we just used it for school work which required Linux. We made only one account and made it password-protected (even though people could still get in if they knew the right thing.)
Ironically, we were trying to figure out the admin password. We could have used Linux to do that sticky keys trick.
- There was a server we could access to store files. I put useful stuff like FireFox, Notepad++ and such, which wouldn't really matter if they were deleted, but the thing is, many students were asked to put their work on here because we couldn't save our stuff on the school's computers themselves. But everyone had full rights to anything people would put on there. Eventually, someone selected every file and renamed each of them to something stupid. Then we made tons of shortcuts of Recycle Bin and put them all in a folder.
We also made a program that repeatedly wrote "Grove Street Forever " in a file, which would fill up ~5GB of space in about an hour (We deleted those later, though.)
- "shutdown -i" wasn't blocked. Fun times. We didn't really abuse it, though. Mostly used it to remotely shut down computers that other students "forgot" to shut down at the end of the class.
- There was a huge flaw in the school's website that allowed people to find anyone's password. It had been abused by two people I know, then the school found out, threatened to get the police onto this case, then they had to write letters to apologize for that.
- Control Panel was disabled, but it could easily be re-enabled through Regedit. This had a side effect of enabling "Right-click --> Properties" virtually anywhere as well.
- We weren't able to change the background wallpaper, even after re-enabling Control Panel. However, we could change the background with Regedit (HKCU/Control Panel/Desktop/Wallpaper/) then refreshing the Desktop. I used to change the student account's image (the one that shows up when you attempt to login), though it only had an effect on the current computer.
- We could get the school's WPA key by just running WirelessKeyView on a computer connected to the Wi-Fi. At first, only a select few knew of this, but eventually, someone found out and it spread so fast that after a while, everyone knew about it.
Dason wrote:
Kewangji wrote:I confess I am actually scared of peanuts, and tend to avoid them, given how lethal they are to some people.

I'm not. I do my part in the fight against peanuts by destroying them with my powerful teeth. Take that peanut! How does being digested feel!?
Pingouin7
 
Posts: 85
Joined: Thu Oct 27, 2011 4:50 pm UTC
Location: ~/

Re: My school fails at computer security...

Postby ahammel » Thu Feb 16, 2012 5:38 pm UTC

Not sure it counts as "school", but anyway...

Some time before I started working at my lab, somebody password-guessed their way into one of our machines via ssh. Their solution to this was to unplug all the computers at night. Not shutdown. Unplug.

I assume they changed the passwords as well, but *facepalm*.
Glendower wrote:I can call spirits from the vasty deep.
Hotspur wrote: Why, so can I, or so can any man;
But will they come when you do call for them?
User avatar
ahammel
My Little Cabbage
 
Posts: 1561
Joined: Mon Jan 30, 2012 12:46 am UTC
Location: Vancouver BC

PreviousNext

Return to School

Who is online

Users browsing this forum: No registered users and 2 guests