My school fails at computer security...

The school experience. School related queries, discussions, and stories that aren't specific to a subject.

Moderators: gmalivuk, Moderators General, Prelates

User avatar
WillShowalter
Posts: 8
Joined: Mon Jul 19, 2010 3:48 am UTC
Location: Palmer, AK
Contact:

Re: My school fails at computer security...

Postby WillShowalter » Thu Jul 22, 2010 2:06 am UTC

squareroot wrote:PHP Proxies are so fun; Just put a file on your website, and boom. If they block it, then there are at least twenty places you can register another domain for that sole purpose, for free. :-)

(Note: I've been having some trouble getting to mine work. Advice would be appreciated.)

Finding some good proxy sites was enough to turn me into a hero. :)


In 8th grade I ran a CGI web proxy on my home computer (just with dyndns and port forwards). I don't remember exactly what it was, but I do remember spending a great deal of time figuring out how to get it to encode the URL (so it didn't have the site name you were trying to visit in it). I was a god that year.
William Showalter
IT Field Technician and full time Student
CCENT
Comptia A+

User avatar
hintss
Posts: 1294
Joined: Wed Nov 25, 2009 7:19 am UTC
Contact:

Re: My school fails at computer security...

Postby hintss » Thu Jul 22, 2010 11:52 am UTC

forgot to say, they use aruba equipment for the wifi, and I know its authenticated by MAC, but the LAN dosen't use any authentification if you just plug in your netbook. not sure where the aruba gear is in the network map.

next year should be fun, what with netdiscover, macchanger, nmap, and aircrack... :twisted: no more asking others to log into the wifi for me! (the aruba user database was connected to the novell one)

as a sidenote, they shouldn't've permabanned me over a logout script they gave me permision to write. and yes, they know I use Linux.

paramecium
Posts: 20
Joined: Mon Jun 21, 2010 10:58 pm UTC

Re: My school fails at computer security...

Postby paramecium » Mon Jul 26, 2010 10:21 pm UTC

My school was pretty tight at security, the bios was locked out, booting from anywhere bar the hdd was not allowed, .bat and .cmd files were blocked, the filter was pretty tight, it blocked .exe files from being downloaded or run etc.

Untill I discovered that if you boot it up then press the reset button, you can boot into safe mode with networking. Hey presto, command prompt and the ability to play quake etc.

Needless to say, according to my teacher, my last year at the school was "wasted".

Code: Select all

//

User avatar
hintss
Posts: 1294
Joined: Wed Nov 25, 2009 7:19 am UTC
Contact:

Re: My school fails at computer security...

Postby hintss » Wed Jul 28, 2010 4:39 pm UTC

lol

User avatar
hintss
Posts: 1294
Joined: Wed Nov 25, 2009 7:19 am UTC
Contact:

Re: My school fails at computer security...

Postby hintss » Wed Jul 28, 2010 11:31 pm UTC

paramecium wrote:My school was pretty tight at security, the bios was locked out, booting from anywhere bar the hdd was not allowed, .bat and .cmd files were blocked, the filter was pretty tight, it blocked .exe files from being downloaded or run etc.

Untill I discovered that if you boot it up then press the reset button, you can boot into safe mode with networking. Hey presto, command prompt and the ability to play quake etc.

Needless to say, according to my teacher, my last year at the school was "wasted".

press & hold F8 between BIOS and Windows splash screen

MysteryBall
Posts: 314
Joined: Wed Jul 29, 2009 2:47 pm UTC

Re: My school fails at computer security...

Postby MysteryBall » Thu Jul 29, 2010 9:43 am UTC

WillShowalter wrote:
squareroot wrote:PHP Proxies are so fun; Just put a file on your website, and boom. If they block it, then there are at least twenty places you can register another domain for that sole purpose, for free. :-)

(Note: I've been having some trouble getting to mine work. Advice would be appreciated.)

Finding some good proxy sites was enough to turn me into a hero. :)


In 8th grade I ran a CGI web proxy on my home computer (just with dyndns and port forwards). I don't remember exactly what it was, but I do remember spending a great deal of time figuring out how to get it to encode the URL (so it didn't have the site name you were trying to visit in it). I was a god that year.


My site I actually had whitelisted for GCSE purposes.

I stuck a PHP proxy on it, needless to say, until we installed suPHP on the server and I couldn't be bothered to fix the proxy.

Fun times.

User avatar
hintss
Posts: 1294
Joined: Wed Nov 25, 2009 7:19 am UTC
Contact:

Re: My school fails at computer security...

Postby hintss » Thu Jul 29, 2010 9:57 pm UTC

and facebook thlough https... :D

Glmclain
Posts: 442
Joined: Thu May 20, 2010 12:51 pm UTC

Re: My school fails at computer security...

Postby Glmclain » Fri Jul 30, 2010 7:09 pm UTC

hintss wrote:and facebook thlough https... :D


My principal claims that's "hacking the server" and if you get caught you'll be suspended.

So we just never got caught :P
You Samoans are all the same! You have no faith in the essential decency of the white man's culture!

User avatar
hintss
Posts: 1294
Joined: Wed Nov 25, 2009 7:19 am UTC
Contact:

Re: My school fails at computer security...

Postby hintss » Fri Jul 30, 2010 9:07 pm UTC

I'm thinking of using one of my failservers as a ssh proxy :twisted:

User avatar
gear-guy
Posts: 22
Joined: Thu May 06, 2010 6:05 pm UTC
Location: Edinburgh-ish, Scotland

Re: My school fails at computer security...

Postby gear-guy » Fri Jul 30, 2010 10:09 pm UTC

I swear our security is getting tighter, even my computing teacher agrees its bad. he's actually encouraging me to find ways around it, which should be fun, the holidays kinda got in the way of that. When i go back theres a 90% chance all of my stuff i've done on it will be gone and the sysadmin will be having words with me. I've never met the admin yet, thats probably a good thing...
Last edited by gear-guy on Sat Jul 31, 2010 8:20 pm UTC, edited 1 time in total.

User avatar
cjmcjmcjmcjm
Posts: 1158
Joined: Tue Jan 05, 2010 5:15 am UTC
Location: Anywhere the internet is strong

Re: My school fails at computer security...

Postby cjmcjmcjmcjm » Sat Jul 31, 2010 3:40 am UTC

gear-guy wrote:I swear our security is getting tighter, even my computing teacher sagrees its bad. he's actually encouraging me to find ways around it, which should be fun, the holidays kinda got in the way of that. When i go back theres a 90% chance all of my stuff i've done on it will be gone and the sysadmin will be having words with me. I've never met the admin yet, thats probably a good thing...

Had a similar problem my senior year. One of my friends DoS'd the school's server on the first day, just to mess with them and didn't get caught. We also used the school's server to host our game of Starcraft. Naturally, this class was AP CS
frezik wrote:Anti-photons move at the speed of dark

DemonDeluxe wrote:Paying to have laws written that allow you to do what you want, is a lot cheaper than paying off the judge every time you want to get away with something shady.

MysteryBall
Posts: 314
Joined: Wed Jul 29, 2009 2:47 pm UTC

Re: My school fails at computer security...

Postby MysteryBall » Tue Aug 03, 2010 8:51 pm UTC

gear-guy wrote:I swear our security is getting tighter, even my computing teacher agrees its bad. he's actually encouraging me to find ways around it, which should be fun, the holidays kinda got in the way of that. When i go back theres a 90% chance all of my stuff i've done on it will be gone and the sysadmin will be having words with me. I've never met the admin yet, thats probably a good thing...


Our sysadmin I met on rather iffy terms, as in when I was asking to install a Debian server on the network to use PHPBB3 as a forum in place of the school VLE forum, which is horrible.

Since then, I began working with them a lot, and gained their trust. And this is how I got the WiFi password, by being left unsupervised with an Ubuntu netbook and knowledge of how to access root.

User avatar
hintss
Posts: 1294
Joined: Wed Nov 25, 2009 7:19 am UTC
Contact:

Re: My school fails at computer security...

Postby hintss » Tue Aug 03, 2010 11:01 pm UTC

Cue wrote:
gear-guy wrote:I swear our security is getting tighter, even my computing teacher agrees its bad. he's actually encouraging me to find ways around it, which should be fun, the holidays kinda got in the way of that. When i go back theres a 90% chance all of my stuff i've done on it will be gone and the sysadmin will be having words with me. I've never met the admin yet, thats probably a good thing...


Our sysadmin I met on rather iffy terms, as in when I was asking to install a Debian server on the network to use PHPBB3 as a forum in place of the school VLE forum, which is horrible.

Since then, I began working with them a lot, and gained their trust. And this is how I got the WiFi password, by being left unsupervised with an Ubuntu netbook and knowledge of how to access root.

once, I also wanted the admins to let me install a ubuntu server on the network running a phpbb forum to replace their blackboard forum, which is horrible.

and they practically leased me a desktop, which is practically the most powerful in the school, and pretty much only me used it...

and I spent approx. 2 hours a day on it. after liek a year of finding security vulnerabilities for them, and loopholes in the web filter, and showing them new things that could be done with their technology. then they permaban me over a logout script. which they had given me permission to write. 2 weeks ahead of time. you can still get a shell prompt on the server remotely. you can still complain of the horrible performance on the multi-user systems. you can still tell the nonlistening admins that they have more computers in the storage room. and you know what? they'll just ignore you then complain about budget cuts. and you can still ask for the user manual of the library management software. and guess what? it has the admin passwords written in it. (actually, I still kept my copy :twisted: ) and you can still get to the network distribution rack by going through an unlocked (though it has a lock) and unsupervised door.

VDOgamez
Posts: 122
Joined: Tue May 06, 2008 1:49 am UTC

Re: My school fails at computer security...

Postby VDOgamez » Wed Aug 18, 2010 5:29 pm UTC

At my school, there's some huge flaw in the security. If you go into command prompt, you can enter

Code: Select all

net user administrator admin
and it sets the computer's administrator password to "admin". From there you can get to the administrative account and do all sorts of fun stuff. :mrgreen:
Also, batch files can be opened freely, so there's always the possibility for fun there.

Revolution0
Posts: 12
Joined: Mon Oct 19, 2009 5:06 am UTC

Re: My school fails at computer security...

Postby Revolution0 » Sun Aug 22, 2010 4:47 am UTC

gear-guy wrote:I swear our security is getting tighter, even my computing teacher agrees its bad. he's actually encouraging me to find ways around it, which should be fun, the holidays kinda got in the way of that. When i go back theres a 90% chance all of my stuff i've done on it will be gone and the sysadmin will be having words with me. I've never met the admin yet, thats probably a good thing...

Our school just put a new policy out, and to put it lightly, the thing is hellish. I've uploaded a copy of it (with the school redacted, I don't want to violate the no negative use of the school district name clause). Notable parts are highlighted in yellow. The big part being that all students are REQUIRED to agree to a legally binding contract.

https://docs.google.com/fileview?id=0Bx ... ODEz&hl=en

Best of luck to you, hopefully your school doesn't end up like ours. We make Lower Merion look free. (Their new policy is actually quite fair though.)

User avatar
WillShowalter
Posts: 8
Joined: Mon Jul 19, 2010 3:48 am UTC
Location: Palmer, AK
Contact:

Re: My school fails at computer security...

Postby WillShowalter » Sun Aug 22, 2010 5:08 am UTC



I'm not sure if its because I'm on a mobile device or because you don't have that document shared, but when I click the link it just takes me to my google docs account.
William Showalter
IT Field Technician and full time Student
CCENT
Comptia A+

User avatar
Eseell
Posts: 789
Joined: Sun Feb 21, 2010 6:58 am UTC
Location: WA

Re: My school fails at computer security...

Postby Eseell » Sun Aug 22, 2010 5:41 am UTC

Revolution0 wrote:
gear-guy wrote:I swear our security is getting tighter, even my computing teacher agrees its bad. he's actually encouraging me to find ways around it, which should be fun, the holidays kinda got in the way of that. When i go back theres a 90% chance all of my stuff i've done on it will be gone and the sysadmin will be having words with me. I've never met the admin yet, thats probably a good thing...

Our school just put a new policy out, and to put it lightly, the thing is hellish. I've uploaded a copy of it (with the school redacted, I don't want to violate the no negative use of the school district name clause). Notable parts are highlighted in yellow. The big part being that all students are REQUIRED to agree to a legally binding contract.

https://docs.google.com/fileview?id=0Bx ... ODEz&hl=en

Best of luck to you, hopefully your school doesn't end up like ours. We make Lower Merion look free. (Their new policy is actually quite fair though.)

I glanced through this policy and it's pretty standard fare. If you ever work at any corporation large enough to have a separate legal department or network security team then you can expect to see something very similar*, including all the bits about personal electronics.

*or, more likely, even more restrictive.
"Math is hard work and it occupies your mind -- and it doesn't hurt to learn all you can of it, no matter what rank you are; everything of any importance is founded on mathematics." - Robert A. Heinlein

Revolution0
Posts: 12
Joined: Mon Oct 19, 2009 5:06 am UTC

Re: My school fails at computer security...

Postby Revolution0 » Sun Aug 22, 2010 8:31 am UTC

Eseell wrote:
Revolution0 wrote:
gear-guy wrote:I swear our security is getting tighter, even my computing teacher agrees its bad. he's actually encouraging me to find ways around it, which should be fun, the holidays kinda got in the way of that. When i go back theres a 90% chance all of my stuff i've done on it will be gone and the sysadmin will be having words with me. I've never met the admin yet, thats probably a good thing...

Our school just put a new policy out, and to put it lightly, the thing is hellish. I've uploaded a copy of it (with the school redacted, I don't want to violate the no negative use of the school district name clause). Notable parts are highlighted in yellow. The big part being that all students are REQUIRED to agree to a legally binding contract.

https://docs.google.com/fileview?id=0Bx ... ODEz&hl=en

Best of luck to you, hopefully your school doesn't end up like ours. We make Lower Merion look free. (Their new policy is actually quite fair though.)

I glanced through this policy and it's pretty standard fare. If you ever work at any corporation large enough to have a separate legal department or network security team then you can expect to see something very similar*, including all the bits about personal electronics.

*or, more likely, even more restrictive.


The primary issue being that our school has a tendency to be a bit... overbearing with control. Our school's IT admin has threatened multiple people with suspension for possession of source code (a java-based IRC blackjack bot, command line calculator, and an email client were considered to be in violation of policy), and at this point, our computer science department consists of one web design class. Allowing students to test code is just too dangerous... :roll: The other big part being that this isn't a large corporation. It's a school with 1,100 people in it.

User avatar
hintss
Posts: 1294
Joined: Wed Nov 25, 2009 7:19 am UTC
Contact:

Re: My school fails at computer security...

Postby hintss » Sun Aug 22, 2010 1:26 pm UTC

page 6

"The School District reserves the right, but not the duty, to monitor, track, log, access
and report all use of the School District’s CIS systems and School District electronic
devices, as well as use by School District employees and students, of any personal
electronic devices on School District premises or at School District events,
connected to the School District network, and/or containing School District
programs or data (including images, files, and other information)"

"4) Cyberbullying.

Access or transmit gambling, pools for money, or any other betting or
games of chance."

one of the definitions in cyberbullying

"Transmitting electronic communications anonymously or under an alias
unless authorized by the School District."

wut??

ours fit on an index card

User avatar
gear-guy
Posts: 22
Joined: Thu May 06, 2010 6:05 pm UTC
Location: Edinburgh-ish, Scotland

Re: My school fails at computer security...

Postby gear-guy » Tue Aug 31, 2010 5:37 pm UTC

Revolution0 wrote:
gear-guy wrote:I swear our security is getting tighter, even my computing teacher agrees its bad. he's actually encouraging me to find ways around it, which should be fun, the holidays kinda got in the way of that. When i go back theres a 90% chance all of my stuff i've done on it will be gone and the sysadmin will be having words with me. I've never met the admin yet, thats probably a good thing...

Our school just put a new policy out, and to put it lightly, the thing is hellish. I've uploaded a copy of it (with the school redacted, I don't want to violate the no negative use of the school district name clause). Notable parts are highlighted in yellow. The big part being that all students are REQUIRED to agree to a legally binding contract.

https://docs.google.com/fileview?id=0Bx ... ODEz&hl=en

Best of luck to you, hopefully your school doesn't end up like ours. We make Lower Merion look free. (Their new policy is actually quite fair though.)

19 pages? ours is like 4, and no one cares if you dont sign it, but it's actually quite heavily enforced other than that. I think i'll upload a scan of it for comparison.

EDIT: heres our agreement, if bits of it dont make sense, thats because of my OCR software :roll:
EDIT 2: putting the link might help: https://docs.google.com/fileview?id=0By ... YjU0&hl=en :oops:

User avatar
hintss
Posts: 1294
Joined: Wed Nov 25, 2009 7:19 am UTC
Contact:

Re: My school fails at computer security...

Postby hintss » Tue Aug 31, 2010 6:57 pm UTC

ours is half a page, and essentially, its use it anly for educational purposes, follow all instructions, and no goofing off, all penalties to be decided based on the offense.

User avatar
Dopefish
Posts: 855
Joined: Sun Sep 20, 2009 5:46 am UTC
Location: The Well of Wishes

Re: My school fails at computer security...

Postby Dopefish » Wed Sep 01, 2010 5:24 am UTC

I don't really approve of taking advantage of school security. It's a school (and from the sounds of things, a high school/juinor high), not a bank or something, so I wouldn't expect them to have particularly strong security.

That said, I did tend to explore what I 'could' do throughout the years.

Elementary school: I don't think we had internet, and so I don't think the computers were even networked. I knew how to use DOS, so I was the 'computer guru' that the teachers turned to, and basicly I could do whatever. The library computers were slightly better and were password protected in order to login and was perpetually supposed to stay within some book searching program. I ended up restarting one and discovering the password was needed, and the librian just told me the password, so yeah, no security in elementary land. Not that it was needed.

Junior high: I volunteered to help the tech guy with 'tech stuff', which mainly consisted of reinstalling windows a lot. The computers had Deepfreeze on them which always had to be disabled prior, so I eventually was just given the password. Later on, he ended up letting me use his account, which basicly equated to giving me admin powers in novell. Largely useless to my non-disruptive self. I did give myself infinite print credits, but I never printed much anyway so it didn't matter. Also of interest was that his password to his computer account was the same as to his admin account for our webmail service, which happened to display some students passwords uncensored. If I'd been so inclined, that could've been valuable information given so many people use the same password for everything. (Although 'school' was a pretty common password too.) Towards the end of my juinor high stay the school board technician visited, and he 'may' have left a binder containing the school-board account and password in it. It was left in the school's tech guy's room where students normally wouldn't be, and I'm sure the school board wouldn't have approved of the trust I'd been given, and so the school board never knew. Also, I could send messages to anyone, which wasn't normally allowed.

It never occured to me to explore teacher accounts for tests and the like, but I was getting 100's normally anyway. If any of the teachers did store tests and the like on their accounts though, I probably had access. Although, I have strong reason to believe that if I'd known how, I could have editted all of my final grades anyway.

High school: There was a computer acceptable use policy thing, I never got around to signing it. Some half page thing basicly in any case. For the most part much better security. Most sites were blocked, and more were blocked regularly, and they could apparently remotely monitor and close windows/send messages if someone was caught bypassing it. They wern't terribly vigilante though, so proxy avoidence usually worked, I only had my stuff closed down once. I eventually managed to guess the substitute teacher account password (schools mascot I believe), which had some limited access to stuff student's shouldn't have. This might have been useful, if I still didn't have access to the aforementioned school board technician account, which had access to everything. Most teachers made their tests/exams at home and/or kept them on a memory stick rather than their school accounts, but old editions that they were modifying into the ones they used were usually there, which may have given me a bit of advance warning on what sort of stuff I needed to know. I could see every student's grades too, which satisfied my curiosity about various people who tended to be tight lipped about their marks. I never let on I knew though, so I'm justifiying the invasion of privacy there with 'what they don't know can't hurt them'.

I could also remotely restart computers (run... cmd worked, and they didn't restrict much there), which was fun to play with. I'd always log myself on to the target computer first (by physically going to it and logging in) so as to be sure that I wouldn't disrupt anyones work, but the fact I 'could' amused me. This I ended up showing a couple other people (not how to do it, but that I could), and that probably wasn't wise. Apparently a couple other people figured out how to do it anyway, and some people ended up losing their computer account and were suspended for awhile. I wasn't linked to it.

You could also login as guest or student and such and browse anoymously, however this they did catch very regularly, so I didn't do it myself (as I could basicly be anonymous through the use of the various other accounts I had access to). Saw lots do it though.

In my last year, a vice principal approached me saying the tech guy had emailed her with a 'long list' of things I'd done wrong, and a recommendation that I be suspended for a very long time. I'm dissappointed that I never got to see that list, as I was quite careful about having things not linked to me (I don't think I ever did anything wrong on my proper student account, except perhaps proxy use, and even then a reasonable amount of the time it was so I could access forums that were actually academicly related to some degree (physicsforums, here, etc.). Anyway, since I had a 'good history' and similar such things, the vice principal (who incidently wasn't particularly computer literate) apparently chose to actually argue for a lesser punishment, and I ended up losing access to my student account for a couple weeks, and that's it. Incidently, that worked out great for giving me an excuse to not be able to work on a couple computer based in-class assignments, so I got to hang out with a couple friends as they did theirs. The school board tech account pass wasn't changed either (presumably meaning they didn't realise anyone had access to it, so I wasn't caught on that), so I just used it for my spare time computer usage so I basicly got away free.

University: No obvious holes, not willing to poke at it for holes. I'm paying money to go here, and they could quite easily just kick me out for messing with stuff, so trying seems stupid, no matter how sure I may be that I won't get caught.

They're not too restrictive though (no 'offensive' material in a publicly viewable area [which I notice doesn't forbid it outright, so I could in theory browse porn on my university account and not be doing anything wrong :| ], and don't pirate music [or anything else], as they can and will track you down) and as I'm not typical the piratey sort, nor do I have any strong desire to view any offensive material at school, it works out.

The most tempting thing is probably to get maple off the university computers, but depending on how loosely they determine "staff" I might be able to get it legitly from them anyway.



So, that's my longer than expected story of my history with school computer security. :P

User avatar
gear-guy
Posts: 22
Joined: Thu May 06, 2010 6:05 pm UTC
Location: Edinburgh-ish, Scotland

Re: My school fails at computer security...

Postby gear-guy » Wed Sep 01, 2010 4:51 pm UTC

i'm actually quite dissapointed in how little i've got done regarding school computers recently, both for fun and legitimate reasons. The most i've done is revisited a vb program i made last year that makes it look like there's something loading, before it didn't hold up to much inspection, but now it increases by 1% every minute, with 53 minute periods that should give me time to muck about.

one thing i am working on is a program that claims to be a web filter avoider, but in reality just "steals" their username and password. I'm actually making two versions, one working version that sends an email to an anonymous email adress on my server, and another that just displays the message "You've been hacked" with an explanation in the more info section about how you shouldn't trust programs from anonymous sources that ask for your password.

User avatar
hintss
Posts: 1294
Joined: Wed Nov 25, 2009 7:19 am UTC
Contact:

Re: My school fails at computer security...

Postby hintss » Wed Sep 01, 2010 6:47 pm UTC

I'm pretty sure I can just bring my netbook and ssh into a computer at home, then use that as an ssh tunnel. also, if they don't let me change my keyboard layout to dvorak (likely), I'll have legitimate reason to bring my netbook (assuming I'm not still banned, but then, I'll have another excuse) :D

also, I'm wondering if they'd let me change my login to 14ammdomaldjdlot :D (unlikely)

Selenaut
Posts: 3
Joined: Thu Sep 02, 2010 3:20 am UTC

Re: My school fails at computer security...

Postby Selenaut » Thu Sep 02, 2010 3:47 am UTC

You wan to hear some really suckish security?

A few years back, when me and most of my friends first got into messing with computers, it was easy to do almost anything on any of the computers, regardless of user status. When the teachers spotted one of the less diligent students screwing around with Desktop Stress Reducer ( simple program that stamps images on the screen to make it look damaged), they called in the tech officials at our school, and pretty much the entire county's security was revamped. It became impossible to install programs, put any foreign files on the desktop, and a few other annoying details that were extremely easy to work around. For example, even though I couldn't open cmd.exe, I could open the DOS and write functioning .bat files. The desktop problem was simple: put it in My Documents and you're good to go. And the installer block was easy as well: bring it from home or download a .zip file. I also heard that a while back a student at my HS tried to help improve school security on the computers, and they almost expelled him. Now they call a .bat that says "echo lol" hacking and it can get you expelled.

Since the security has been revamped, I've been doing speedrun exploits through the files to see just how well they really did revamp the security, and honestly, they really suck at their jobs. I mean, my friend got an IRC going and everyone in the entire class was on it. None of the teachers noticed. It really is pathetic.

User avatar
hintss
Posts: 1294
Joined: Wed Nov 25, 2009 7:19 am UTC
Contact:

Re: My school fails at computer security...

Postby hintss » Sun Sep 05, 2010 3:42 am UTC

I'm proabably still permabanned.

Netbook + nmap + netdiscover in 5, 4, 3...

Alx_xlA
Posts: 69
Joined: Fri Oct 30, 2009 11:22 pm UTC

Re: My school fails at computer security...

Postby Alx_xlA » Mon Sep 06, 2010 4:24 am UTC

My school has rather strong security on the computers. The BIOS is password protected, and boots from the network. The computers are set up so that My Computer, Command Prompt, Control Panel, et al. are forbidden, and we can't even change the desktop background (or right click on it, for that matter). We can't install software, and have access to exactly two drives: the F: "Student user" drive, which contains our personal folder, and the Q "Student data" drive, which is read-only. The internet connection is filtered (but not excessively), and the only way to get through it is with a VPN (Which is, of course, impossible on the computers because the network settings are inaccessible). The computers also have Deep Freeze, and cannot be shut down or logged off, merely restarted. They are also all contained in locked cabinets.

cjmcjmcjmcjm wrote:
Ouch.jars wrote:Also, people are snapping off the foldy-plastic-things that prop the keyboard up.

I can't stand it when people do that!

Consider yourself lucky. At my school, vandals have taken to prying off spacebars from keyboards and removing the metal rod that keeps it level. In order to type a space, you have to press it with both thumbs.
My signature contains forty-four characters.

User avatar
Ouch.jars
Posts: 101
Joined: Sat Jan 31, 2009 11:47 am UTC
Location: Adelaide, Australia

Re: My school fails at computer security...

Postby Ouch.jars » Mon Sep 06, 2010 11:31 am UTC

Alx_xlA wrote:
cjmcjmcjmcjm wrote:
Ouch.jars wrote:Also, people are snapping off the foldy-plastic-things that prop the keyboard up.

I can't stand it when people do that!

Consider yourself lucky. At my school, vandals have taken to prying off spacebars from keyboards and removing the metal rod that keeps it level. In order to type a space, you have to press it with both thumbs.


Oh, that's happened too (not as often, fortunately), but you just need to hit the spacebar firmly (got me a weird look from the teacher).

Last week, I found a keyboard with the Caps Lock, Escape ("There's no escape!", I joked), and half the numpad keys pried off.
ouchjars: putting the "pie" in "sapience" since '08

User avatar
rath358
The bone of my bone
Posts: 945
Joined: Wed Jan 14, 2009 6:02 am UTC
Location: west Camberville

Re: My school fails at computer security...

Postby rath358 » Mon Sep 06, 2010 2:04 pm UTC

This year, I have to use my laptop for one of my classes (31 students in class, 30 computers in lab).

I may try to make printing work over the wireless/remote desktop, but probably not much else. I probably won't even bother with avoiding websense very much, as I will probably tether my Android.

User avatar
RogerMurdock
Posts: 158
Joined: Mon Jul 27, 2009 10:35 pm UTC

Re: My school fails at computer security...

Postby RogerMurdock » Mon Sep 06, 2010 3:23 pm UTC

I had a really hilarious experience with my school near the end of my senior year last year. Basically they called me in on two different things, one was "skipping school" at the end of the day of a field trip, and the other was going to facebook. Facebook is blocked on the computers, but just to demonstrate to people in the class/teacher, I went to https://www.facebook.com and it was there just fine. I had done this maybe two months prior, hadn't even logged into facebook, so I found it confusing why there were just calling me on it now (with less than a month of school left no less). I still think they must have made some sort of mistake, they kept insinuating that I had like hacked into the network and was using facebook habitually. I denied this...but I had gone onto facebook at some point I knew so I didn't argue too vigorously. They told me "my computer privileges would be suspended for a week" but that mysteriously never happened. I kept waiting for my logon not to work...but it was fine. Maybe they went back and realized they had the wrong guy?

The "skipping school" shit was ridiculous though. I had left 15 minutes early after getting back from a class field trip, instead of signing in, going back to class, finishing the movie we were watching...which probably would have been over by the time I walked back there. I just went home, as did about 10 other people in the class. The teacher waved good bye to me as I drove away (though strictly he wasn't supposed to do this, so I couldn't have him support me). Evidently the only reason they knew anything about it was because they had tried to call me down to talk to me about the facebook offense and I wasn't there. So lol. They tried to give in-school suspension initially, but I told them to go to hell (just not in so many words) and got it reduced to saturday school, and then my parents called them and complained (because they knew I was leaving school at the time...I had just gone home after), and got it reduced to detention. And then I ended up picking a day of detention where I had test review in the morning anyway, and the guy who does detention was my AP Gov teacher...so I didn't actually have to go anywhere I wouldn't have had to anyway.

Our computer security was haphazard at best. People would be randomly banned that appeared to have played games and stuff, but people who did much more heinous things were never caught or bothered. At one point a guy made a script that filled up the entire drive with the same picture of the principle and brought the network down, but I'm not sure anything happened to him or he was ever even identified.

User avatar
Pez Dispens3r
is not a stick figure.
Posts: 2079
Joined: Thu Dec 04, 2008 3:08 am UTC
Location: Australia
Contact:

Re: My school fails at computer security...

Postby Pez Dispens3r » Mon Sep 06, 2010 3:30 pm UTC

RogerMurdock wrote:The "skipping school" shit was ridiculous though. I had left 15 minutes early after getting back from a class field trip, instead of signing in, going back to class, finishing the movie we were watching...which probably would have been over by the time I walked back there. I just went home, as did about 10 other people in the class. The teacher waved good bye to me as I drove away (though strictly he wasn't supposed to do this, so I couldn't have him support me).

Often this is more about duty of care, and suchness. Even the teachers (as you've demonstrated) sometimes forget the importance of this, but the school is essentially your parents in their legal responsibility for your welfare which is quite ridiculous, in some ways, because most parents don't have around a thousand uninhibited adolescents to deal with.
Mighty Jalapeno wrote:I feel like you're probably an ocelot, and I feel like I want to eat you. Feeling is fun!
this isn't my cow

User avatar
hintss
Posts: 1294
Joined: Wed Nov 25, 2009 7:19 am UTC
Contact:

Re: My school fails at computer security...

Postby hintss » Wed Sep 08, 2010 4:51 am UTC

rath358 wrote:This year, I have to use my laptop for one of my classes (31 students in class, 30 computers in lab).

I may try to make printing work over the wireless/remote desktop, but probably not much else. I probably won't even bother with avoiding websense very much, as I will probably tether my Android.

here, you can find the printers on the network with ubuntu's autodetect, if you hook into the ethernet. wonder if it will work here, where we pay for prints.

and I told the person here about the facebook https thing, they fixed it next day,

also, someone here rearranged the keyboard into the alphabet, and the keyboard seemed to have all the keys different or somethin' cuz those keys didn't press down right...

User avatar
cjmcjmcjmcjm
Posts: 1158
Joined: Tue Jan 05, 2010 5:15 am UTC
Location: Anywhere the internet is strong

Re: My school fails at computer security...

Postby cjmcjmcjmcjm » Wed Sep 08, 2010 5:05 am UTC

I didn't have problems with people ripping off keycaps, but people were fond of moving them around into ridiculous places on the board
frezik wrote:Anti-photons move at the speed of dark

DemonDeluxe wrote:Paying to have laws written that allow you to do what you want, is a lot cheaper than paying off the judge every time you want to get away with something shady.

User avatar
hintss
Posts: 1294
Joined: Wed Nov 25, 2009 7:19 am UTC
Contact:

Re: My school fails at computer security...

Postby hintss » Wed Sep 08, 2010 11:42 pm UTC

cjmcjmcjmcjm wrote:I didn't have problems with people ripping off keycaps, but people were fond of moving them around into ridiculous places on the board

same. and the keyboard stands. they literally have a pile of unidentified keyboard stands in the IT guy's office (middle school)

User avatar
Dopefish
Posts: 855
Joined: Sun Sep 20, 2009 5:46 am UTC
Location: The Well of Wishes

Re: My school fails at computer security...

Postby Dopefish » Wed Sep 08, 2010 11:53 pm UTC

People stole mouse balls regularly at my schools. They ended up basicly taping the cap thing (that holds the ball in) on, but of course tape is only a minor obstacle. Made actually usuing the mouse a bit annoying sometimes too if the tape had any bumps in it.

User avatar
hintss
Posts: 1294
Joined: Wed Nov 25, 2009 7:19 am UTC
Contact:

Re: My school fails at computer security...

Postby hintss » Thu Sep 09, 2010 12:13 am UTC

Dopefish wrote:People stole mouse balls regularly at my schools. They ended up basicly taping the cap thing (that holds the ball in) on, but of course tape is only a minor obstacle. Made actually usuing the mouse a bit annoying sometimes too if the tape had any bumps in it.

at the middle school, they used superglue. then they couldn't clean it and had to toss it

Selenaut
Posts: 3
Joined: Thu Sep 02, 2010 3:20 am UTC

Re: My school fails at computer security...

Postby Selenaut » Wed Sep 15, 2010 3:07 am UTC

Why not just get mice that screw shut?

User avatar
Dopefish
Posts: 855
Joined: Sun Sep 20, 2009 5:46 am UTC
Location: The Well of Wishes

Re: My school fails at computer security...

Postby Dopefish » Wed Sep 15, 2010 2:03 pm UTC

Selenaut wrote:Why not just get mice that screw shut?


That would entail spending money, and schools are ever so reluctant to do such a thing.

Of course these days optical mice are common, so the whole ball stealing shenanigans isn't much of any issue anymore I would imagine. When I was back in those grades though an optical mouse was a fancy high tech thing, so just getting them wasn't practical.

PaulTagg
Posts: 5
Joined: Fri Sep 17, 2010 9:12 pm UTC

Re: My school fails at computer security...

Postby PaulTagg » Fri Sep 17, 2010 10:14 pm UTC

well to put it this way, you weren't aloud to install anything on the school computers without admin access.... our inhouse computer admin/monitor was 60 yrs old..... if you made a portable version of any program you could run it off a flash drive, or hide it your my documents folder and rename it so it was school related. we became masters of circumventing this restriction to the point we were using the schools lan for counterstrike games..... anytime thru out the day there was a lan game going on..... what was funny about that was when the lunches came up, our schedule switched to half periods,..... as in if you have lunch 4, you'd have a 5/6 class,7/8, so on and so forth.... so if you could watch the server for the end of a game set up a new server, youd end up with the admin rights and not be in the same room as everyone else,.... i once sat and screwed with the gravity, then watched the hilarity ensued then screamed out on the computer via admin message,, "I AM GOD I CONTROL YOUR WORLD, YOUR IP ADRESSES AND ACCOUNT NAMES HAVE BEEN LOGGED, EXPECT TO HERE FROM ME IN THE MORNING!" the following rat scurry, of ass covering was funny as hell.....

when the campus it lady caught on to us, they banned mycomputer, ..... little did they know making a hyperlink to explorer.exe that was hidden in a word doc worked quite nice, and they finally caught someone playing a game on a computer...... that game was dolphin olympics 2........, not the 60 other people playing counterstrike........ they need to learn to pick their battles better.....

and in my senior year, there was a problem in the accounts where some days you'd have admin access assigned to your account someday not.... no one spoke up until a non computer educated joke got caught being a idiot....

keeperofdakeys
Posts: 658
Joined: Wed Oct 01, 2008 6:04 am UTC

Re: My school fails at computer security...

Postby keeperofdakeys » Sun Sep 19, 2010 1:30 pm UTC

Dopefish wrote:
Selenaut wrote:Why not just get mice that screw shut?


That would entail spending money, and schools are ever so reluctant to do such a thing.

Of course these days optical mice are common, so the whole ball stealing shenanigans isn't much of any issue anymore I would imagine.

Not when someone applies pen ink onto the optical sensor.


Return to “School”

Who is online

Users browsing this forum: No registered users and 5 guests