December 5th, 2001, 09:44 PM
need some advice
ok, I've discovered quite a few vulnerabilities to a 2k network running at my college, most of them COULD be exploited to a disastrous level. I have a long list of stuff which I'd like to talk to the system admins about (including how to correct the exploits) but I'm a bit concerned as to how they will react, because they might have me kicked out because obviously I had to do a few things which are considered wrong to find the exploits (but no destruction of data or anything malicious etc.), so I mean, how do you explain to them to get it sorted without getting prosecuted yourself ?
December 5th, 2001, 09:47 PM
Tell them anonymously? Make sure you tell them why you write anonymously though, otherwise you might freak them out...
December 5th, 2001, 09:49 PM
You have a problem indeed
getting info about exploits on a system could be interpreted as a crack...
Maybe you should give the info anonymous?
December 5th, 2001, 09:51 PM
Yeah. Write them a nice long e-mail telling them exactly what's wrong with their systems and how they can fix it... and send it from a web based e-mail account (dont post it as anonymous and send it from your college e-mail account - they can read the From: field!!!!)
December 5th, 2001, 09:58 PM
Oh, and next time, make sure they know what you're trying before you start... they probably logged your attempts, and after reveiling those exploits, you can bet they go through those logs... Well, if you did nothing malicious, you're probably safe regardless.
December 5th, 2001, 10:02 PM
Yeah. I told the computer technicians at my school as soon as I heard that they were putting in a network that they might see some unusual stuff in the logs (if they even *have* logs) because I'll be helping them by locating all the problems.
December 5th, 2001, 10:06 PM
lol seems so simple really when u think about it ! maybe I should have the webbased email thingy sounds like the best idea
December 5th, 2001, 10:08 PM
It's not a bad idea to warn / ask before you poke around
Once I got a message from the network adminstrator of my College with the question if someone else made use of my account to test some things...
So, they actually look at logs,
I was surprised ,but I never told that I did these things and not 'a malicious cracker from the evil net'
December 5th, 2001, 10:11 PM
Yup, places that actually have logs DO check them... However (believe it or not) most schools and colleges don't keep logs for 2 reasons
1) Too time consuming
2) The admins wouldn't know an error from normal activity anyway!!!
December 5th, 2001, 10:16 PM
So, I had just bad luck... or wasn't hidding my attempts enough.
still, stay with the webmail idea (You could use a new created wemail account on a public shared computer, so even the IP isn't a link to you)