need some advice
Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: need some advice

  1. #1
    Junior Member
    Join Date
    Dec 2001
    Posts
    6

    need some advice

    ok, I've discovered quite a few vulnerabilities to a 2k network running at my college, most of them COULD be exploited to a disastrous level. I have a long list of stuff which I'd like to talk to the system admins about (including how to correct the exploits) but I'm a bit concerned as to how they will react, because they might have me kicked out because obviously I had to do a few things which are considered wrong to find the exploits (but no destruction of data or anything malicious etc.), so I mean, how do you explain to them to get it sorted without getting prosecuted yourself ?
    Share on Google+

  2. #2
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103
    Tell them anonymously? Make sure you tell them why you write anonymously though, otherwise you might freak them out...
    Share on Google+

  3. #3
    Senior since the 3 dot era
    Join Date
    Nov 2001
    Posts
    1,540

    Post dangerous

    You have a problem indeed
    getting info about exploits on a system could be interpreted as a crack...

    Maybe you should give the info anonymous?
    Share on Google+

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    677
    Yeah. Write them a nice long e-mail telling them exactly what's wrong with their systems and how they can fix it... and send it from a web based e-mail account (dont post it as anonymous and send it from your college e-mail account - they can read the From: field!!!!)
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net
    Share on Google+

  5. #5
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103
    Oh, and next time, make sure they know what you're trying before you start... they probably logged your attempts, and after reveiling those exploits, you can bet they go through those logs... Well, if you did nothing malicious, you're probably safe regardless.
    Share on Google+

  6. #6
    Senior Member
    Join Date
    Oct 2001
    Posts
    677
    Yeah. I told the computer technicians at my school as soon as I heard that they were putting in a network that they might see some unusual stuff in the logs (if they even *have* logs) because I'll be helping them by locating all the problems.
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net
    Share on Google+

  7. #7
    Junior Member
    Join Date
    Dec 2001
    Posts
    6
    lol seems so simple really when u think about it ! maybe I should have the webbased email thingy sounds like the best idea
    Share on Google+

  8. #8
    Senior since the 3 dot era
    Join Date
    Nov 2001
    Posts
    1,540
    It's not a bad idea to warn / ask before you poke around

    Once I got a message from the network adminstrator of my College with the question if someone else made use of my account to test some things...
    So, they actually look at logs,
    I was surprised ,but I never told that I did these things and not 'a malicious cracker from the evil net'
    Share on Google+

  9. #9
    Senior Member
    Join Date
    Oct 2001
    Posts
    677

    Talking

    Yup, places that actually have logs DO check them... However (believe it or not) most schools and colleges don't keep logs for 2 reasons

    1) Too time consuming
    2) The admins wouldn't know an error from normal activity anyway!!!
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net
    Share on Google+

  10. #10
    Senior since the 3 dot era
    Join Date
    Nov 2001
    Posts
    1,540

    Unhappy Re: Rewandythal

    So, I had just bad luck... or wasn't hidding my attempts enough.

    still, stay with the webmail idea (You could use a new created wemail account on a public shared computer, so even the IP isn't a link to you)
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •