Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Skiddie Caught?

  1. #1
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188

    Cool Skiddie Caught?

    Well, the "good ole boys" have caught them a skiddie

    http://www.dnj.com/apps/pbcs.dll/art...WS06/809040315

    The 16-year-old boy hacked into the school's computer network and got a "low-level Windows password ... that gave him access to the network," Evans said.
    "Hacked" means that he found the I/O switch?

    Nonetheless, school system technicians must reset all Windows passwords on Siegel's 600 computers. Evans said that will take about 10 minutes for each computer, creating about 100 hours of work for the technicians.
    Why does it take them 10 minutes to do that which takes me 10 seconds?.............. ah! the opposable thumbs?

    The student had a hearing in the county's Juvenile Court on Friday.
    And the staff will attend my drumhead court martial at Guantanamo when I tell them

    I would suggest that they practice self-abuse............. only they have lost the instruction manual?

  2. #2
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Quote Originally Posted by nihil


    Why does it take them 10 minutes to do that which takes me 10 seconds?.............. ah! the opposable thumbs?
    .. no the ten mins is a figure to get good compensation.. in other words insurance fraud.. did I say that?
    HE hacked with local access!!!!!.. and was using Netsend to boast his actions.!!!....
    that is a detention.. but the school needs to shoot the admin and refine their policy for passwords..
    My goodness.. how paranoid are the school admins.. criminal charges?? FFS

    Now had he done this from an external account.. then it would be reasonable to consider criminal approach.. internal..
    The kid prob got the password from a dumbass teacher, who types at 10 words per hour, by simply looking over his shoulder.
    yes.. thats a r...and that is a 3..... yep a d ...and a shift d and a 1 ..wait for it ... aaaaaaa c what's this ... a shift k... and enter... he is did.. ... yep logon successful .. just love these slooooow typists.
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  3. #3
    Senior Member Ouroboros's Avatar
    Join Date
    Nov 2001
    Location
    Superior, WI USA
    Posts
    636
    pencil?

    O
    "entia non sunt multiplicanda praeter necessitatem"

    "entities should not be multiplied beyond necessity."

    -Occam's Razor


  4. #4
    Senior Member isildur's Avatar
    Join Date
    Feb 2003
    Posts
    166
    You all obviously don't appreciate the seriousness of this. A fiend like this will next move on to.... well something. And it won't be good. Heck in another couple years he might be ... well something else and it won't be good either.
    Only trust Pipe-smoking Penguins.

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Didn't we all do something stupid when we were that age?

    And I agree.. 10 min. per machine is BS. I'll do all 600 in about 5 min. I've been a Windows admin for many years but WTF is a "low-level" windows account? Is that just a normal user account? Then why do they need to change the passwords on 600 machines?

    If anything.. they need to fire their technicians because they clearly have no clue..
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Well SD,

    Didn't we all do something stupid when we were that age?
    Yes, but to be perfectly honest, in my case computers hadn't been invented

    In my opinion it was just a schoolboy prank or practical joke. No harm done (except to a few egos, perhaps?) and it would seem that none was intended. Hell, he got caught by a teacher not an admin?............... they seem to be treating the case as if it were a hoax emergency services call.

    WTF is a "low-level" windows account?
    Exactly! I think that they mean a "high level account", as in one with administrator or near privileges.

    Which leads me to your next observation, and perhaps makes some sense:

    Then why do they need to change the passwords on 600 machines?
    Because they don't use remote support/administration, so each machine has at least a local admin account on it, and the User IDs and passwords are all the same.

    I would urge a word of caution here. I have worked for a number of organisations where IT (and most others) were strictly forbidden to talk to the media. That was the remit of PR/HR................ and we all know how much they know about IT?

    At this stage it looks like the administrative network is secure(ish) in that it is probably administered centrally by the State schools' management. As for the local network............

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Because of the PR drone I'm most certain "low-level" means something else

    My guess too would be some local admin account which has the same password on all boxes. As I've seen that before too..

    And low-level meaning local to the machine as opposed to maybe a network domain account?
    Even if this is "just the local network" and one of those local machine accounts had been breached.. Pfff..
    Man.. Still doesn't take friggin 10 minutes per machine.
    They're networked for pete's sake!

    The guy is being railroaded for the incompetence of the IT department. I still vote on firing them

    They're probably way too busy grepping through the next prom queen's mailbox looking for dirty pictures
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    Senior Member isildur's Avatar
    Join Date
    Feb 2003
    Posts
    166
    You gotta estimate the big damages. A guy makes a few free phone calls and he has compromised the phone system to the tune of millions of dollars even though they would have only cost a couple bucks. A guy downloads some apps or music and it some how kept hundreds of thousands from suddenly purchasing the product. I think they ought to prosecute the companies for fraud for trying collect that kind of damages.
    Only trust Pipe-smoking Penguins.

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Yes, I have seen quite a few of these "guesstimates" that really belong in the pages of a Purlitzer prizewinning novel.

    It seems to be the usual problem..............top down. From the little research I have done this is a state funded school so will be managed by a county education authority with some oversight by the state.

    If it is anything like over here, the education authority will be based some distance away. Mine is about 24 miles, for example. My local schools cannot afford more than one or two people to look after everything on site. They advertised such a job at the local sports college............... €25,000 (£18,000) or so.......... not what will buy you the sharpest tools in the box?

    The best jobs are in county hall and they don't even think about what is happening outside their little political silo. So the problem is a lack of a coherent management structure:

    1. Security model
    2. Security processes
    3. Security procedures
    4. Security processes

    And a management and auditing process to enforce them.

    OK, let's look at the environment? It is a school with probably 1.500 pupils and 30 to a class (their figures), which makes 50 classrooms. They claim 1 computer per 5 students in ordinary classes. That makes 6 per room.

    Language, science and IT laboratories have a 1:1 ratio which would be 30 per room. I guess there will be some in the library as well.

    There is no way that takes 10 minutes per machine, even if you did it manually (which seems to be the implication).

    Start introducing scripts, external media and network access and it becomes a whole different calculation.

    Sure, there are those who will say that the kid brought it upon himself or that he was a victim of his own stupidity; but what if someone really malicious had a go at that site?



    And what about all the other schools that come under the same jurisdiction?

  10. #10
    Banned
    Join Date
    Jan 2008
    Posts
    605
    The guy is being railroaded for the incompetence of the IT department. I still vote on firing them
    What IT department? It's a middle school.

    I not only hope you lose your job... but I hope everything and everyone dear to you vanishes.

    And while you lay groveling in self-pity I'll be there to look down on you and to yell, "You sir, are an incompetent loser!"

Similar Threads

  1. Under Attack! Uber 1337, (bored?), skiddie..
    By Tiger Shark in forum Network Security Discussions
    Replies: 23
    Last Post: June 15th, 2004, 03:42 PM
  2. Blaster Writer Caught
    By cwk9 in forum Miscellaneous Security Discussions
    Replies: 47
    Last Post: September 4th, 2003, 07:47 PM
  3. 10 Best Things to Say if Caught Sleeping at Desk
    By Spyder32 in forum Tech Humor
    Replies: 7
    Last Post: November 28th, 2002, 10:21 AM
  4. Are they Caught?..
    By Spyder32 in forum AntiOnline's General Chit Chat
    Replies: 17
    Last Post: October 25th, 2002, 12:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •