-
September 8th, 2008, 02:42 AM
#1
Skiddie Caught?
Well, the "good ole boys" have caught them a skiddie
http://www.dnj.com/apps/pbcs.dll/art...WS06/809040315
The 16-year-old boy hacked into the school's computer network and got a "low-level Windows password ... that gave him access to the network," Evans said.
"Hacked" means that he found the I/O switch?
Nonetheless, school system technicians must reset all Windows passwords on Siegel's 600 computers. Evans said that will take about 10 minutes for each computer, creating about 100 hours of work for the technicians.
Why does it take them 10 minutes to do that which takes me 10 seconds?.............. ah! the opposable thumbs?
The student had a hearing in the county's Juvenile Court on Friday.
And the staff will attend my drumhead court martial at Guantanamo when I tell them
I would suggest that they practice self-abuse............. only they have lost the instruction manual?
-
September 8th, 2008, 06:22 AM
#2
Originally Posted by nihil
Why does it take them 10 minutes to do that which takes me 10 seconds?.............. ah! the opposable thumbs?
.. no the ten mins is a figure to get good compensation.. in other words insurance fraud.. did I say that?
HE hacked with local access!!!!!.. and was using Netsend to boast his actions.!!!....
that is a detention.. but the school needs to shoot the admin and refine their policy for passwords..
My goodness.. how paranoid are the school admins.. criminal charges?? FFS
Now had he done this from an external account.. then it would be reasonable to consider criminal approach.. internal..
The kid prob got the password from a dumbass teacher, who types at 10 words per hour, by simply looking over his shoulder.
yes.. thats a r...and that is a 3..... yep a d ...and a shift d and a 1 ..wait for it ... aaaaaaa c what's this ... a shift k... and enter... he is did.. ... yep logon successful .. just love these slooooow typists.
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
September 8th, 2008, 09:05 AM
#3
"entia non sunt multiplicanda praeter necessitatem"
"entities should not be multiplied beyond necessity."
-Occam's Razor
-
September 8th, 2008, 02:47 PM
#4
You all obviously don't appreciate the seriousness of this. A fiend like this will next move on to.... well something. And it won't be good. Heck in another couple years he might be ... well something else and it won't be good either.
Only trust Pipe-smoking Penguins.
-
September 8th, 2008, 04:32 PM
#5
Didn't we all do something stupid when we were that age?
And I agree.. 10 min. per machine is BS. I'll do all 600 in about 5 min. I've been a Windows admin for many years but WTF is a "low-level" windows account? Is that just a normal user account? Then why do they need to change the passwords on 600 machines?
If anything.. they need to fire their technicians because they clearly have no clue..
Oliver's Law:
Experience is something you don't get until just after you need it.
-
September 8th, 2008, 06:43 PM
#6
Well SD,
Didn't we all do something stupid when we were that age?
Yes, but to be perfectly honest, in my case computers hadn't been invented
In my opinion it was just a schoolboy prank or practical joke. No harm done (except to a few egos, perhaps?) and it would seem that none was intended. Hell, he got caught by a teacher not an admin?............... they seem to be treating the case as if it were a hoax emergency services call.
WTF is a "low-level" windows account?
Exactly! I think that they mean a "high level account", as in one with administrator or near privileges.
Which leads me to your next observation, and perhaps makes some sense:
Then why do they need to change the passwords on 600 machines?
Because they don't use remote support/administration, so each machine has at least a local admin account on it, and the User IDs and passwords are all the same.
I would urge a word of caution here. I have worked for a number of organisations where IT (and most others) were strictly forbidden to talk to the media. That was the remit of PR/HR................ and we all know how much they know about IT?
At this stage it looks like the administrative network is secure(ish) in that it is probably administered centrally by the State schools' management. As for the local network............
-
September 8th, 2008, 07:37 PM
#7
Because of the PR drone I'm most certain "low-level" means something else
My guess too would be some local admin account which has the same password on all boxes. As I've seen that before too..
And low-level meaning local to the machine as opposed to maybe a network domain account?
Even if this is "just the local network" and one of those local machine accounts had been breached.. Pfff..
Man.. Still doesn't take friggin 10 minutes per machine.
They're networked for pete's sake!
The guy is being railroaded for the incompetence of the IT department. I still vote on firing them
They're probably way too busy grepping through the next prom queen's mailbox looking for dirty pictures
Oliver's Law:
Experience is something you don't get until just after you need it.
-
September 8th, 2008, 10:25 PM
#8
You gotta estimate the big damages. A guy makes a few free phone calls and he has compromised the phone system to the tune of millions of dollars even though they would have only cost a couple bucks. A guy downloads some apps or music and it some how kept hundreds of thousands from suddenly purchasing the product. I think they ought to prosecute the companies for fraud for trying collect that kind of damages.
Only trust Pipe-smoking Penguins.
-
September 8th, 2008, 11:49 PM
#9
Yes, I have seen quite a few of these "guesstimates" that really belong in the pages of a Purlitzer prizewinning novel.
It seems to be the usual problem..............top down. From the little research I have done this is a state funded school so will be managed by a county education authority with some oversight by the state.
If it is anything like over here, the education authority will be based some distance away. Mine is about 24 miles, for example. My local schools cannot afford more than one or two people to look after everything on site. They advertised such a job at the local sports college............... €25,000 (£18,000) or so.......... not what will buy you the sharpest tools in the box?
The best jobs are in county hall and they don't even think about what is happening outside their little political silo. So the problem is a lack of a coherent management structure:
1. Security model
2. Security processes
3. Security procedures
4. Security processes
And a management and auditing process to enforce them.
OK, let's look at the environment? It is a school with probably 1.500 pupils and 30 to a class (their figures), which makes 50 classrooms. They claim 1 computer per 5 students in ordinary classes. That makes 6 per room.
Language, science and IT laboratories have a 1:1 ratio which would be 30 per room. I guess there will be some in the library as well.
There is no way that takes 10 minutes per machine, even if you did it manually (which seems to be the implication).
Start introducing scripts, external media and network access and it becomes a whole different calculation.
Sure, there are those who will say that the kid brought it upon himself or that he was a victim of his own stupidity; but what if someone really malicious had a go at that site?
And what about all the other schools that come under the same jurisdiction?
-
September 10th, 2008, 05:07 AM
#10
The guy is being railroaded for the incompetence of the IT department. I still vote on firing them
What IT department? It's a middle school.
I not only hope you lose your job... but I hope everything and everyone dear to you vanishes.
And while you lay groveling in self-pity I'll be there to look down on you and to yell, "You sir, are an incompetent loser!"
Similar Threads
-
By Tiger Shark in forum Network Security Discussions
Replies: 23
Last Post: June 15th, 2004, 03:42 PM
-
By cwk9 in forum Miscellaneous Security Discussions
Replies: 47
Last Post: September 4th, 2003, 07:47 PM
-
By Spyder32 in forum Tech Humor
Replies: 7
Last Post: November 28th, 2002, 10:21 AM
-
By Spyder32 in forum AntiOnline's General Chit Chat
Replies: 17
Last Post: October 25th, 2002, 12:46 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|