Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Volmarias
Dec 31, 2002

EMAIL... THE INTERNET... SEARCH ENGINES...
The problem will be solved with mandatory password rotations monthly, to limit the damage a stolen credential can do.

The new password will be SchoolnameMonthYear.

Adbot
ADBOT LOVES YOU

obstipator
Nov 8, 2009

by FactsAreUseless

lmao

flakeloaf
Feb 26, 2003

Still better than android clock

Volmarias posted:

The problem will be solved with mandatory password rotations monthly, to limit the damage a stolen credential can do.

The new password will be SchoolnameMonthYear.

https://www.youtube.com/watch?v=_UqEg1cFqig

Kuvo
Oct 27, 2008

Blame it on the misfortune of your bark!
Fun Shoe

lol this literary happened to me in highscool. the computer lab had a desk for the teacher and in its top drawer was the ongoing password list for the admin account. caught a glimpse of it once and discovered they were all vegetables. after that it wasnt hard to guess the new pw when they changed it ever quarter.

Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.

Taco Defender
i gave myself domain admin rights via an obfuscated account i created in grade 11 when the lab teacher went to go coach basketball after school and left the domain controller unlocked while i was in the room

everyone got to play starcraft for my remaining 1.5 years in high school thanks to me

graph
Nov 22, 2006

aaag peanuts
i would email the atease file to myself from inside netscape with file:/// and run it through the cracker at home

pseudorandom name
May 6, 2007

one year my high school made one of my typing/computers in busines/etc. classes do data entry for class registration forms

this involved giving all of us access to an account on the district's main AIX DB2 server which didn't use shadow passwords

the individual schools were each their own separate NetWare installations, but since they were Windows 98 machines you could use the equivalent of the Help->Printer->etc. trick to run arbitrary programs and e.g. place your pixel-perfect VB6 mockup of the NetWare login prompt on top of the real dialog box

Schadenboner
Aug 15, 2011

by Shine

:dong:

akadajet
Sep 14, 2003

what are they looking for??

Squinky v2.0
Nov 16, 2006

Behind you! A three headed monkey!

College Slice
the head of the math department typed his password in clear text over the projector once, and we used his account to hide disc images of games all over the school network





i work in education administration software and anecdotally the number of kids getting into stuff via
compromised faculty accounts has shot up in the last couple academic years

it used to be (like 5 years ago) something we would hear about a 1-2 times per year across hundreds of client schools, and the schools with repeat problems were generally schools that specifically dealt with difficult kids so they weren’t usually surprised

now it’s more like 1-2 per month

there’s one private religious school we deal with (very on the religious side) where it’s an absolute scourge and they are completely powerless to stop the kids from getting into the faculty accounts

the kid(s) doing it even figured out that just editing grades is too obvious and gets caught, and they figured out how to set up custom grading keys per-student and were messing with assignment weighting in grade books so the grade rounds up instead of down without changing the underlying assignment grades. like half the internal folks here don’t even know how to do that stuff without someone holding their hand

it kinda owns, usually high school kids are dumb and do things like delete all their attendance records so they go from 20 absences to 0 overnight

champagne posting
Apr 5, 2006

YOU ARE A BRAIN
IN A BUNKER

that is some good poo poo.

School children owning olds will never get old

Shame Boy
Mar 2, 2010


i'd never even heard of "hendry county" yet apparently I live like a two and a half hour drive away from it so lol. i guess i never realized anyone lived in that area, i thought it was all like, dredged everglades wasteland

anyway good job kids :golfclap:

Wiggly Wayne DDS
Sep 11, 2010



everyone's got a tale on that front, i ended up getting given the local admin creds at my school to help out in the lab. for reasons that also meant full r/w share access across all schools in the city. i roamed the shares for a few months (just boring db dump scripts sitting around in random folders at most, nothing exciting didn't check data outside of school admin shares), then men in suits came in real mad. turns out that they didn't isolate the city council's systems at all and that meant direct access to their payroll systems via local admin at any domain pc in the city

ya every staff member was laughing at them as well. their interview ended with "and you can keep all data you've found just don't make it public..."

Shame Boy
Mar 2, 2010

all the networks in the entire school district were connected together into one massive network so by like 4th grade i figured out i could open up network neighborhood and send dumb poo poo to printers all across the county

then in highschool i cracked the wep wifi because i was a cool hackboi and it was just the school number repeated to however many digits wep requires which was kinda disappointing honestly, but at least i got to use the school internet (via my cool hackboi SSH tunnel proxy thing to get around the content filter) for the rest of highschool :c00lbert:

Shame Boy fucked around with this message at 20:58 on May 10, 2019

Lutha Mahtin
Oct 10, 2010

Your brokebrain sin is absolved...go and shitpost no more!

i think i helped out in my networking class once going around to all the labs and collecting the mac addresses of computers. i think i also helped going thru the classic mac lab and renumbering all the static IP addresses. i do not recall that this required an admin account

our high school had a whole 256 ip subnet on a t1 line, aww yeah

Rufus Ping
Dec 27, 2006





I'm a Friend of Rodney Nano
I bought the .com to my school's .org and someone in HR emailed me the payroll spreadsheets :effort:

tmesis
Jan 18, 2007

sup holmes
Megamarm
i was nice to the librarians and they just gave me the passwords to use the internet on the library computers. social engineering ftw

Lutha Mahtin
Oct 10, 2010

Your brokebrain sin is absolved...go and shitpost no more!

my comp sci professors said back in the 90s they would get emails that were intended for a similarly named university in another country. at first they would helpfully forward the mail, but once the general public got on the internet it would have taken up all their time so they started just deleting them

Volmarias
Dec 31, 2002

EMAIL... THE INTERNET... SEARCH ENGINES...
Back in high school, the one computer lab was locked down by whitelisting executables

by name.

Minesweeper.exe turned into MavisBeacon.exe and the class became semi tolerable. I wasn't interested in romping around the network since the teacher could see me (but didn't care because he knew I was only there for graduation recs, yay for schools whose programming courses maxed out at "Excel")

The_Franz
Aug 8, 2003

Squinky v2.0 posted:

it kinda owns, usually high school kids are dumb and do things like delete all their attendance records so they go from 20 absences to 0 overnight

pr0digal
Sep 12, 2008

Alan Rickman Overdrive
I dumped the password hashes from a library computer using some Linux distro on a floppy disk. I forget the Windows OS but I uploaded them to some website and they were cracked pretty easily. Turns out the admin account was school district wide. I decided not to use the creds and I'm glad I didn't since a kid who did it the next semester got suspended.

Then there was the time I found out you could disable Norton as a non admin user in Windows 2000 (I think it was 2k). I installed Sub7 on my friend's computer in HTML class to mess with him.

Hexyflexy
Sep 2, 2011

asymptotically approaching one
Most stupid: Keylogger I wrote in about 500 bytes that I stuck into the bss of the Netware drivers (they hosed up and didn't declare that section as a true bss so you had about 1k of stsic zeros that the virus scanners didn't look at) that loaded before anything else on the systems. It spread around by dumping a Word template file in the users home directory which back then was auto-loaded every time you started Word. This then dumped the modified network driver on a new machine. Thankfully while I was a mad destructive teenager I also didn't do anything with it. Code was loving sweet though.

Funniest: Whatever we had as Net Nanny back in 1997, the regexes on the URLs were case sensitive.

Farmer Crack-Ass
Jan 2, 2001

this is me posting irl

Squinky v2.0 posted:

there’s one private religious school we deal with (very on the religious side) where it’s an absolute scourge and they are completely powerless to stop the kids from getting into the faculty accounts

the kid(s) doing it even figured out that just editing grades is too obvious and gets caught, and they figured out how to set up custom grading keys per-student and were messing with assignment weighting in grade books so the grade rounds up instead of down without changing the underlying assignment grades. like half the internal folks here don’t even know how to do that stuff without someone holding their hand

it kinda owns, usually high school kids are dumb and do things like delete all their attendance records so they go from 20 absences to 0 overnight

lol that absolutely owns, and i say that as someone who used to be a school district computer janitor


the biggest lol i remember seeing happening back when i was a high school student was when kids figured out using "net send *" to send pop-up messages to every computer on the network, completely freaking out the staff. oh wait did i say "figured out", what i meant was "learned how to do that from the "MCSE" class with its segmented-off LAN, and then went and did it from a school library computer"

man those computer courses were wild. they got some CJ to come in and teach the classes, so he had a way more laissez-faire attitude about what kids did in his class than the average teacher. kids would prank each other with netbus constantly, we had frequent LAN games happening. i somehow got on his good side such that he offered to hire me on one summer doing grunt work for the district IT department, and that's how i got my start into being a professional computer janitor

Guy Axlerod
Dec 29, 2008
Instead of stealing the mouse balls, we swapped keys around on the keyboards. We had one keyboard that had all 1s across the number row, the next 2, etc. The CJ started getting mad when we moved up to having all Qs, Ws, Es, etc. This was supposed to be a C++ class, but we didn't move past the week 2 lessons because there were kids who didn't get it the entire semester.

Booourns
Jan 20, 2004
Please send a report when you see me complain about other posters and threads outside of QCS

~thanks!

When I was in highschool in 1999 we had full access to the computer network because they left multiple full access accounts with no password on there that were easily found by a simple program that checked for them

infernal machines
Oct 11, 2012

we have sealed ourselves away behind our money, growing inward, generating a seamless universe of self.

Volmarias posted:

The problem will be solved with mandatory password rotations monthly, to limit the damage a stolen credential can do.

The new password will be SchoolnameMonthYear.

the old peel district school board netware configuration was set such that passwords would expire after 6 months. once the password expired any password would be accepted and allow you to set a new password for the account.

generally all the passwords on the system would expire within about a week of each other. comedy would ensue

oh, and we had board-wide federated authentication set up like this, meaning it was possible to take over global admin accounts if their passwords expired.

Subjunctive
Sep 12, 2006

✨sparkle and shine✨

infernal machines posted:

the old peel district school board netware configuration was set such that passwords would expire after 6 months. once the password expired any password would be accepted and allow you to set a new password for the account.

generally all the passwords on the system would expire within about a week of each other. comedy would ensue

oh, and we had board-wide federated authentication set up like this, meaning it was possible to take over global admin accounts if their passwords expired.

they probably interviewed multiple people before selecting whoever made those choices

Michael Transactions
Nov 11, 2013

Sigh, looks like an other gently caress up. Lol

(USER WAS PUT ON PROBATION FOR THIS POST)

Qtotonibudinibudet
Nov 7, 2011



Omich poluyobok, skazhi ty narkoman? ya prosto tozhe gde to tam zhivu, mogli by vmeste uyobyvat' narkotiki
all these posters breaking into their school networks to put games on network shares

at my school the computers teacher was like 'yo, here's the network share, put games on it and play doom for the entire period. idgaf, means i don't have to do any teaching'

Celexi
Nov 25, 2006

Slava Ukraini!
The teachers/professors I've had couldn't care less about if we were playing or installing games as they were not the ones being graded.

El Mero Mero
Oct 13, 2001

Squinky v2.0 posted:

it kinda owns, usually high school kids are dumb and do things like delete all their attendance records so they go from 20 absences to 0 overnight

Yeah that was me, except nobody bothered noticing for years.

The whole attendance, grading, counselling notes, etc system had an admin/admin login enabled, which I blindly guessed as a freshman.

They found out three months from when I was to graduate as a senior, after I had spent years excusing absences for myself and friends. The district thought they had caught it right away though because they only had a few months of paper attendance records on file. Punishment was a suspension and I had to write a paper on the subject of integrity.

infernal machines
Oct 11, 2012

we have sealed ourselves away behind our money, growing inward, generating a seamless universe of self.

Subjunctive posted:

they probably interviewed multiple people before selecting whoever made those choices

i've never met the cto for pdsb, probably for the best.

i wound up doing admin/tech work for the schools on and off for a while as a teen.

redleader
Aug 18, 2005

Engage according to operational parameters

Sereri posted:

Blow it out your aes

Soricidus
Oct 21, 2010
freedom-hating statist shill
somehow we had leisure suit larry on our school pcs. teachers dgaf

evilweasel
Aug 24, 2002

an admin at my school kept an excel of every single login and password for the school email accounts on his shared drive anyone could access if they connected to the network with a laptop

not even sure why he had that list in the first place

Phobeste
Apr 9, 2006

never, like, count out Touchdown Tom, man
my high school was wired with pots terminated with rj45 for some reason and all the servers for the district were in a single lil closet with a normal residential air conditioner, which dripped. also all the schools got internet through microwave connections to the high school that wennt out when it rained. Lol

The_Franz
Aug 8, 2003

Phobeste posted:

my high school was wired with pots terminated with rj45 for some reason and all the servers for the district were in a single lil closet with a normal residential air conditioner, which dripped. also all the schools got internet through microwave connections to the high school that wennt out when it rained. Lol

the guidance office at my old high school still had old ibm xts to access the student database and the only other computers were the handful of 486 machines in the computer classroom that were on a 10mbps lan with no internet access. the library had two apple ii systems and a few more xts along the back wall that sat under plastic covers and were never turned on in my tenure there. the last year i was there they introduced two internet connected computers on 56k dialup, one in the library next to the apple ii systems and one in the computer lab. nobody ever used them because you needed to fill out a pile of "I SWEAR I WILL NOT LOOK AT PORN" forms before they would let you touch them

this was around the turn of the century

apparently the district had a major fire a few years ago that destroyed their servers and a lot of paper records, both of which were kept in the attic of the converted mansion the district used for their offices

El Mero Mero posted:

They found out three months from when I was to graduate as a senior, after I had spent years excusing absences for myself and friends. The district thought they had caught it right away though because they only had a few months of paper attendance records on file. Punishment was a suspension and I had to write a paper on the subject of integrity.

gotta love the ol' "your punishment for not going to school is being forced to not come to school"

ymgve
Jan 2, 2004


:dukedog:
Offensive Clock
Someone claims to have broken the SIMON cipher on shorter keylenghts

https://eprint.iacr.org/2019/474

but the whole document is...weird

https://twitter.com/colmmacc/status/1127100892883312640

Wiggly Wayne DDS
Sep 11, 2010



jeez everyone can be a critic, i'll go update the doc

Adbot
ADBOT LOVES YOU

Schadenboner
Aug 15, 2011

by Shine

ymgve posted:

Someone claims to have broken the SIMON cipher on shorter keylenghts

https://eprint.iacr.org/2019/474

but the whole document is...weird

https://twitter.com/colmmacc/status/1127100892883312640

quote:

Our analysis technique is not public at this stage of development.
There is still a lot of work to be done to obtain an optimized, more
efficient and industry-level version, which would be transposable more
generally to other cryptographic systems. However, since we know that
an algorithm is no longer secure and can no longer be used, it is essential
to make this information public, without necessarily revealing the method
used.

:chloe:

E: I don't have anywhere near the math background to understand what they're (purporting to be) actually saying but that bit above strikes me as strange?

Schadenboner fucked around with this message at 15:28 on May 11, 2019

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply