|
The problem will be solved with mandatory password rotations monthly, to limit the damage a stolen credential can do. The new password will be SchoolnameMonthYear.
|
# ? May 10, 2019 18:57 |
|
|
# ? Mar 29, 2024 15:10 |
|
lmao
|
# ? May 10, 2019 18:57 |
|
Volmarias posted:The problem will be solved with mandatory password rotations monthly, to limit the damage a stolen credential can do. https://www.youtube.com/watch?v=_UqEg1cFqig
|
# ? May 10, 2019 18:59 |
|
lol this literary happened to me in highscool. the computer lab had a desk for the teacher and in its top drawer was the ongoing password list for the admin account. caught a glimpse of it once and discovered they were all vegetables. after that it wasnt hard to guess the new pw when they changed it ever quarter.
|
# ? May 10, 2019 19:16 |
|
i gave myself domain admin rights via an obfuscated account i created in grade 11 when the lab teacher went to go coach basketball after school and left the domain controller unlocked while i was in the room everyone got to play starcraft for my remaining 1.5 years in high school thanks to me
|
# ? May 10, 2019 19:22 |
|
i would email the atease file to myself from inside netscape with file:/// and run it through the cracker at home
|
# ? May 10, 2019 19:23 |
|
one year my high school made one of my typing/computers in busines/etc. classes do data entry for class registration forms this involved giving all of us access to an account on the district's main AIX DB2 server which didn't use shadow passwords the individual schools were each their own separate NetWare installations, but since they were Windows 98 machines you could use the equivalent of the Help->Printer->etc. trick to run arbitrary programs and e.g. place your pixel-perfect VB6 mockup of the NetWare login prompt on top of the real dialog box
|
# ? May 10, 2019 19:54 |
|
|
# ? May 10, 2019 20:10 |
|
what are they looking for??
|
# ? May 10, 2019 20:13 |
|
the head of the math department typed his password in clear text over the projector once, and we used his account to hide disc images of games all over the school network i work in education administration software and anecdotally the number of kids getting into stuff via compromised faculty accounts has shot up in the last couple academic years it used to be (like 5 years ago) something we would hear about a 1-2 times per year across hundreds of client schools, and the schools with repeat problems were generally schools that specifically dealt with difficult kids so they weren’t usually surprised now it’s more like 1-2 per month there’s one private religious school we deal with (very on the religious side) where it’s an absolute scourge and they are completely powerless to stop the kids from getting into the faculty accounts the kid(s) doing it even figured out that just editing grades is too obvious and gets caught, and they figured out how to set up custom grading keys per-student and were messing with assignment weighting in grade books so the grade rounds up instead of down without changing the underlying assignment grades. like half the internal folks here don’t even know how to do that stuff without someone holding their hand it kinda owns, usually high school kids are dumb and do things like delete all their attendance records so they go from 20 absences to 0 overnight
|
# ? May 10, 2019 20:21 |
|
that is some good poo poo. School children owning olds will never get old
|
# ? May 10, 2019 20:37 |
|
i'd never even heard of "hendry county" yet apparently I live like a two and a half hour drive away from it so lol. i guess i never realized anyone lived in that area, i thought it was all like, dredged everglades wasteland anyway good job kids
|
# ? May 10, 2019 20:49 |
|
everyone's got a tale on that front, i ended up getting given the local admin creds at my school to help out in the lab. for reasons that also meant full r/w share access across all schools in the city. i roamed the shares for a few months (just boring db dump scripts sitting around in random folders at most, nothing exciting didn't check data outside of school admin shares), then men in suits came in real mad. turns out that they didn't isolate the city council's systems at all and that meant direct access to their payroll systems via local admin at any domain pc in the city ya every staff member was laughing at them as well. their interview ended with "and you can keep all data you've found just don't make it public..."
|
# ? May 10, 2019 20:49 |
|
all the networks in the entire school district were connected together into one massive network so by like 4th grade i figured out i could open up network neighborhood and send dumb poo poo to printers all across the county then in highschool i cracked the wep wifi because i was a cool hackboi and it was just the school number repeated to however many digits wep requires which was kinda disappointing honestly, but at least i got to use the school internet (via my cool hackboi SSH tunnel proxy thing to get around the content filter) for the rest of highschool Shame Boy fucked around with this message at 20:58 on May 10, 2019 |
# ? May 10, 2019 20:56 |
|
i think i helped out in my networking class once going around to all the labs and collecting the mac addresses of computers. i think i also helped going thru the classic mac lab and renumbering all the static IP addresses. i do not recall that this required an admin account our high school had a whole 256 ip subnet on a t1 line, aww yeah
|
# ? May 10, 2019 21:01 |
|
I bought the .com to my school's .org and someone in HR emailed me the payroll spreadsheets
|
# ? May 10, 2019 21:06 |
|
i was nice to the librarians and they just gave me the passwords to use the internet on the library computers. social engineering ftw
|
# ? May 10, 2019 21:17 |
|
my comp sci professors said back in the 90s they would get emails that were intended for a similarly named university in another country. at first they would helpfully forward the mail, but once the general public got on the internet it would have taken up all their time so they started just deleting them
|
# ? May 10, 2019 21:22 |
|
Back in high school, the one computer lab was locked down by whitelisting executables by name. Minesweeper.exe turned into MavisBeacon.exe and the class became semi tolerable. I wasn't interested in romping around the network since the teacher could see me (but didn't care because he knew I was only there for graduation recs, yay for schools whose programming courses maxed out at "Excel")
|
# ? May 10, 2019 21:28 |
|
Squinky v2.0 posted:it kinda owns, usually high school kids are dumb and do things like delete all their attendance records so they go from 20 absences to 0 overnight
|
# ? May 10, 2019 21:30 |
|
I dumped the password hashes from a library computer using some Linux distro on a floppy disk. I forget the Windows OS but I uploaded them to some website and they were cracked pretty easily. Turns out the admin account was school district wide. I decided not to use the creds and I'm glad I didn't since a kid who did it the next semester got suspended. Then there was the time I found out you could disable Norton as a non admin user in Windows 2000 (I think it was 2k). I installed Sub7 on my friend's computer in HTML class to mess with him.
|
# ? May 10, 2019 22:07 |
|
Most stupid: Keylogger I wrote in about 500 bytes that I stuck into the bss of the Netware drivers (they hosed up and didn't declare that section as a true bss so you had about 1k of stsic zeros that the virus scanners didn't look at) that loaded before anything else on the systems. It spread around by dumping a Word template file in the users home directory which back then was auto-loaded every time you started Word. This then dumped the modified network driver on a new machine. Thankfully while I was a mad destructive teenager I also didn't do anything with it. Code was loving sweet though. Funniest: Whatever we had as Net Nanny back in 1997, the regexes on the URLs were case sensitive.
|
# ? May 10, 2019 22:20 |
|
Squinky v2.0 posted:there’s one private religious school we deal with (very on the religious side) where it’s an absolute scourge and they are completely powerless to stop the kids from getting into the faculty accounts lol that absolutely owns, and i say that as someone who used to be a school district computer janitor the biggest lol i remember seeing happening back when i was a high school student was when kids figured out using "net send *" to send pop-up messages to every computer on the network, completely freaking out the staff. oh wait did i say "figured out", what i meant was "learned how to do that from the "MCSE" class with its segmented-off LAN, and then went and did it from a school library computer" man those computer courses were wild. they got some CJ to come in and teach the classes, so he had a way more laissez-faire attitude about what kids did in his class than the average teacher. kids would prank each other with netbus constantly, we had frequent LAN games happening. i somehow got on his good side such that he offered to hire me on one summer doing grunt work for the district IT department, and that's how i got my start into being a professional computer janitor
|
# ? May 10, 2019 22:31 |
|
Instead of stealing the mouse balls, we swapped keys around on the keyboards. We had one keyboard that had all 1s across the number row, the next 2, etc. The CJ started getting mad when we moved up to having all Qs, Ws, Es, etc. This was supposed to be a C++ class, but we didn't move past the week 2 lessons because there were kids who didn't get it the entire semester.
|
# ? May 10, 2019 22:42 |
|
When I was in highschool in 1999 we had full access to the computer network because they left multiple full access accounts with no password on there that were easily found by a simple program that checked for them
|
# ? May 10, 2019 22:44 |
|
Volmarias posted:The problem will be solved with mandatory password rotations monthly, to limit the damage a stolen credential can do. the old peel district school board netware configuration was set such that passwords would expire after 6 months. once the password expired any password would be accepted and allow you to set a new password for the account. generally all the passwords on the system would expire within about a week of each other. comedy would ensue oh, and we had board-wide federated authentication set up like this, meaning it was possible to take over global admin accounts if their passwords expired.
|
# ? May 10, 2019 22:46 |
|
infernal machines posted:the old peel district school board netware configuration was set such that passwords would expire after 6 months. once the password expired any password would be accepted and allow you to set a new password for the account. they probably interviewed multiple people before selecting whoever made those choices
|
# ? May 11, 2019 00:35 |
|
Sigh, looks like an other gently caress up. Lol (USER WAS PUT ON PROBATION FOR THIS POST)
|
# ? May 11, 2019 03:41 |
|
all these posters breaking into their school networks to put games on network shares at my school the computers teacher was like 'yo, here's the network share, put games on it and play doom for the entire period. idgaf, means i don't have to do any teaching'
|
# ? May 11, 2019 03:57 |
|
The teachers/professors I've had couldn't care less about if we were playing or installing games as they were not the ones being graded.
|
# ? May 11, 2019 04:59 |
|
Squinky v2.0 posted:it kinda owns, usually high school kids are dumb and do things like delete all their attendance records so they go from 20 absences to 0 overnight Yeah that was me, except nobody bothered noticing for years. The whole attendance, grading, counselling notes, etc system had an admin/admin login enabled, which I blindly guessed as a freshman. They found out three months from when I was to graduate as a senior, after I had spent years excusing absences for myself and friends. The district thought they had caught it right away though because they only had a few months of paper attendance records on file. Punishment was a suspension and I had to write a paper on the subject of integrity.
|
# ? May 11, 2019 05:40 |
|
Subjunctive posted:they probably interviewed multiple people before selecting whoever made those choices i've never met the cto for pdsb, probably for the best. i wound up doing admin/tech work for the schools on and off for a while as a teen.
|
# ? May 11, 2019 05:47 |
|
Sereri posted:Blow it out your aes
|
# ? May 11, 2019 06:41 |
|
somehow we had leisure suit larry on our school pcs. teachers dgaf
|
# ? May 11, 2019 09:49 |
|
an admin at my school kept an excel of every single login and password for the school email accounts on his shared drive anyone could access if they connected to the network with a laptop not even sure why he had that list in the first place
|
# ? May 11, 2019 13:21 |
|
my high school was wired with pots terminated with rj45 for some reason and all the servers for the district were in a single lil closet with a normal residential air conditioner, which dripped. also all the schools got internet through microwave connections to the high school that wennt out when it rained. Lol
|
# ? May 11, 2019 14:23 |
|
Phobeste posted:my high school was wired with pots terminated with rj45 for some reason and all the servers for the district were in a single lil closet with a normal residential air conditioner, which dripped. also all the schools got internet through microwave connections to the high school that wennt out when it rained. Lol the guidance office at my old high school still had old ibm xts to access the student database and the only other computers were the handful of 486 machines in the computer classroom that were on a 10mbps lan with no internet access. the library had two apple ii systems and a few more xts along the back wall that sat under plastic covers and were never turned on in my tenure there. the last year i was there they introduced two internet connected computers on 56k dialup, one in the library next to the apple ii systems and one in the computer lab. nobody ever used them because you needed to fill out a pile of "I SWEAR I WILL NOT LOOK AT PORN" forms before they would let you touch them this was around the turn of the century apparently the district had a major fire a few years ago that destroyed their servers and a lot of paper records, both of which were kept in the attic of the converted mansion the district used for their offices El Mero Mero posted:They found out three months from when I was to graduate as a senior, after I had spent years excusing absences for myself and friends. The district thought they had caught it right away though because they only had a few months of paper attendance records on file. Punishment was a suspension and I had to write a paper on the subject of integrity. gotta love the ol' "your punishment for not going to school is being forced to not come to school"
|
# ? May 11, 2019 14:57 |
|
Someone claims to have broken the SIMON cipher on shorter keylenghts https://eprint.iacr.org/2019/474 but the whole document is...weird https://twitter.com/colmmacc/status/1127100892883312640
|
# ? May 11, 2019 15:09 |
|
jeez everyone can be a critic, i'll go update the doc
|
# ? May 11, 2019 15:20 |
|
|
# ? Mar 29, 2024 15:10 |
|
ymgve posted:Someone claims to have broken the SIMON cipher on shorter keylenghts quote:Our analysis technique is not public at this stage of development. E: I don't have anywhere near the math background to understand what they're (purporting to be) actually saying but that bit above strikes me as strange? Schadenboner fucked around with this message at 15:28 on May 11, 2019 |
# ? May 11, 2019 15:24 |