Students using school issued notebooks busted for misuse

Even though the students should not be doing that, it seems like they should have a little better security setup (taped password on the back of some computers).

On CNN:
http://www.cnn.com/2005/TECH/interne....ap/index.html

We had some people fined in our school for using the staff's account. The also used net send through CMD to send messages to every PC in the school, it was a bit stupid as it said where it was sent from. Now we have key loggers on every PC. As for the accounts the passwords were on a text document on a networked drive where everybody can see if you know where to look.

I don't know if I already posted this.. there was a kid at my school who had been hacking accounts all year until close to the end of the year (he was a senior) he went into a teachers grade program and changed grades. Long story short he was caught and sent to jail cause he committed a felony. People think this is a joke no one takes it seriously even when they know the consequences. Well I'm pretty sure he learned after being in jail and he will regret it for the rest of his life since everything is more difficult for convicted felons.

Oh kids used to use command prompt to send messages and everyone in the class got kicked off the computers even if they didn't do it... that means we head to handwrite multiple spreadsheet documents... I was pissed cause I didn't even do that command prompt junk but they learned quick.

I've got to admit this seems to bizarre to me. First they were incompetant enough to give the students the password. But, if I read this correctly, they had restrictions on how they could use these computers in their own homes. I can understand if there are restrictions on using the school network for downloading pornography but it just sounds to me somebody higher up just hasn't thought this through properly.

I say the officials of the school district should admit there was incompetance on their part (accidently handing out the password for God's sake) and forget about disciplining the students. They should just learn from their mistakes and move on.

Peter Mount

This is a similar sort of thing that my friends and I did up until a short while ago.

I found several holes in the security restrictions that my school put on our user accounts. Each student has a user account with limited privilleges that we can use on any computer in the school (about 200 computers with either Windows 2000 Pro or XP Pro). We found several ways of accessing the C drive (Which was "blocked"). It really isn't hard for kids these days to do this. I even found that we could even use Firefox on a USB to surf the net at school through the hotmail server, and visit sites like myspace.com that the school blocked.

Now I am not advocating this sort of thing, its just that todays kids have computer skills that many adults don't, and think of ways of doing things that adults don't.

Our school simply patched these holes in the system, and now there are no exploits that we know of. We don't have laptops like these kids though. I have a laptop that I use for school, but I can't use it on the network. Well I can, because I can reconfigure firefox to work through the schools proxy, and logon to the net just like on the school PCs (with the same restrictions), and even access my own logon drive.

Changing grades is simply wrong, and that is definately not a joke.

Our school has disabled command prompt, and up until recently we could use Winchat to chat to each other throughout the school.

I have actually heard of schools that get some of the smarter kids who are good at computers to try and find holes in the system, so that they can be patched. That is probably one of the better ideas of securing a school network.

MitchellO, I have the same sort of situation in my school... I'm a Highschool senior, and I know more about windows domain architecture than my school's IT manager does.

The thing that really strikes me as wrong (especially in my case) is I used the security holes to send messages to the admin saying stuff like 'look, i can access the gradebook' or 'netsend still works', etc. To make a long story short, they didn't appreciate that too much... they disliked it so much they put a ban on all electronic devices in the school. needless to say I still bring my Dell and Sager in on a regular basis, but the older generation really needs to wake up and stop thinking they're so friggin superior.

Another fun one is to download a zip file (win 2k sp3) and rightclick -> properties -> advanced -> users.... tab over to the admin username and there ya go, you've got all you need to get at the passwd on the activedirectory machine

They have disabled the properties box on student logons

I have actually created a program with my limited knowledge of VB6 that lets you browse the C drive, execute programs, open files (like ini, inf, bat, txt and any other textfile, as well as BMP, JPG and PDF) and copy files from one place to another. It also can launch the builtin games of Win2000 (Solitaire, Pinball, Minesweeper, Freecell), even though the shortcuts have been disabled. It also incorporates a feature that mimicks the run box.

Wow... the school used the ADDRESSS for ALL of the admin passwords? Wow... the school is lucky that the kids parents who got access to porn aren’t suing them!

The school officials have to admit at least some responsibility for giving out the password.

At my high school, we would figure out how to get past our restrictions. It was pretty easy for me and some of my friends, as we just had to use usb keys, Knoppix cds, go into internet explorer and type in C:\whatever, or anything else that was viable.

o god speaking of school disasters... and off topic quite a bit... some seniors at my HS last year (as i was a junior) were using the school's digital camera for photography class and found some... ahem... rather X rated pictures of two teachers (both married, one as recent as within the previous 6mo's, but not to eachother of course) having at it in an art classroom... all sorts of sick stuff... needless to say, they were forced to resign... and I'm amazed the kids' families didn't sue the piss out of the school...

-bazzel

A friend of mine (now at a university) uses the community college campus' computers to download over 76GB of movies and music using the famous bittorent (just 76GB of networked storage). The IT department eventually caught on and his account got disaabled (it says so when you try to logon). When he went to reset the account, the IT people told him he was downloading movies and music and that any further violation of the policy would result in permanent suspension of the account. The reset basically deleted everything from the account. They never said anything more.

That aint restriction. Our school has blocked all attempts to type addresses to any folder in the address bar. You can't type c: or z: (our allocated network drive, each student has there own that is mapped to z: at logon), or the location of a network share in the address bar with out the "Administrator cancelled" error.

That didn't stop me from working out how to access all the school servers by using a student accessible shortcut to go up in the folder tree to the workgroup of all the computers.

when i was kid, I went directly to the teachers' office to correct exams (my exams of course by coping results of other ). Teachers were in the cafeteria, and they let the office open.I did that for 1-2 years.

Oh, man. If an admin was STUPID enough to leave his password taped on the computer itself...oi. Whoever did that should be charged with "criminal negligence due to pure idiocy" But, yes, the students should have definately been honest in the first place.

The high school I went to had pretty loose security if you knew how to get around: CMD was only half-disabled, I could easily boot to a Linux CD by changing the settings in the password-less BIOS, installing apps was dead easy, registry was accessible through 3rd party apps, file browsing on certain volumes was only disabled directly through explorer.exe, I could completely clear by tracks by using Firefox (not that I had any reason to other than paranoia)...but I was honest and was one of very few nerdy geeks there

yep it certainly is... and almost all hacking convictions are felonies and they're only gonna get tougher with 'em...

this is about the same as the "Florida guy..." thread ... people just want to justify what's clearly wrong so badly that they'll use any excuse, blame anybody, anything but take personal responsibility...

the guy that would point out holes in security by using that hole to send a msg to IT... that's like knowing how to break in a bank, doing it, calling the cops and saying "hey, there's a security hole here... uh, why are you guys arresting me?"... and their incompetence "struck you wrong" so that justified whatever you wanted to do... sad... that is a very slippery slope... "self justification" - no matter what others think, no matter what the law says, no matter what's right and wrong, i'm gonna do what i want... totally selfish and amoral...

somebody else screws up so that gives you the right to do whatever you please... well here's a shocker for ya, the law doesn't see it that way... courts, judges and juries don't give a rat's azz about "your opinion" or "what you thought"...

some of you kiddies are in for a big shock when you are released in the real world on your own...

most, well at least some of us learned it as very small children... if it's yours, you can do pretty much what you want with it... if it's not yours and you don't have permission, then don't mess with it... if it's not yours but you have permission but with restrictions, then try (i realize this is virtually impossible for some of you to grasp) to live up to your agreement (your word, your contract)...

it's called ethics and even most lil kids can be taught it... but so many have rationalized that stealing music, software, etc. is "not really stealing" that they no longer are ethical or honest...

oh btw, when i was working at IBM, we had 2 coops (that should be a familiar word for those of you in school) who were very bright and from a very prominent school, that hacked using IBM's resources... let's see, they got 4 - 8 years in prison, probation for 10 years i think, restitution and a huge fine... they were offered a plea agreement - 2 years, probation for 6 years, full restitution and fine PAID IN FULL THEN and an agreement that they would NEVER touch, own or work with a computer for the rest of their lives... any violation of which would automatically kick in the full prison and probation terms... really f**ked up their plans for using their IT degrees... course that was irrelevant because they were, of course, kicked outta school lol

consider the career options for convicted felons... consider not being able to work anywhere there are computers (not too many places)... consider not owning a computer...

and if you're thinking it "won't happen to me" think again... it happens much more than you think and is usually kept out of the news cause nobody concerned wants it known...

and even if it did happen i'm sure you're thinking "well my wife/gf/whatever would have one i'd use"... lol yeah, right, and they'd be able to blackmail you for life - talk about bein' pwned... rof lmao that would truly be the ultimate...

go ahead and f**k with a large corporation, I DARE YA, no matter how smart ya are, i'm bettin' you lose big time...

i've been on the inside and seen what corps do for their protection... i've seen cpys that are very lax but some exec reads an article and tells the IT manager to chk it out... whoops, now your dumb lil cpy that doesn't even put on the latest patches has a security cpy parachute in check everything out, install very special pgms, etc... your azz is now cooked... cpys, even the worst, are fanatical about backing up so they have a history what's already gone on... course that's not important cause you're already busted cause the first advice the security cpy said was "don't mention this to anyone, NOBODY"! because they know the most likely suspects are IT pros...

btw, anyone doubting my credentials please chk out the above thread link and see if you have any doubts about my legal education/knowledge...

if you have any doubts about my IT credentials i'll tell ya something that most IBMers don't even know about... any of you Thinkpad owners that have depot repair talk to them about what i'm gonna tell ya... they prolly don't know either but they will verify that an R3 pickup is a "hot pickup" (as opposed to an R2) and that the repair facility is located across from the Memphis airport and they now share it with Dell... btw, they also share some tech support facilities with Dell... IBMers have blue badges, contractors have yellow...

why did IBM locate it's notebook repair facility across from the Memphis airport? 'cause that's where CpyX did it's "big sort" every nite and IBM can get out shipments even after mignight so most fixes are a one day turnaround...

BUT, why did IBM stop using CpyX? that doesn't make any sense at all... they did all that and used them from the time they released the first ThinkPad...

well it's because one night the ENTIRE shipment of thinkpads went missing... wow, did they all just happen to get stolen on that night? what are the odds? OR could it be that it was an inside job? yeah, that's much more probable... so that's why CpyX lost it's largest contract and tried almost everything to get it back but to no avail...

lot more to this story and lots of others from inside Big Blue...

so i'm warning you to be careful about doing the right thing when you start your career - actually even before so that you can HAVE a career...

please feel free to check out any/all of what i've related...

how many Thinkpad owners have seen CpyX? (much more likely Airborne or DHL)

just wanted everyone to be aware of these things... not everything in biz or law is reported to the public...

now you can all go back to whatever you were doing lol although you might have some second thoughts now...

sleep well...

My thoughts:
Kids should be suspeneded from school for the rest of the year.
Network admin should be fired.

Now, if you wanted to have unresticted access, go grab Portable Firefox, throw it on a jump drive, and do your thing. Just don't get caught.