Slashdot Mirror

← Back to Stories (view on slashdot.org)

Oxford Students Hack University Network

Posted by CowboyNeal on from the unintentional-online-services dept.

An anonymous reader writes "Both The Guardian and BBC News are carrying the story that two students at the University of Oxford, Patrick Foster and Roger Waite, were able to easily hack into the university's internal network in minutes using only easily-available software. Once inside, they could find out anyone's email password, observe instant messenger conversations and control parts of the university's CCTV system. The students were investigating the university's network security for the student newspaper, The Oxford Student, which published a front page article and editorial on the matter. In the article, a university spokesperson is quoted as saying 'In some cases the wish to provide the widest possible computer access as cheaply as possible may mean deciding to go for a cheaper set-up, with potentially lower security.' The students now face disciplinary precedings from the university and could receive rustication (suspension) and a 500 pound fine. The matter has also been passed onto the police."

29 of 662 comments (clear)

  1. Yeah... and? by Anonymous Coward · · Score: 4, Funny

    What appropriately aged Slashdotter hasn't hacked into their university or college's network?

    1. Re:Yeah... and? by Anonymous Coward · · Score: 5, Funny
      I got a two day suspension for it! (highschool)

      All I got was this stupid t-shirt.

    2. Re:Yeah... and? by Anonymous Coward · · Score: 1, Funny

      Atleast his English teachers could still feel superior in the face of his overwhelming computer knowledge.

    3. Re:Yeah... and? by mikael · · Score: 5, Funny

      That reminds me of an ultra-paranoid sys-admin we once had (the kind that makes Burt Gummer look like a Quaker).

      The sys-admin set up our CompSci server to log every command every user had made (lastcomm services). So one night, one student is waiting for the others in the group project team to arrive. Rather than constantly running between labs, he simply writes a shell script:


      while 1
      do
      who
      sleep 10
      done

      Harmless enough? After about 2-3 hours of use, the entire /var partition has been completely filled, which now jams the /var/spool print queue. A postgrad student attempting to laser-print a section of his Ph.D project finds that he can't, and in order to gather evidence against this denial of service attack prints the entire contents of the 'acct' file.

      Which burned up two large boxes of line printer paper. Needless to say, the sys-admin was furious and makes the student sign a form requiring him never to run an infinite-loop script without permission again.

      --
      Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
    4. Re:Yeah... and? by Anonymous+Brave+Guy · · Score: 3, Funny
      Well since you asked, we have some cretin in the UK who is suing his university after they kicked him out for plagiarising his entire coursework.

      I thought the fantastic thing about that case -- assuming it's the same one I remember -- was that he was kicked out about two weeks before graduation, and was claiming that they should have detected his plagiarism earlier and thrown him out then, rather than ripping him off for three years' worth of fees first. Hey, at least if he flunks that course, with arguments like that he'll have a great career as lawyer.

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
    5. Re:Yeah... and? by julesh · · Score: 2, Funny

      I got thrown out of the school library for taking the mice apart to clean the balls.

      Of course, once people saw me doing that, everyone started taking the balls out and throwing them at each other...

    6. Re:Yeah... and? by The+Grassy+Knoll · · Score: 4, Funny

      "When i was at collage"

      Art collage, presumably? ;-)

      --
      They will never know the simple pleasure of a monkey knife fight
    7. Re:Yeah... and? by lordmage · · Score: 2, Funny

      Hacking and geting a setuid bash is easy. Ahh the stories we can tell from our days.. keystroke loggers, replacing ls, intercepting Chats.. making GIF do what we need.

      Darnit, got me all misty eyed.

      The real trick was that one student hacked the system and his reward? He got to become System Administrator.

      Universities encourage exploration. Thats the great thing.

      --
      I can program myself out of a Hello World Contest!!
    8. Re:Yeah... and? by mek2600 · · Score: 2, Funny

      I got an A for it. Not that the teacher was aware of the fact, though.

  2. these people will be in charge someday by unbiasedbystander · · Score: 1, Funny

    These are the future leaders of the world. Don't forget it.

  3. "How I Rooted Oxford University" by aardvarko · · Score: 5, Funny

    ... a.k.a. A Beginner's Guide to tcpdump and ettercap

  4. 500 pound fine? by Anonymous Coward · · Score: 5, Funny

    Now that is a heavy fine.

    1. Re:500 pound fine? by nacturation · · Score: 4, Funny

      Now that is a heavy fine.

      In Oxford, they call it the "Sisyphus Punishment".

      --
      Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
    2. Re:500 pound fine? by Brandybuck · · Score: 5, Funny

      In Oxford, they call it the "Sisyphus Punishment".

      For those of you that want to Cambridge this is a reference to rolling a heavy stone uphill over and over.

      --
      Don't blame me, I didn't vote for either of them!
    3. Re:500 pound fine? by martinX · · Score: 5, Funny

      Once the UK goes REALLY metric, it will be a 226.7962 kg fine.

      --
      When they came for the communists, I said "He's next door. Take him away. Goddam commies."
    4. Re:500 pound fine? by Anonymous Coward · · Score: 5, Funny

      Those of us who attended Cambridge can actually spell "went".

  5. kebabs and bon jovi by lovecult · · Score: 5, Funny
    ...spurred on by Bon Jovi's Livin' on Prayer, they did more research

    They should be damn well "rusticated" for their tast in music alone!

  6. Re:*Yawn* by atlantis191 · · Score: 5, Funny

    Forgot one:

    SCO sues B

  7. Re:Are there any adults in the house? by pbox · · Score: 5, Funny

    Well, it's still better than here in the US. This would most definitely end up being a clear-cut terrorism case. These two guys would already be working on their tan in Gitmo. In about 3-5 years after a lengthy legal process involving the US Superior Court, they will be allowed to proceed with their legal defense, which of course will be completely torpedoed by the fact that the prosecution will introduce any and all evidence as "top secret", so the defense team will not be able to counter any of them. They will serve 30 years, in solitary confinement.

    --
    Code poet, espresso fiend, starter upper.
  8. Yes, do call the Coppers, but.. by saskboy · · Score: 2, Funny

    But the police should be called, and when they see how lax the university was at keeping sensitive information private, they should file charges against Oxford too.

    Then they can put Oxford Hack in the dictionary:
    Someone who tattles, and gets in trouble too because of their guilt in the incident.

    --
    Saskboy's blog is good. 9 out of 10 dentists agree.
  9. Re:Mod Parent Down by erick99 · · Score: 4, Funny
    My gosh - the folks here who rabidly espouse the need for public outting of information all post anonymously.

    Erick

    --
    http://www.busyweather.com/
  10. It's college, right? by empaler · · Score: 5, Funny

    They also have to learn that it doesn't pay to go against the system... ;p

  11. We know how well that works with administrations by Anonymous Coward · · Score: 1, Funny

    The FBI had been informed about both the first and the second WTC attacks, but didn't do shit to stop them.
    If it had been more widely publicized after the first WTC attack, then maybe they would have done something to prevent the second.

  12. 500 pound fine... by the-build-chicken · · Score: 5, Funny

    It was later recorded by the university database that not only did they promptly pay the find, they _overpaid_ by almost 2000 pounds. Of course, a refund was issued instantly.

    Couldn't figure out why they were snickering though?

  13. Re: Lets be scientific about this... by Anonymous Coward · · Score: 1, Funny

    "A monkey could do it with the right software."

    As an unemployed Unix Administrator currently working in a Zoo to pay the rent I can put this to the test.

    Situation:
    Pentium 3 750mhz, Knoppix boot CD, unswitched network, plain text protocols running over network, 3 Columbus Lemur Monkeys.

    Test 1 Monkey sat infront of screen and left to own devices.
    Result 1 Neither monkey acheives much, taking no interest in the screen.

    Test 2 Console opened, "ethereal" typed in as hint, monkey sat infront of screen.
    Result 2 Again monkeys take little interest, monkey 3 does paw at the screen for a few minutes. Monkey 1 is distracted by small child waving icecream in its face, result for monkey 1 discarded.

    Test 3 Ethereal opened, required options selected, bit of banana left on the enter key.
    Result 3 All monkeys successfully grab the banana, triggering the enter key, and starting the packet sniffing session, in each case all plain text data over the network is recorded - SUCCESS!

    So kids, as we've shown, a monkey is quite capable of doing this kind of hack. Now nobody is safe.

  14. Re:Are there any adults in the house? by bobbis.u · · Score: 2, Funny
    This never would have happened at Cambridge.

    We produce fine, upstanding journalists like Paxman.

  15. When you were at what? by Scratch-O-Matic · · Score: 4, Funny

    When i was at collage...

    And, um, which collage did you go to?

    --


    Evil is the money of root.
  16. Further quirks by LondonLawyer · · Score: 2, Funny

    If student rumour is correct, there's an unrepealed Oxford law by which Crusaders on their way to the Holy Land could stop by and pick up a degree. Apocryphally, students have tried to invoke this right and been turned down by the Proctors because they weren't wearing their swords when the claim was made.

    There is also meant to be a law still in force by which you can request a glass of sherry be brought to you during Finals exams. I don't know if anyone has had the balls to try it - it's exactly the sort of thing the Proctors find unamusing.

  17. Heh. by SatanicPuppy · · Score: 2, Funny

    The first college I went to had this poorly secured novell network running on an old Vax cluster.

    They had it set up so that, to use a computer, you logged in as the computer, instead of as a user. I found out that, if you logged a pc into the network, using a username meant for a Mac, and if that Mac were not already logged in, it would completely screw up your priviledges, and let you do many things normally reserved for "Administrator".

    Friend of mine wrote a batch script to send out an amusing system message once an hour. Unfortunately he didn't count zero correctly, and so the first one was an hour, but the second through 1000000th were somewhat quicker.

    The first I knew of it was when I walked into a computer lab and heard this symphony of "beepbeepbeepbeepbeep" and saw a couple lab techs ripping the cables and stuff off of this poor little Mac while screaming, "ITS UNPLUGGED! WHY IS IT STILL SENDING MESSAGES?!?!"

    --
    ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.