Slashdot Mirror
Student Logs Teachers Keystrokes
handy_vandal writes "A 16-year-old student has been charged with a misdemeanor for rigging a keystroke-recording device onto a teacher's computer. School district police received a tip from students that the boy was trying to sell answers to final exams. The District Attorney's Office has charged the teen with breach of computer information, a Class B misdemeanor punishable by a fine of up to $2,000 and up to 180 days in jail. This sort of thing has happened before. The problem is so pervasive that the GRE board has switched from computers back to paper and pencil."
Tell that to my old High School who bought everybody new iBooks, I know *alot* of places that same money could of been put to better use. No i'm not trying to rag on Apple here, the school has *alot* of things wrong with it and throwing computers out to everybody on their kind of budget was probably the stupidest thing they could of done.
Your hair look like poop, Bob! - Wanker.
She said the scheme was uncovered after authorities learned that the boy had attempted to sell the answers.He seems to have gotten caught because he was greedy. This brings up the question of how many kids have done this (use physical keystroke loggers) and have managed to get away with it. Do IT companies have any scheme to check for this sort of thing other than just locking up the physical case in the desk so the ports aren't reachable?
--
Free iPod? Try a free Mac Mini
Wired article as proof
Funny to see it on here now... A buddie and I wanted access to the (mac) computers at school, so we "tricked" a teacher into unlocking one of them for us...
We then installed a keylogger, which eventually gave us the password for the security program, FoolProof.
We eventually installed the program on quite a few computers, using it to check out people's email... was quite nifty, created some interesting gossip topics.
Probably wouldn't have done it if i knew i could be fined...
It's common knowledge that the kids are smarter than the teachers, computer-wise... but hasn't it always been that way?
;)
This is true. When I was in junior high in the early 90s, we had some basic computer course that involved filling out answers to some questions on a computer. I don't really remember that much about it now. But one day a bunch of us were in the lab and we found the teacher's disk, which had the answers to everything. We entered the disk and the program asked for a password. My friends were ready to give up. I thought for a moment and typed in "hello". It worked... first try. It was hilarious. My friends, most of whom hadn't used computers much by that time, thought I was some kind of serious hacker.
I guess this was a lot funnier in 1992. But the point is... I'm sure then, just like now, the teachers thought everything was secure. There's always someone who's going to prove them wrong.
I disagree, some keyloggers can be very discreet and look just like an adapter. Like this one... Unless the teacher is at least somewhat computer savvy, they will be none the wiser.
No, did you RTFA? The kid wasn't snooping on his teacher's information, he was using the information gained from the keylogging to post answers for other students. What he did was indeed illegal, and no, it isn't any need for yells of conspiracy. However, since no one has made a comment even related to tinfoil hats, your post was highly unnecessary. And since it was a post made without utilizing the information on the topic, it could be taken that you jumped to a conclusion without proper knowledge... sometimes referred to as a kneejerk reaction. Kind of hypocritical.
Mythos : Logos
I'm glad to see (just noticed it because of the reference in the summary) that the GRE board is going back to a pencil-and-paper method. I took the computer-based GRE about a year ago, and among other things, the computers, software, and lack or real security definitely made me nervous.
I don't know whether the testing machines were hooked up to the internet, but I suspect they were -- as a convenience for sending results and personal information. I doubt it was all stored locally. Even if it was, I doubt that info was cleared after each testing session -- waste of time, recordable media, laziness, etc. Each terminal could run various apps, some from CD's, depending on the particular test, so there was certainly some form of access to running apps.
The computers all appeared to be running Windows 98 or so, with custom GRE software. I have no idea whether the software itself had any holes (it seems likely), but it would probably be quite easy to install a keylogger on any of them, especially if one of the proctors wasn't totally honest, or didn't follow the rules to a T. I could have easily brought in a floppy or CD in my pocket, since the proctor never checked as he was supposed to. Heck, I could probably have brought in a calculator, a small dictionary, even a laptop if I was careful -- we were behind partial cubicle-like privacy walls, and when I leaned back I could see the proctor out in the office area reading a magazine the whole time.
Some of this would still be possible with a paper-and-pencil test. However, given that proctors (in general -- no offense to the good ones out there) will probably always be lazy, removing the computers is a good idea.
Well, the school in the town where I live (not where I went to High School) spent over 6 million dollars on revamping their football field. I played High School football and it was some my most memorable times, but it didn't help me all that much professionally. I mean, I learned as much teamwork on the QuizBowl team (yes I was a nerd who played sports). And it's not like High Schools have Nike or Reebok lining up for sponsorships to pay for those stadiums. That came out of tax dollars.
I would rather they spent that money on iBooks than a football field. Or God forbid they just lower taxes and not buy anything...
He who questions training, only trains himself at asking questions. -- The Sphinx, Mystery Men
When I was in the 8th grade, I got stuck in both a typing course and "Technology education." The computers were Apple IIe's and 8086's (dated but not REALLY old -- I had a shiny new 286!).
Every friday in typing course we got to play lemonaide stand and whoever got the highest score got a candybar. The highest score ever was like 5000$. The game was written in basic, so I changed the score print line to print score+1000000. We liked to play it cool, so we kept playing the game like normal until some kid walked up behind us, saw the score, them promptly flipped out.
We also got a program that made letters in text mode fall off the screen. It was funny as hell and everyone just assumed the computer had a virus.
I also brought a bunch of games for the tech ed class to play. However, altruism has its price. I wrote a program that displayed some choice words about the teacher, but only once every 50 times the game was loaded. We also put it on most of the schools disks. We had intended it to go off sometime after we were long gone from that class. But we grossly misestimated the ammount of useage the programs got, and two weeks later we were banned from using pretty much anything with electricity :)
When I got to highschool, the library computers were locked down tight, they had a menu program that was pretty secure. So I brought a boot disk, stole the menu program (I had intended to find a security hole in it). Never did find a hole -- but I attached a TSR program TO the menu program, then used a bootdisk to insrt a script which activated the altered menu program after the NEXT reboot (so I would be long gone by the time the payload hit). The TSR I attached made the computer "sing" a song. You have to imagine this was in the days where computers didnt even have SOUND CARDS. And this one was warbling this godawful tune (sampled audio) out its pc speaker.
All the kids in the school knew I did it, but I didn't get offically caught... But I was kicked out of the library for the entire year in another incident altogether which didn't involve a computer :)
Religion is a gateway psychosis. -- Dave Foley
IMHO only half the blame falls on the student.
Yes he should be prosecuted, yes he commited a crime, no it's not ethical, no it's not right.
But if I was a parent in that school district, I'd be very concerned. That is a great example of the security in that district. Why not install that on the Nurse's computer? Get some medical info.
If the workstations are that insecure, imagine how the servers with student information are. Workstations are pretty easy to make safe these days for a good admin.
IMHO they should fire whom ever is in charge of network security. They OBVIOUSLY did not perform their job. If a student was able to install a key logger, the computer wasn't secure. No user (except an admin) should be able to do so. There's no excuse for that lax security.
If I were a parent in that school district, I'd demand that they fire the individual(s) in charge of IT, and look for someone who knows 1 or 2 things about security.
Sorry, but just imagine what someone who wants to do evil could do if security is that lax. He just wanted some test questions. Imagine someone who wants records from the nurses office, wants to alter another students grades, etc. etc.
Seems that when I normally hear about incidents even less severe than this -- for example, a student sending out a popup window with the NET SEND command -- the consequences are far more more harsh. Expulsion, possible felony charges... ...where is sane thinking actually prevailing in this country?
STOP MISUSING APOSTROPHES, YOU MORONS!!!
The GRE has hardly switched from computer based testing to pencil and paper. They switched a few overseas regions back two or three years ago, but I'm not sure that change was permanent.
In the US, as of 2004, the test was still given on PCs running Windows 98.
Where is the controversy or violation of rights here? This is simply news. The kid did something that is clearly, blatantly wrong; there is no gray area or justification or defense. He got caught and should face the consequences.
Nonsense. Just like chalkboards, whiteboards, calculators and all the other tools that are used to enhance learning, computers can have their place if properly integrated.
For example, imagine in a calculus class that is very large that students are working a problem out on a touch screen tablet PC. A teacher could work more efficiently if she could have an interactive terminal session and show where in the problem solving the student went wrong or give hints. Instead of having to walk back and forth to each student, the teacher could quickly jump back and forth from screen to screen from their desk. Sounds dumb until you realize that the teacher would have more energy throughout the day to help students better.
There could be many more examples, this is just one. Jsut because you lack the foresight to see how computers in the classroom could be good doesn't mean they couldn't be.
I'm really not sure why people think they have a right to privacy when at work, working on their employeer's computer.
"Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
I'm in a multivariable calculus and linear algebra class, and the teacher uses a combination of laptop, LCD projector, calculator projector, and overhead projector to the class's advantage every day. He has problems and explanations queued up on a powerpoint, and then works them out on the overhead, occasionally showing us syntax and things on the calculator. This is very helpful and has never detracted from my learning experience. As far as computers in the classroom go, they are also very helpful to the learning environment. Teachers do grades and attendance electronically, which expedites the process considerably. They can also easily distribute documents by posting them in an "info" folder accessable by their students on other computers in the school, and can collect files from those students in a "drop" folder. They even subscribe to a service that lets teachers check papers for plagerism. I have never seen a student try to changes grades with this system (though some have messed up the network a couple times).
The greatest problems that have arisen from computers in the classroom are those that stem from network downtime - teachers can't get as much done, and neither can students. Unfortunately, the IT department is not terribly adept (someone plugged a cat5 cable into two different network jacks, and it took down the entire network for a weekend). Computers in the classroom definitley augment, not detract from, kids' education.
Reminds me of HS. I never did anything nefarious with the faculty computers. They knew I was interested in the things, however, so quenched my thirst by having me install the new network and grading software on the faculty machines. (This was back in 1990 or so, on an Apple LocalTalk network.) I did it as an after school job, and got paid. And yes, it quenched my thirst for curiousity. Best yet, they reminded me that "now that we got you to install it, if anything happens, you'll be the first to get blame. So don't crack it, and stop anyone that might. YOU will get the heat either way." Oh shit. Later that year some dork that was barely smart enough to edit a DOS batch file did some text editing, and got all the boot disks (yes, we still used DOS 2.11 in 1990!) to display a rather nefarious message. I don't think it was fair, but I was hunted down first and told "you're guilty until proven innocent." Well, it was pretty easy to prove that it was just a batch file prank, there was no damage, and I wouldn't do something so low-tech in the first place. I DID hunt down the guilty party, but rather than turning him over to the teachers, I decided I would excercise my own brand of vigilantism for causing ME the trouble.
:-)
15 years later, I'm now a network engineer exclusively working on secure designs. I guess school really did have an effect on my future.
Once had a lecturer (in Networking) who said in the first lecture every year, that if anyone hacked into his network, they would recieve an automatic High Distinction, even if they didn't do the test or attend a lecture. AFAIK no-one ever managed it (though I'm not sure anyone ever bothered to attempt it).
In my senior year of high school, the school I went to implemented a pilot program called, "Anytime, Anywhere Learning." It was some sort of thing done by Microsoft and Toshiba where we were supposed to learn with laptops.
Apparently, the plan was that giving kids computers and having them use them in class would lead to instant learning.
I will say that we did learn a lot. I learned how to pierce firewalls, how to tunnel traffic through firewalls, and how to spend my days downloading MP3s and chatting with classmates rather than listening to lectures.
The teachers, for their part, learned to tell us to keep the laptops in their bags. They also learned that there are about eight million things you can do with a chalkboard that you can't do with PowerPoint, and that the things you can do on both take less effort on a blackboard if you take the time to prepare a set of real lecture notes. They learned that there are a lot of things you can do with textbooks that you can't do with webpages, and they learned that if you let kids use webpages as sources for papers, you're going to get a lot of really crappy papers. They learned that it's impossible for the students to take good notes on a laptop from the moment the lectures start involving diagrams, and it's never possible to take good notes on a laptop in a math class. They learned that there are 8,542 ways to break a laptop, and a pack of 64 students are perfectly capable of finding all of them in less than two weeks.
All in all, they learned that putting a computer on every desk makes about as much sense as putting a TV on every desk.
The network login we had was some version of Novell Netware. I just made a program that looked like it in BASIC and ran it from DOS-PROMPT. After an attemptive login, I would just make it freeze there, like the computers would sometime do; they'd reboot and lauch the regular one. After I got a teacher's password whose accounts had administrator status(or were able to make new users who had admin status, one of those two), then me and my friends made new accounts and we could install games on them, just stupid stuff, we were like 11 and 12. We got caught because my one idiot friend saved a poem assignment he wrote on one of the admin accounts he made so he could print it later. When the admin came around from the central office for the school board to do whatever maintenance, it was all found out. I got fingered in the scheme by my friend, but I was a much better social hacker than computer hacker and just lied and convinced my way of the situation, even though I was the main culprit.
I remember my teacher asking the whole class for a show of hands, "who knew that this was going on?" and over half the class raised their hands. Anyway, goes to show, you can only trust yourself. Or, maybe, perform better network security so 11 year olds aren't able to bring it down.
I note that I haven't kept up my deviant ways, in fact, I haven't kept up my computer ways, I've only got university Programming I, which is to say I don't have anything.
I remember back when they first starting locking down the computers in the library at my HS I did something simillar to what you're talking about. I got rather annoyed at the time because I had been using the library machines to some coding and now couldnt, so I set out to break the protection.
Some of the things the admin did were rather amusing, like the fact that the original protection locked the machine down, but didnt lock you out of the autoexec.bat file, where it was called. So to disable, simply erase the program call in the autoexec and reboot (part of the problem was that our admin had very little experiance with windows in the beginning, knowing mac and unix far better). anyway, this went on and on, I would break the protection (usually leaving a message and description of how I did it in some log file or another) and the admin would put new protection on the machines. You should see those mahines now, locked down tighter'n fort knox.
Once I got a laptop I stopped doing this. Its ironic actually, at the time our admin hated me with a passion (she knew it was me, but could never prove it). Now everytime I visit my HS I drop by her office, hang-out for a while, and talk shop.
"goodbye and hello, as always" ~Prince Corwin, from Zelazny's Amber series
I was an admin at a high school for a year. Some of the fun things I discovered...
I'm sure I found keystroke loggers on a few lab machines. Reimage time.
VNC made it on to the master image. Discovered it as midterm marks were being inputted on the same machines. Of course, there is a paper verification, but still, I had 4 labs of compromised machines with no trusted image.
Caught a student once logging into a teacher area while reviewing the logs. How? He used his own user id, in a place where students don't have access. Instant visit to the administration and a suspension. I had no problem with keeping him locked out for the rest of the year, but I was overruled. Obviously not the brightest... use someone else's account!
Students loved creating shortcuts to the C drive. My daily "shortcut scan" took care of those. 24 hour lockout.
The IT department was either overworked/underpaid, or not actively monitoring things. Students downloaded fun things like kazaa, morpheus, winmx, etc plus associated spyware (before I knew what it was). Yet the board firewall blocked outgoing ssh, so I couldn't update the school's web site from within the building.
Image was broken so students couldn't change their password. So, they wrote down their user id's and assigned alpha-numeric passwords. Of course, that left no accountability ("I didn't download that!")
Teachers were also a part of the problem. I immediately forced everyone's password to expire when I discovered the security problem. I had to reset half of them to "password" with the "do not expire password" flag. No matter how many times I explained why they needed a secure password (it only takes one teacher password to compromise ALL the marks, for example).
I also would have liked to set better lockout policies, including a 1 concurrent login policy. Teachers tended to let students share accounts, instead of sending them to me for a password reset. In some cases, students were already locked out for violations, and the teachers let them "borrow" another student's account!
I had control of my own machine, and I had a group policy denying all student logins on it. I wish I could have set it on the teacher workstations though. I didn't trust some of the teachers to not let students log in on those machines. 1 logger and we're back to the beginning.
One of the IT people said it best. The average demographic of a hacker is a 14-18 year old male. That described half of my students.
I use Macs to up my productivity, so up yours Microsoft!
A 16-year-old student has been charged with a misdemeanor for rigging a keystroke-recording device onto a teacher's computer.
While what this kid did was stupid, the fact remains that he is, a kid. Based on the tone of the article, it seems that he is being charged as an adult. You may argue that he had full comprehension of his actions when he did it, but, if you want to charge him as an adult, then we should afford him all of the benefits of adulthood, including voting, but I digress.
I was a total ass and thought I could get away with a lot when I was still in high school. I know that I was wrong, but it's not something I realized at the time. Think what would have happened to you if you were a) caught, and b) charged as an adult for the goofy things you did when you were in high school.
Back in 1994 when I was a junior in high school, I installed keylogger software of my own design on several public terminals at my high school. Passwords piled up and soon I was exploring all sorts of interesting systems with administrative access. Not that I did anything illegal or even really immoral -- just poked around for the most part and read lots of boring email. I finally got caught when I tried to install an IRC server on the school's Internet-connected Unix box, which raised all sorts of red flags with the admin. I got suspended for a day. I can't help but think that, ten years later, the tenor of the times encourages far more zealous prosecution of similarly minor misdeeds.
Well, second to last for seniors and everyone else had a few more weeks. A week before, I had done my usual stuff at lunch, going to the library and looking thru the school's computers to see if I could find anything interesting, and boy, did I ever.
I found payroll data on *every* employee of the school district, which, in itself, was a major screw up on the school's part. It wasn't hard to find this, either. I just went thru the list of computers in the school district's domain and checked what was public in interestingly-named computers. However, I found something much cooler later on... the school's web server.
Not only did I find evidence of the web server being hacked (anti-Israel propoganda, various racist images), but I also found that the school's website's files were unprotected! Idiots. So I altered the announcements and put "Hi, from DJ Hirko" at the bottom, along with a picture of Nitz from Undergrads. I didn't get in trouble for it, not sure why.
And just to make this even longer, let me regale you with the story of THE LOCAL ADMINISTRATOR PASSWORD (DUN DUN DUN). A friend of a friend had brute forced the local admin password, and since all the machines are the same ghosted image, he had the local admin password for every computer in the school. It slowly spread and eventually someone got caught using it. He ratted and it got back to my friend of a friend and they threatened him with expulsion and jail time. They eventually settled for a 5 day suspension, but it was still bullshit.
Come graduation day, one of my friends brought bright green neon letters that spelled out the local admin password. He smuggled the letters inside the graduation and we taped them to our hats. We held our heads so that everyone behind us, including all the parents and media, could easily see what was on our hats. We also got a picture of us (with the letters on our hats) in the paper, but they didn't know what it was.
So, Nashua School District, one word for you, upandn101.
Wheel in the sky keeps on turnin'.
I suppose it's for the best, I would have been bored and slacked off in the class anyway.
As it was, I discovered how to get the computer to allocate me raw memory without zeroing it out first, so I would print off giant sections of raw data, take them home and look for login IDs and the strings that inevitably followed them. Got lots of regular logins and even a few admin logins that way.
John
To expand on the parent's information:
:-D Just like they get huge amounts of money for sports from Coke or Pepsi (whoever has 'pouring rights' for the district). The facts are that school districts get so little money from taxes (write your governor) that they have to (or are happy to) take money from whomever is willing regardless of the agenda being pushed, whether it's Microsoft and their settlement requirements or the junk food pushers.
In educational deals like this, remember that the cost for each iBook is somewhere between $275 and $500. School systems get great bang for the buck with technology grants and the like -- they aren't even necessarily tax payer funded.
Read Heinlein's 1953 Revolt in 2100, now more than ever.
I myself did some stupid mischeif in my day...
:-P
When I was in Jr. High, my school got a grant or a donation or something, and ended up getting a computer in every classroom - a Mac (the iMac before the iMac... PPC 603-based all-in-one performa thingy)
It was my joy at the time, to collect Mac viruses. I would infect a copy of TextEdit or something, put it on a disk, and then clean my system. I knew what most of these viruses did, due to the virus program detecting them...
There was one in particular that was a piece of MDEF resource code, it made it so when you clicked a menu in any program, it would only pull-down like half the time, and when it did, the menu was blank -- you had to scroll your mouse over the items to make them show up. It was annoying, but most people just continued to use their system. It would spread to any other running apps, so it didn't take long for this to infect several computers on the campus. I never confessed to it, just quietly enjoyed making a bad week for the resident computer-dude.
A friend and I also used a program called DisEase to circumvent At-Ease (Apple's old restricted launch environment) in the computer labs. Once breaking in, a copy of the "Finder" file was created, and altered with ResEdit to change its file type to an application. This way, when it was discovered that we were getting through the system by running nasty applications from our own media, and that feature was disabled, we were still able to open documents with the CREATOR attribute set to our finder-application, and viola, full access to the system. System 7 was fun.
And who can forget my first programming experience: writing the following program and running it simultaniously on every Apple ][ system in the library, and leaving. Oh the poor librarian....
10 FOR I = 1 TO 1000
20 PRINT
30 NEXT I
40 PRINT "^G HACK THE PLANET!"
50 GOTO 40
It took a while for those slow computers to iterate 1000 times, which gave us time to make our get-away. Then they'd all go on infinte loop of childish messages accompanied by a system bell/beep.
Never did much in High School, as I had no laptop to run a sniffer when the counselor telnetted into the scheduling system to change my classes. I had the knowledge, and the intent, but lacked the means. Oh what a senior prank that could have been!
My senior year of high school I had just gotten a flashy new 256mB USB drive. While it had it's nerd value and was greta for moviing files from my friends broadband to my 56k connected home. I had never had a real reason to love it. Then AP Physics came along...
.pdf with all the answers to the chapter, and not just that full blown solutions. Never in my life have I cheated on a large scale such as this but...who wouldn't have? The PC was in the back room, and he had no way of seeing me. Within a week he became comfortable with me regularly using the PC for extended periods, which, after I recieved the files became a fun game time.
So I was sitting in my self study class while the teacher taught regular Physics. I asked a question and he reffered me to his computer. I'm thinking ok, there must be some sort of helpful software.
He then preceded to open some folders and boom, a
He never found out, and I never did homework again. I looked for tests but they were all outdated. I did manage to find house and phone numbes of a class that graduated 2 years before me. Dunno why he had that one.
There was a lab that I used to hang out in. Being one of the few geeks in the school, I pretty much had run of the place. The teacher who oversaw the lab encouraged creativity and ingenuity. Sometimes he'd get pissed with something I did, but in those cases I just fixed it and moved on. This kind of activity, over a year or so, ended up earning his trust as I would also fix the odd problems with windows/autocad and such that would crop up.
:)
Eventually I became the de-facto admin for that entire lab. During my required study period he would give me a pass to hang out in his lab--sometimes even when other classes were in there. Talk about heaven. I had the run of a computer lab that was networked. It was like being a king.
Around my junior year or so, they replaced the computers in the lab (aging 386/486 era machines with DOS, mostly) with shiny new Pentiums running Windows. For a few months they were basically just open and normal Windows machines. I think they even had Internet access. This was, of course, a total disaster. The net was new, then. People didn't have it at home. They downloaded anything and everything. Porn, viruses, music, etc.
The result was a *cough* admin *cough* who ended up being the room almost everyday for awhile. He would spend his time poking around in control panels and "fixing" the computers. Eventually be must have gotten sick of that because they hired a local consulting company to come in to secure them all. Pretty soon the whole place was all passworded up with all these layers of cheap third party locks, etc.
I broke all of them--with full (unofficial) support of the teacher who taught in the room. They had tried to lock the systems down so much that half his programs wouldn't work right anymore. He had endless problems with students just trying to save their completed CAD drawings. I made a lot of those problems go away by circumventing the security, showing him how, and then giving him pointers to try to minimize the visibility of the hole so that other kids and the admin dude wouldn't find it. Not perfect, but it helped.
After some time of this the teacher pulled me aside one day and tells me in a reasonably loud-so-that-others-near-by-can-hear voice that I need to be careful because Mr. Admin is getting pissed that someone keeps getting into his system and he's going to try for suspension of that person when he is caught. Of course nearly every one of his students knew it was me--but they weren't talking. I had helped them all out of jams at some point or other. So after doing the public speech, he later pulls me aside in private and says, "Hey, keep doing what you're doing. I'll make sure they don't do anything to you. Those bastards are making my life such a living hell and they won't listen to my needs that I've given up trying to deal with them. You at least make it possible for me to teach my classes."
So of course after the next round of "security upgrades" I was once again on the job. Eventually I figured the way into the system and changed all the screen savers to be the marquee one and had it read, "Ha ha! I got in Mr. Security Guy!" Hoo boy did the shit hit the fan. I was shielded from it, but the teacher just loved it. The admin dude was pissed. The consulting guy was there almost everyday for like 2 weeks. My teacher would just smile and nod. Eventually they locked it down pretty heavily, but by this point I was a senior and I was graduating early and was out of there.
Those were some good times. Seriously, though, I swear that in this day and age I'd be arrested for information terrorism or some such bullshit. Sure, I made life somewhat difficult for an admin or two, but they brought a lot of it on themselves. They had tried to lock the computers down so much so as to make them almost useless as a teaching tool. And of course Windows itself was so prone to holes, viruses, and other crap that it only made the problem worse. I sure did learn a lot, though. After all, isn't that what school is supposed to be for?
Hexy - a strategy game for iPhone/iPod Touch
In my highschool (1986-1992) the teachers used computers for all this stuff. But at least they gort a clue about security. So the teachers had computers, in a seperate locked room, on a seperate network. Even the electricity didn't go on without a key. The only way you could tamper with that was to steal the server at night, take it home, tamper with it, and return it the same night.
Yeah, very similar stories here... Got to "high school" aged 13 (weird school system where I grew up), and within a year a friend and I had admin accounts on the RM Nimbus (RMNet) Win3.1 network. Within another six months we were actually maintaining the network, (after we watched the "Head of IT" sit and stare at an autoexec.bat file for over half an hour, then solved the problem for him in thirty seconds from another terminal). Eventually we were just solving problems before the IT guy even noticed them (all, of course, unofficially - the Powers That Be would have had the screaming hairy ab-dabs at the thought of the access we had, and did, whenever they found out).
Highlights included:
The Head of IT had a deal with RMNet (the Nimbus ISP that offered cheap rates to educational insitutions) - in return for cheap hosting, he had to look for and report any porn sites he could access so they could be added to the blacklist (still a bit suspicious about that...).
Anyway, the Head of IT used to sit on the only machine with a modem (for hour or two every morning before school), surfing for porn/credit card/warez sites sites, recording the URLs and reporting them to RMNet. The only problem was... he'd never heard of a browser cache.
We actually had friends who'd come in at lunchtime, copy the cache full of porn onto disk and sell it to the other kids for a couple of pounds a time.
Everything in moderation, including moderation itself
I'd be first to agree that US schools are bullshit. But buying a keystroke logger is hardly creative nor does it stimulate intellectual development. It was not an attempt to point out the hypocrisy of a corrupt system nor a protest on kid's privacy rights. It's about a kid to logged what a teacher typed and found a midterm in the log and attempted to make a buck off it. There are no moral or ethical grounds for doing so. Now you can get on your soap box and talking about ignorance and fear of technology no one understands result in a punishment far and beyond a crime that was committed. You can also comment on a system that rewards a narc rather then individuals making their own choice.
If you think jail is more oppressive than high school then you are on crack. Law enforcement is filled with people who have such big egos and no self estime they use control to make them selves feel better at other's expence. Jail results in one thing... educating to make a better criminal. Next time this kid will know better... don't fess up to the cops and get a fucking lawyer. Cops... even the good ones... are out to screw you and make their job easier by stomping on your rights.
When my HS put new security software on their computers I got around it with a bit of social engineering. I created a fake company email address and emailed the creators of the software. I told them that I was interested in how to temporarily disable their software without shutting off the computer because we used the software at my business and I occassionally needed to bypass the security. They told me a back door. Simple as that.
Full-Featured GPL Web Hosting Control Panel
What lesson did this teacher learn?
"Do not store exam answers on PC" ?
"Do not trust any of your students" ?
"Call the Police in cases of Computer Security" ?
"Your students are smarter then you" ?
What would you have liked them to learn ?
b3 4phr41d 0f my 4bov3-4v3r4g3 c0mpu73r kn0wI3dg3!
MadDwarf
I can tell you how much physical security can hurt a network from experience, in college I took a computer security corse, in which my main paper was on Windows XP security (or lack thereof). After doing research and all I became highly interested in it, and of corse being college students we decided to see how far we could get into our college's network. It started off with me simply rebooting a network computer with a DOS boot disk with NTFS reading capabilites, from there I stole the sam file, and ran it into l0phtcrack. Now l0phtcrack takes a long time to run completely (give or take 2 months on an athlon xp 1900+). I then came across a simple program that looked like the windows 2k lock screen, so we set that up and used some social engineering skills to trick a student aid into "unlocking" the computer for us. Now in the end I would have been able to crack the password anyways, since I had access to the bios settings, but I ask how can a college stop something from this from happening? After all student aids may need those privledges depending upon what they are assigned to do.
so if they put the teachers on powerbooks running OSX this would not happen so easily.
That's security through obscurity. There are plenty of key loggers available for Mac OS X.
The Kids in school have much higher knowlege of the computers than the entire staff put together, It's an arms race that the schools will continue to lose until the boards pull their heads out of their asses and hire competent IT professionals at wage levels that ATTRACT competent IT professionals.
Why should the school district bother with IT? There are many, many, many more worthwhile things to spend money on.
I am computer professional, and I volunteer at a school. When the principle asked what they could do to get more bang for their IT buck, I suggested getting rid of all the computers, all of the computer classes, all of the network/equipment and spending the money on something worthwhile.
She thought I was kidding at first. I told if she did that I'd volunteer to setup a standalone network in a disused classroom and give after hours classes in LOGO or whatnot.
While employed at a previous employer, I had to maintain a sales program. Personally, I hated the sales managers, they were pompous arrogant pinheads who thought they were the shit.
On my last day there, after I had accepted a new job in a better company, I "modified" the sales program a bit:
Every 15 minutes, the program would freeze and a window would pop up saying "Please insert 25 cents to continue."
Needless to say, this gag did not go over very well with the sales teams. Oh, did I forget to tell everyone that you can disable this popup by pressing the letter "Z"? Sorry, I totally forgot that.
- Just my $0.02, take with a grain of salt, your mileage may vary.
yep - programmer key (and then typing 'finder g') interupt got around it, as did an OS bootable zip drive hooked to the SCSI chain (cmd-opt-shift-esc) or pressing 'c' with an OS CD in the drive. On older macs, it was just command-esc or command-del to enter debug mode because there was no programmer key. I think early versions of At Ease could be bypassed by holding down the shift key at start or by using force quit (cmd-.), but those two workarounds didn't last for long.
In college I faced a similar but a bit different of a problem - Foolproof and nightly restore from disk images. Our mac lab head and lead lab attendant were both very smart mac users (the lab lead wrote a very popular graphical game called MacTrek [not the text game], but was forced to destroy it and all copies and source when Paramount sued him and he lost) and pulled the programmer and reset keys off, though I found I could still hit either with a well aimed paperclip... but that didn't disable foolproof like it did At-Ease. At about that time, I discovered the magical command-option-shift-delete would boot to the next available drive, not the hard disk. With an OS installed mac image on a Zip disk, I was able to bypass and remove programs... At first, I just disabled the image restore program, but the sys-admins were savvy, and quickly discovered my transgression and reinstalled the software, wiping my game folder... I needed something more. They had discovered that I hacked in, but not how I had hacked in, so I continued with my deviant ways... With some playing around with folder flags, I found one that wouldn't allow the folder to be deleted by the restore software (mark as a system folder, I think). I also found the program wouldn't erase anything contained in this protected folder, though I don't know why - maybe they thought that since foolproof wouldn't let you open the system folder, there was no need to clean it up, maybe it was a flaw in the restore program - I never did find out.
I installed a directory with games having no icon and the name " " (space). You couldn't see it unless you rectangle drag highlighted it, and needed to click the space to launch it, since I erased its icon mask to make it harder to see. I then shoved it in a place nobody would look - something under Utilities, but I forget. Later, when I was a bit more mac savvy myself, I wrote a little extension I called unfoolproof (not to be mistaken for the program by the same name) that would not load the foolproof extension if I held down the u key at boot (it was actually named something innocuous like ISO9660VolumeMount and didn't display an extension icon).
Well, this is exactly why most school systems allow for students to take AP or other courses at community colleges.
Really? Wasn't an option when I was in school. Isn't an option in the city where I am now. Where it has been an option, it was discouraged. You make it sound common and easy (not for the material, but to get in). That is not my experience.
So, I know in the last 18 years this has had to spread because every university I've worked with has had something like this.
Ah, that's different. When I was in school, I couldn't go to the high school and get permission to take a college course. They flat out told me that if I took the class, I couldn't get credit. I took the class anyway. The university was more than happy to put me through the class, give me a grade, and give me paperwork to show to the school to get credit. Of course, the school still didn't give me credit. After I re-took the class in high school (with an easy A), I eventually talked to someone else in the district who did manage to get me credit, so I had credit twice in high school for Physics and Calculus (and since you can't count the same class twice, did me no good). So, the university willing to take high schoolers and give them credit that should count in high school is completely independent of whether the school district has a program that encourages students to leave and take college classes.
Learn to love Alaska
Back in the early to mid 1980's when I was in H.S., I was over at the Radio Shack in one of the malls back in Indiana - Glendale in Indpls. At the time, Radio Shack was in the basement (Galleria).
I went into the store and happen to see a kid I knew from school. We were looking at stuff and came upon a TRS-80 (Trash 80) with a voice synth cartridge. We played with the computer and found that it had a bad memory chip. I wrote some basic statements that mentioned something like "This computer is fried". It was written in such a way that it would excercise all of the memory.
I then executed the program and the woman manager nearby thought it was not funny. She came up to me and said that I was to leave the store immediately and I asked her why. She said don't question me, get out now, this is the end of discussion and again ordered me to leave or else, she would call security to have me arrested. There were a few customers and I yelled to make sure the customers would overhear. What I yelled is, "Your store sucks and you put out broken stuff to demo which is very lame." The manager got real angry and told me to follow her to her office. I then said, "F*** you" and walked away. She threatened to call security to have me arrested if I did not follow her orders and I called her bluff by walking away and told her "kiss my @$$, try and do it." I then proceeded to go upstairs and then leave the mall to go to my car.
A few years later after I graduated from College (5 or 6 years after the incident), I ended up working with a guy who I remains friends with to this day. He worked in that Radio Shack at the time this woman worked there. I mentioned to him the incident I had with her. He didn't have much to say about her. He mentioned that she had no sense of humor. We laughed about it. On the kid I saw there that day, we talked a little bit about it but that was it.
If this happened today, I am sure I would have been in a lot more hot water especially with our zero tolerance laws / rules & regs, Patriot Act.
Keywords for Search : Radio Shack, Glendale, Indianapolis, Indiana