Slashdot Mirror
Student Logs Teachers Keystrokes
handy_vandal writes "A 16-year-old student has been charged with a misdemeanor for rigging a keystroke-recording device onto a teacher's computer. School district police received a tip from students that the boy was trying to sell answers to final exams. The District Attorney's Office has charged the teen with breach of computer information, a Class B misdemeanor punishable by a fine of up to $2,000 and up to 180 days in jail. This sort of thing has happened before. The problem is so pervasive that the GRE board has switched from computers back to paper and pencil."
Sometimes even the teachers need to be taught a lesson.
time is a perception of a being's consciousness
time is your 6th sense, the wierd ones are 7+
My wife just started teaching 9th and 10th grade high school math. I gave her a little crash course on basic computer security (including watching out for keyloggers!)
It's common knowledge that the kids are smarter than the teachers, computer-wise... but hasn't it always been that way?
Most people I meet don't necessarily think computer security is a problem past virii and adware -- and it shouldn't necessarily be their problem, it requires better design. But could their be a lesson here as to the importance of real-life, practical security needs?
Every computer added to a classroom is another nail in the coffin of modern teaching. There is nothing added by adding a computer, but much is taken away.
Computers ought to remain in "computer labs" and perhaps on the desks for specialized "computer classes", but they definitely don't belong anywhere else.
Creative usage of computers for teaching is a copout on the kids. By removing the teacher/student relationship and replacing it with an inanimate object, the kids lose out on a great deal of education. This is why home-schooled kids typically do better in college than "computer schooled" kids do.
Is it any surprise that the more technology becomes a part of these kids' educations, the more likely it is that the bad apples are going to find ways to exploit the system?
Who is letting kids install stuff on school gear?
There are lives at stake here!
Well, maybe not really.
:p
Don't wanna go to jail.
But it would have been handy in several classes last semester.
But I did recently discover the admin password for the network, by looking at the only 5 worn keys on the server's keyboard ^_^
Shiny. Let's be bad guys.
...uses a keylogger DONGLE?
Seriously. Did he think that the teacher wouldn't notice a DONGLE that was added to the computer?
Please. At least use a trojan-type keylogger, or something even slightly covert.
I, too, have switched from computers to paper and pencil for storing sensitive information like password lists. I don't trust PCs when it comes to security.
She said the scheme was uncovered after authorities learned that the boy had attempted to sell the answers.He seems to have gotten caught because he was greedy. This brings up the question of how many kids have done this (use physical keystroke loggers) and have managed to get away with it. Do IT companies have any scheme to check for this sort of thing other than just locking up the physical case in the desk so the ports aren't reachable?
--
Free iPod? Try a free Mac Mini
Wired article as proof
if they placed the computers (with the tests) someplace better. As /.ers know, the most important part of computer security is physical access.
Remove the computer (with the tests) to somewhere that only teachers' can go, and you'll mostly eliminate the problem, without resorting to pen and paper.
Before we all start to scream bloody murder this, fascist law that, I would like to say that this kid got what he deserved. He is not a victim here. The victim is a teacher whose privacy was violated and the attorney deserves our support this time. This case is completely unlike the one of DVD John or Kevin Mitnick. The 180 days in jail is nothing in this case. So please, let's stop our knee-jerk reactions and congratulate the law enforcement just once when they in fact have done a good job. No need to panic here, no need to remind about 1984 or the Third Reich, because this kid was the one who was spying on his teacher and who belongs in jail. This story is only about "Your Rights Online" because your rights could be as easily violated like the rights of that teacher were violated by his student. We need to be protected from spies, be them MIAA, NSA or our students.
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
It's common knowledge that the kids are smarter than the teachers, computer-wise... but hasn't it always been that way?
;)
This is true. When I was in junior high in the early 90s, we had some basic computer course that involved filling out answers to some questions on a computer. I don't really remember that much about it now. But one day a bunch of us were in the lab and we found the teacher's disk, which had the answers to everything. We entered the disk and the program asked for a password. My friends were ready to give up. I thought for a moment and typed in "hello". It worked... first try. It was hilarious. My friends, most of whom hadn't used computers much by that time, thought I was some kind of serious hacker.
I guess this was a lot funnier in 1992. But the point is... I'm sure then, just like now, the teachers thought everything was secure. There's always someone who's going to prove them wrong.
Not a thing. It has to do with a dishonest kid who got busted doing something wrong. But sure as the earth turns, someone here will twist it into some dark big brother scheme to strip the common man of our rights. Somehow.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
This isn't some poor misguided kid who got thrown in jail because the "lab monitor" saw him using "that Linux hacking tool" on the school Windows machines. Nor is it some grey-hat hacker pushing boundaries. When you actively go and install a keystroke monitor on a machine that is not yours, you're out to get information that you shouldn't have, period. It's totally premeditated, too - it's not like he was poking around in /tmp and found a MS Word auto-save backup file with the answer key in it, or was rummaging around in the trash can because he dropped his retainer and found the answer key - he deliberately went and got a keystroke logger and put it on the machine. There's no possible way to spin this as an innocent kid getting screwed.
There is no sig, there is only Zuul.
Diabolical technique! Who would have thought!
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
Jail time for minors is almost never a good idea. There are some very rare cases where it's necessary, but this is not one of them, so I hope it doesn't come to that. We usually go easier on minors because it's widely believed that since they are still young, they still have time to change their ways, and so they deserve another chance. After all, most of us did some fairly stupid and/or illegal things as teenagers, many of which would've gotten us arrested or otherwise in serious trouble if we had been caught. But that doesn't mean we turned out to be criminals. We simply "grew up" and grew out of pulling those kind of stunts. Jail time for something like this is just going to set this kid's whole life back a LONG ways. So let's hope it doesn't happen. He should get a long community service term or something.
Perhaps I'm way off base here, but I assumed the person with violated rights was the teacher. I'm sure people in other professions risk having their clients log keystrokes or otherwise violate privacy. Of course, the school board (employer) could log keystrokes, but that's entirely different.
-- SYS 64738 --
Back in my high school spanish class, the teacher made an offer that if anyone could figure out his Windows screensaver password (which was a spanish nickname his grandma gave him), he'd give that person an A for the year. The fool.
Seems that when I normally hear about incidents even less severe than this -- for example, a student sending out a popup window with the NET SEND command -- the consequences are far more more harsh. Expulsion, possible felony charges... ...where is sane thinking actually prevailing in this country?
STOP MISUSING APOSTROPHES, YOU MORONS!!!
Not to be a troll, but since when did children need a strong teacher/student relationship? Back in high school, one of my favorite teachers showed up at the beginning of class, handed us lab sheets and reading assignments, then went out for coffee. And of the 10 home-schooled kids I know, fully five of them couldn't handle real college and ended up in local community colleges to stay close to their parents. I'd say a strong connection to one's teachers is as likely to be harmful as useful.
...it's really a sad day for America when we require a goddamn ACT OF CONGRESS to make our DVD players work properly. ~
Damn it son.. I thought I taught you right... Keep the price low.. sell more.. keep people happy.. you stay out of trouble.. now look at what you have done...
A Class B misdemeanor. Maximum punishment of $2000 and 180 days in jail. When ever there is a crime reported in the news, they always list the maximim possible punishment. Makes it sound much worse.
How much you wanna bet he gets a fine and community service? Not all judges automatically give out the max punishment, especially for a first time HS kid offender, and especially for a crime where there was no physical harm or actual property/monetary theft
Where is the controversy or violation of rights here? This is simply news. The kid did something that is clearly, blatantly wrong; there is no gray area or justification or defense. He got caught and should face the consequences.
Hey, this kid should get in trouble, yes, but I fail to understand why this is such an amazingly huge deal that it has to involve police and possible jail time. He was looking for test answers and then he tried to sell them and got caught. It appears that was the extent of his crime, too. There's no mention of stealing credit card numbers, account logins, etc.
Yes, he *could* have done that. The article, though, seems pretty clear it was just about the tests. Shouldn't the punishment fit the crime? Does potentially sending a kid to jail and giving him a huge fine fit the crime of trying to cheat on a couple tests in school?
I'm sure there's going to be many claims of "but he could have done more!" Except, by all accounts, he didn't do more. So.. I don't understand the idea of having extensive punishment for something he *could* have done if he had just been a smarter or more patient criminal. This is about as serious as finding a copy of the answer sheet sitting on the desk and copying it down while the teacher is busy somewhere else, isn't it? Isn't that the crime that was alleged and admitted to? Would a kid get charged with "breach of teacher's desk, a class B misdemeanor" in that case these days?
Maybe school has just changed a lot from when I was there. Scary world we live in.
Hexy - a strategy game for iPhone/iPod Touch
I did that too. We logged into our accounts in DOS; I wrote a DOS emulator that mimicked the basic command set. When they tried to log in, it would add their password to a list, state that there was an error, and then log out of my account to the real login prompt.
:)
I never stole tests or anything of the sort. However, I did have fun when the final project came around. While everyone was writing little text games or whatnot, I wrote this full-featured graphical demo. One of the scenes in the demo was a stereogram generator. The hidden image in the stereogram was the teacher's administrator login and password.
Freeze Ray. Tell your friends.
Ummm, what? I don't think you understand how these things work - it's basically some flash memory and a microcontroller. All the thing does is record the keystrokes that it receives and passes them along to the computer - it's totally OS-independent. There's no way to "lock down" the OS to prevent something like this from being installed, as it neither needs nor uses any resources on the host computer. The only way to prevent it is to prevent physical access.
ABSURDITY, n.: A statement or belief manifestly inconsistent with one's own opinion.
Actually, I used it to install Escape Velocity on the computers, with my friends and I having custom ships as NPCs (they did have games on them already). Some of the teachers even knew that I somehow was getting around security, but didn't seem to care.
English is easier said than done.
Sentencing guidlines are maximums, AS in the legal limit that cannot be exceeded. So for this particular crime he may be sentenced to no more than 180 days in jail. Even if the judge feels he's dangerous scum, the 180 days is the absolute statutory max. The judge may, and likely will, use his discression and lower the sentence.
In the case of a misdemeanor carrying this little time, it's highly likely the kid will get probation, or a suspended sentence, plus some community service. Means that provided he keeps his nose clean for a few months after this and does what the court tells him, he'll be fine. Being he's a minor, it'll all go away at 18 also, the record will be expunged or sealed.
That's something people often forget when quoting sentences, it's the max being quoted, not the normal or minimum. Even minor crimes generally have a highish maximum, in relation to the crime, to deal with repeat or flagrant offendors. If this kid tries it again, clearly didn't learn his lesson, and perhaps some jail time is in order. However for misdemeanors, it's rare to see more tham a small amount of jail time, and often none.
Remember: a misdemeanor is a rather minor crime. Even as an adult, it doesn't cause you much trouble. It doesn't stick with you like a felony (employers can generally only ask about felony records) and prevent you from getting a job, owning a gun, etc. If it's a first time thing, espically for lesser ones, it's generally a slap on the wrist.
It's real different than felony computer crime, which is more serious. Also felonies quite often mandidate minimum jail time. There's a little more room to be concerned there.
Here, sounds like justice is being served. This kid broke the law, make no mistake. It is NOT legal to go and record keystrokes or otherwise take data off a computer you don't own, any more than it's legal to break in to a house that's not yours.
In this case, it's more akin to taking and copying a key. Just because you get a hold of my keyring and successfully make a copy of my key, does not give you permission to get yourself into what that key accesses. Likewise, jsut because you find out my password, doesn't give you the right to access my computer. Both are methods for securing something, indicating unauthorized access is forbidden and you need permission. Copying/stealing the key isn't permission.
So the kid broke the law. However, no real harm was caused and it's not a big deal. So he's being charged with a minor crime, and will get a small sentence. He keeps his nose clean, in 2 years they'll be no legal record of it, and likely nobody will know he did it. However, if he does it again, maybe he gets a couple months in jail to consider where the path he's choosing leads him.
To me, it sounds like justice being served as it should.
These little devices simply plug in between the keyboard and the PS/2 port on a PC. They're usually beige in color and look as if they're supposed to be there.
You can get them at sites like this and this.
I've never heard of USB keystroke loggers however (probably because the information transfered between USB keyboards is in an arbitrary format), so any computer using a USB keyboard (modern Macs only have USB keyboards) should be safe.
Finally, the method of data retrieval is also fairly simple. Simply unplug the device and plug it into your own computer, and in any text editor start typing a certain "code" to open an interface to the keylogger (I think some might come with special software for it as well).
Best. Webhost. Ever. Dreamhost.
In my senior year of high school, the school I went to implemented a pilot program called, "Anytime, Anywhere Learning." It was some sort of thing done by Microsoft and Toshiba where we were supposed to learn with laptops.
Apparently, the plan was that giving kids computers and having them use them in class would lead to instant learning.
I will say that we did learn a lot. I learned how to pierce firewalls, how to tunnel traffic through firewalls, and how to spend my days downloading MP3s and chatting with classmates rather than listening to lectures.
The teachers, for their part, learned to tell us to keep the laptops in their bags. They also learned that there are about eight million things you can do with a chalkboard that you can't do with PowerPoint, and that the things you can do on both take less effort on a blackboard if you take the time to prepare a set of real lecture notes. They learned that there are a lot of things you can do with textbooks that you can't do with webpages, and they learned that if you let kids use webpages as sources for papers, you're going to get a lot of really crappy papers. They learned that it's impossible for the students to take good notes on a laptop from the moment the lectures start involving diagrams, and it's never possible to take good notes on a laptop in a math class. They learned that there are 8,542 ways to break a laptop, and a pack of 64 students are perfectly capable of finding all of them in less than two weeks.
All in all, they learned that putting a computer on every desk makes about as much sense as putting a TV on every desk.
The network login we had was some version of Novell Netware. I just made a program that looked like it in BASIC and ran it from DOS-PROMPT. After an attemptive login, I would just make it freeze there, like the computers would sometime do; they'd reboot and lauch the regular one. After I got a teacher's password whose accounts had administrator status(or were able to make new users who had admin status, one of those two), then me and my friends made new accounts and we could install games on them, just stupid stuff, we were like 11 and 12. We got caught because my one idiot friend saved a poem assignment he wrote on one of the admin accounts he made so he could print it later. When the admin came around from the central office for the school board to do whatever maintenance, it was all found out. I got fingered in the scheme by my friend, but I was a much better social hacker than computer hacker and just lied and convinced my way of the situation, even though I was the main culprit.
I remember my teacher asking the whole class for a show of hands, "who knew that this was going on?" and over half the class raised their hands. Anyway, goes to show, you can only trust yourself. Or, maybe, perform better network security so 11 year olds aren't able to bring it down.
I note that I haven't kept up my deviant ways, in fact, I haven't kept up my computer ways, I've only got university Programming I, which is to say I don't have anything.
Nope. This took in the signal from the keyboard, recorded it, and passed it unchanged (barring minor quantum crap ;-) ) to the PS/2 port. As far as the computer was concerned, there was no difference.
How ofteh do you check the connections to your computer, I meann REALLY check them, like close enough to see if there's something extra there? How about a work computer, where it's under a desk? How about one that you don't manage, that someone else takes care of?
When you get down to it, most people won't notice for a long time. My computer is even exposed, and I walk past the back of it every time I go to sit down and use it, and I have to admit, it'd probably escape my notice unless I was doing some maintenance. I simply don't look closely at the cables regularly, no reason to, and a casual glance wouldn't register a small difference in the bunch that comes out the back.
It's quite effective, on PS/2 computers at least. Main problem is decyphering the data later, since all you get is keystrokes, in the order they came in. IF it's someone who multitasks ans switches apps a lot with the mouse, or does lots of mouse cut n' paste, you can get a real jumble that's hard to understand. However for a username/password combo, usually easy to find.
I was an admin at a high school for a year. Some of the fun things I discovered...
I'm sure I found keystroke loggers on a few lab machines. Reimage time.
VNC made it on to the master image. Discovered it as midterm marks were being inputted on the same machines. Of course, there is a paper verification, but still, I had 4 labs of compromised machines with no trusted image.
Caught a student once logging into a teacher area while reviewing the logs. How? He used his own user id, in a place where students don't have access. Instant visit to the administration and a suspension. I had no problem with keeping him locked out for the rest of the year, but I was overruled. Obviously not the brightest... use someone else's account!
Students loved creating shortcuts to the C drive. My daily "shortcut scan" took care of those. 24 hour lockout.
The IT department was either overworked/underpaid, or not actively monitoring things. Students downloaded fun things like kazaa, morpheus, winmx, etc plus associated spyware (before I knew what it was). Yet the board firewall blocked outgoing ssh, so I couldn't update the school's web site from within the building.
Image was broken so students couldn't change their password. So, they wrote down their user id's and assigned alpha-numeric passwords. Of course, that left no accountability ("I didn't download that!")
Teachers were also a part of the problem. I immediately forced everyone's password to expire when I discovered the security problem. I had to reset half of them to "password" with the "do not expire password" flag. No matter how many times I explained why they needed a secure password (it only takes one teacher password to compromise ALL the marks, for example).
I also would have liked to set better lockout policies, including a 1 concurrent login policy. Teachers tended to let students share accounts, instead of sending them to me for a password reset. In some cases, students were already locked out for violations, and the teachers let them "borrow" another student's account!
I had control of my own machine, and I had a group policy denying all student logins on it. I wish I could have set it on the teacher workstations though. I didn't trust some of the teachers to not let students log in on those machines. 1 logger and we're back to the beginning.
One of the IT people said it best. The average demographic of a hacker is a 14-18 year old male. That described half of my students.
I use Macs to up my productivity, so up yours Microsoft!
A 16-year-old student has been charged with a misdemeanor for rigging a keystroke-recording device onto a teacher's computer.
While what this kid did was stupid, the fact remains that he is, a kid. Based on the tone of the article, it seems that he is being charged as an adult. You may argue that he had full comprehension of his actions when he did it, but, if you want to charge him as an adult, then we should afford him all of the benefits of adulthood, including voting, but I digress.
I was a total ass and thought I could get away with a lot when I was still in high school. I know that I was wrong, but it's not something I realized at the time. Think what would have happened to you if you were a) caught, and b) charged as an adult for the goofy things you did when you were in high school.
What's the typical jail sentence for stealing an exam key in a school? Hell, when was the last time someone got convicted for cheating during during a school test?
Back in 1994 when I was a junior in high school, I installed keylogger software of my own design on several public terminals at my high school. Passwords piled up and soon I was exploring all sorts of interesting systems with administrative access. Not that I did anything illegal or even really immoral -- just poked around for the most part and read lots of boring email. I finally got caught when I tried to install an IRC server on the school's Internet-connected Unix box, which raised all sorts of red flags with the admin. I got suspended for a day. I can't help but think that, ten years later, the tenor of the times encourages far more zealous prosecution of similarly minor misdeeds.
Well, second to last for seniors and everyone else had a few more weeks. A week before, I had done my usual stuff at lunch, going to the library and looking thru the school's computers to see if I could find anything interesting, and boy, did I ever.
I found payroll data on *every* employee of the school district, which, in itself, was a major screw up on the school's part. It wasn't hard to find this, either. I just went thru the list of computers in the school district's domain and checked what was public in interestingly-named computers. However, I found something much cooler later on... the school's web server.
Not only did I find evidence of the web server being hacked (anti-Israel propoganda, various racist images), but I also found that the school's website's files were unprotected! Idiots. So I altered the announcements and put "Hi, from DJ Hirko" at the bottom, along with a picture of Nitz from Undergrads. I didn't get in trouble for it, not sure why.
And just to make this even longer, let me regale you with the story of THE LOCAL ADMINISTRATOR PASSWORD (DUN DUN DUN). A friend of a friend had brute forced the local admin password, and since all the machines are the same ghosted image, he had the local admin password for every computer in the school. It slowly spread and eventually someone got caught using it. He ratted and it got back to my friend of a friend and they threatened him with expulsion and jail time. They eventually settled for a 5 day suspension, but it was still bullshit.
Come graduation day, one of my friends brought bright green neon letters that spelled out the local admin password. He smuggled the letters inside the graduation and we taped them to our hats. We held our heads so that everyone behind us, including all the parents and media, could easily see what was on our hats. We also got a picture of us (with the letters on our hats) in the paper, but they didn't know what it was.
So, Nashua School District, one word for you, upandn101.
Wheel in the sky keeps on turnin'.
I suppose it's for the best, I would have been bored and slacked off in the class anyway.
As it was, I discovered how to get the computer to allocate me raw memory without zeroing it out first, so I would print off giant sections of raw data, take them home and look for login IDs and the strings that inevitably followed them. Got lots of regular logins and even a few admin logins that way.
John
I myself did some stupid mischeif in my day...
:-P
When I was in Jr. High, my school got a grant or a donation or something, and ended up getting a computer in every classroom - a Mac (the iMac before the iMac... PPC 603-based all-in-one performa thingy)
It was my joy at the time, to collect Mac viruses. I would infect a copy of TextEdit or something, put it on a disk, and then clean my system. I knew what most of these viruses did, due to the virus program detecting them...
There was one in particular that was a piece of MDEF resource code, it made it so when you clicked a menu in any program, it would only pull-down like half the time, and when it did, the menu was blank -- you had to scroll your mouse over the items to make them show up. It was annoying, but most people just continued to use their system. It would spread to any other running apps, so it didn't take long for this to infect several computers on the campus. I never confessed to it, just quietly enjoyed making a bad week for the resident computer-dude.
A friend and I also used a program called DisEase to circumvent At-Ease (Apple's old restricted launch environment) in the computer labs. Once breaking in, a copy of the "Finder" file was created, and altered with ResEdit to change its file type to an application. This way, when it was discovered that we were getting through the system by running nasty applications from our own media, and that feature was disabled, we were still able to open documents with the CREATOR attribute set to our finder-application, and viola, full access to the system. System 7 was fun.
And who can forget my first programming experience: writing the following program and running it simultaniously on every Apple ][ system in the library, and leaving. Oh the poor librarian....
10 FOR I = 1 TO 1000
20 PRINT
30 NEXT I
40 PRINT "^G HACK THE PLANET!"
50 GOTO 40
It took a while for those slow computers to iterate 1000 times, which gave us time to make our get-away. Then they'd all go on infinte loop of childish messages accompanied by a system bell/beep.
Never did much in High School, as I had no laptop to run a sniffer when the counselor telnetted into the scheduling system to change my classes. I had the knowledge, and the intent, but lacked the means. Oh what a senior prank that could have been!
My senior year of high school I had just gotten a flashy new 256mB USB drive. While it had it's nerd value and was greta for moviing files from my friends broadband to my 56k connected home. I had never had a real reason to love it. Then AP Physics came along...
.pdf with all the answers to the chapter, and not just that full blown solutions. Never in my life have I cheated on a large scale such as this but...who wouldn't have? The PC was in the back room, and he had no way of seeing me. Within a week he became comfortable with me regularly using the PC for extended periods, which, after I recieved the files became a fun game time.
So I was sitting in my self study class while the teacher taught regular Physics. I asked a question and he reffered me to his computer. I'm thinking ok, there must be some sort of helpful software.
He then preceded to open some folders and boom, a
He never found out, and I never did homework again. I looked for tests but they were all outdated. I did manage to find house and phone numbes of a class that graduated 2 years before me. Dunno why he had that one.
From TFA:
Campus police referred the case to the Fort Bend County District Attorney's Office, which has charged the teen with breach of computer information, a Class B misdemeanor punishable by a fine of up to $2,000 and up to 180 days in jail.
What's the difference between that and say, holding the teacher at gunpoint to get the answers? In both cases he's doing more than cheating on a test. He's committing a crime to cheat on the test. He's being charged with the crime, not cheating on a test.
School years are around 180 days in the US... What an intresting coincidence that he could be put in jail for that ammount of time.
Jail is a prison for the body, compulsory education a prison for the mind. Given a choice between the two, I'll take jail any day. The student was more then justified in his actions. Most schools have extensive monitoring of students including the use of security cameras, random "drug" searches, and varous other methods of privacy invasion(a friend of mine who was kicked out of HS for subverting network security showed me a web accessable section of the school lan...(this was the best funded public school in the state) they had a secret searchable database that contained a psychological profile of every student along with standard information: age, grades, ssn, address). If you dare attempt to transcend the passive role assigned to you; if you even look like your going to help other students learn about history (you must be an anarchaist), chemestry (you will be accused of making bombs and drugs) or computer science (you'r a hacker), you will be interogated or expelled. Public education is a system that imposes ignorance on those too young and therefore too curious and independent minded to be good workers. It breaks them down to either drug induced apathy, or complacent submission. If we are ever to have a population with some conception of how technology, society, and self function, we must destroy the high schools. A just, equitable, and sustainable society cannot be built when our fellow citizens are subject to the forced indoctronation of dogmatic bullshit like nationalism and religion. Both public and parocial high schools are amoung the most destructive forces facing creativity, intellectual development, and society itself.
------ Take away the right to say fuck and you take away the right to say fuck the government.
Here's one procedure you can use whenever you use a computer that might have been interfered with (in a lab, in an internet cafe, even in a dorm).
This only works for GUIs, I'm afraid. It's important to use the *mouse* for cursor positioning, not the keyboard, as described below.
The basic approach is this: When you type in a username and/or password, don't type the username and password straight in. Instead, swap betwen the two fields, don't enter the characters in order. You will have to position the cursor where appropriate. For example:
Click on the password field, and enter the 4th letter of your password. Then click on the username field, and enter the last letter of the username. Then click at the front of the field and enter the second character. Then back to the password, and enter the first character. Etc etc. Even if you only do this for a few characters, it will help security immensely.
At the end, the keystroke logger will have collected all the characters in your username, but any spy will have a nice anagram to reconstruct.
The truly paranoid can add extra characters early in the process, and then overtype them later on. This is particularly useful if the selection is done by the mouse and not the keyboard - the spy wil have no chance of reconstructing the password if some of the captured kestrokes aren't even part of the final password.
A simpler method is to stop typing the password partway through, click on another app (don't use alt-tab or another keyboard shortcut; the logger will capture this) and press a few keys, then return to the browser/whatever and complete the password.
Note to ACs: I won't mod you up, even if you are being funny or insightful. So take a chance! It's not real life!
There was a lab that I used to hang out in. Being one of the few geeks in the school, I pretty much had run of the place. The teacher who oversaw the lab encouraged creativity and ingenuity. Sometimes he'd get pissed with something I did, but in those cases I just fixed it and moved on. This kind of activity, over a year or so, ended up earning his trust as I would also fix the odd problems with windows/autocad and such that would crop up.
:)
Eventually I became the de-facto admin for that entire lab. During my required study period he would give me a pass to hang out in his lab--sometimes even when other classes were in there. Talk about heaven. I had the run of a computer lab that was networked. It was like being a king.
Around my junior year or so, they replaced the computers in the lab (aging 386/486 era machines with DOS, mostly) with shiny new Pentiums running Windows. For a few months they were basically just open and normal Windows machines. I think they even had Internet access. This was, of course, a total disaster. The net was new, then. People didn't have it at home. They downloaded anything and everything. Porn, viruses, music, etc.
The result was a *cough* admin *cough* who ended up being the room almost everyday for awhile. He would spend his time poking around in control panels and "fixing" the computers. Eventually be must have gotten sick of that because they hired a local consulting company to come in to secure them all. Pretty soon the whole place was all passworded up with all these layers of cheap third party locks, etc.
I broke all of them--with full (unofficial) support of the teacher who taught in the room. They had tried to lock the systems down so much that half his programs wouldn't work right anymore. He had endless problems with students just trying to save their completed CAD drawings. I made a lot of those problems go away by circumventing the security, showing him how, and then giving him pointers to try to minimize the visibility of the hole so that other kids and the admin dude wouldn't find it. Not perfect, but it helped.
After some time of this the teacher pulled me aside one day and tells me in a reasonably loud-so-that-others-near-by-can-hear voice that I need to be careful because Mr. Admin is getting pissed that someone keeps getting into his system and he's going to try for suspension of that person when he is caught. Of course nearly every one of his students knew it was me--but they weren't talking. I had helped them all out of jams at some point or other. So after doing the public speech, he later pulls me aside in private and says, "Hey, keep doing what you're doing. I'll make sure they don't do anything to you. Those bastards are making my life such a living hell and they won't listen to my needs that I've given up trying to deal with them. You at least make it possible for me to teach my classes."
So of course after the next round of "security upgrades" I was once again on the job. Eventually I figured the way into the system and changed all the screen savers to be the marquee one and had it read, "Ha ha! I got in Mr. Security Guy!" Hoo boy did the shit hit the fan. I was shielded from it, but the teacher just loved it. The admin dude was pissed. The consulting guy was there almost everyday for like 2 weeks. My teacher would just smile and nod. Eventually they locked it down pretty heavily, but by this point I was a senior and I was graduating early and was out of there.
Those were some good times. Seriously, though, I swear that in this day and age I'd be arrested for information terrorism or some such bullshit. Sure, I made life somewhat difficult for an admin or two, but they brought a lot of it on themselves. They had tried to lock the computers down so much so as to make them almost useless as a teaching tool. And of course Windows itself was so prone to holes, viruses, and other crap that it only made the problem worse. I sure did learn a lot, though. After all, isn't that what school is supposed to be for?
Hexy - a strategy game for iPhone/iPod Touch
Yeah, very similar stories here... Got to "high school" aged 13 (weird school system where I grew up), and within a year a friend and I had admin accounts on the RM Nimbus (RMNet) Win3.1 network. Within another six months we were actually maintaining the network, (after we watched the "Head of IT" sit and stare at an autoexec.bat file for over half an hour, then solved the problem for him in thirty seconds from another terminal). Eventually we were just solving problems before the IT guy even noticed them (all, of course, unofficially - the Powers That Be would have had the screaming hairy ab-dabs at the thought of the access we had, and did, whenever they found out).
Highlights included:
The Head of IT had a deal with RMNet (the Nimbus ISP that offered cheap rates to educational insitutions) - in return for cheap hosting, he had to look for and report any porn sites he could access so they could be added to the blacklist (still a bit suspicious about that...).
Anyway, the Head of IT used to sit on the only machine with a modem (for hour or two every morning before school), surfing for porn/credit card/warez sites sites, recording the URLs and reporting them to RMNet. The only problem was... he'd never heard of a browser cache.
We actually had friends who'd come in at lunchtime, copy the cache full of porn onto disk and sell it to the other kids for a couple of pounds a time.
Everything in moderation, including moderation itself
The students at the school I went to quickly worked out that At Ease could be circumvented simply by pressing the "Interrupt" key that Mac Classics had handily available on the side of the case. The teacher wrote in to MacUser and the solution they suggested was to "detach the keys" :).
... fun times.
At least they had got a tad more of a clue than when I was there. I got banned from the computer room for locking a file (ie opening the properties box and clicking "locked"). They had to march me into the computer room and make me show them how to unlock it. It didn't help that my friend had recently renamed the hard drive to "This is shit" because all the games had been taken off.
Oh, and I can't count how many times the head of computing used to have to go round renaming "Pubic Folder"
"The dew has clearly fallen with a particularly sickening thud this morning"
im sorry but im dsylexic and have Dysgraphia http://www.ninds.nih.gov/disorders/dysgraphia/dysg raphia.htm
The article linked to is from 2002 and is about giving the GRE on paper in China and India. Sort of misleading in the summary. The GRE in the US is and will be given via computers.
The Tao that can be spoken is not the one eternal Tao
but a fine and the threat of jail time isn't the answer.
I disagree. People seem to think that commiting crimes on a computer is somehow "not as bad" as the normal physical crimes of theft, tresspassing, etc. People need to be taught at a young age that doing things like putting a keystroke logger on a teachers computer is a real crime and not just harmless fun.
If that kid gets a job in an office and throws a keylogger on his bosses computer he will get into some real trouble and rightfully so. They need to learn early on that this kind of behaviour is unnacceptable.
But this is slashdot so I expect a bunch of replys saying that it is not the kids fault but it is the schools fault for not securing their computers.
im sorry but im dsylexic and have Dysgraphia
There is a spell checker extension that you can add to Firefox. It is downloadable from http://spellbound.sourceforge.net/ Seeing as how slashdot will never add an integrated spell checker it would be nice if more users would start using spellbound.
yep - programmer key (and then typing 'finder g') interupt got around it, as did an OS bootable zip drive hooked to the SCSI chain (cmd-opt-shift-esc) or pressing 'c' with an OS CD in the drive. On older macs, it was just command-esc or command-del to enter debug mode because there was no programmer key. I think early versions of At Ease could be bypassed by holding down the shift key at start or by using force quit (cmd-.), but those two workarounds didn't last for long.
In college I faced a similar but a bit different of a problem - Foolproof and nightly restore from disk images. Our mac lab head and lead lab attendant were both very smart mac users (the lab lead wrote a very popular graphical game called MacTrek [not the text game], but was forced to destroy it and all copies and source when Paramount sued him and he lost) and pulled the programmer and reset keys off, though I found I could still hit either with a well aimed paperclip... but that didn't disable foolproof like it did At-Ease. At about that time, I discovered the magical command-option-shift-delete would boot to the next available drive, not the hard disk. With an OS installed mac image on a Zip disk, I was able to bypass and remove programs... At first, I just disabled the image restore program, but the sys-admins were savvy, and quickly discovered my transgression and reinstalled the software, wiping my game folder... I needed something more. They had discovered that I hacked in, but not how I had hacked in, so I continued with my deviant ways... With some playing around with folder flags, I found one that wouldn't allow the folder to be deleted by the restore software (mark as a system folder, I think). I also found the program wouldn't erase anything contained in this protected folder, though I don't know why - maybe they thought that since foolproof wouldn't let you open the system folder, there was no need to clean it up, maybe it was a flaw in the restore program - I never did find out.
I installed a directory with games having no icon and the name " " (space). You couldn't see it unless you rectangle drag highlighted it, and needed to click the space to launch it, since I erased its icon mask to make it harder to see. I then shoved it in a place nobody would look - something under Utilities, but I forget. Later, when I was a bit more mac savvy myself, I wrote a little extension I called unfoolproof (not to be mistaken for the program by the same name) that would not load the foolproof extension if I held down the u key at boot (it was actually named something innocuous like ISO9660VolumeMount and didn't display an extension icon).
I disagree. People seem to think that commiting crimes on a computer is somehow "not as bad" as the normal physical crimes of theft, tresspassing, etc. People need to be taught at a young age that doing things like putting a keystroke logger on a teachers computer is a real crime and not just harmless fun.
Excuse me? I'll agree that computer crimes aren't "harmless fun", but do you actually think any computer crime is as serious as assault, rape, or murder? If you do, you have some seriously screwed-up values. Trespassing, at least in a private home, is up there too. I'll happily shoot dead anyone that breaks in my house, but I'd never advocate death for any computer crime (except maybe something extremely large-scale, but I doubt it).
How about a hypothetical question: if you had a choice of living in two societies, one where violent crime is commonplace, but computer crime is nonexistent, or another where computer crime is rampant, but violent crime is nonexistent, which would you choose? I'll happily choose the latter. At least my life isn't at risk, and I can always exercise caution and use appropriate security measures to avoid being the victim of a computer crime.
But this is slashdot so I expect a bunch of replys saying that it is not the kids fault but it is the schools fault for not securing their computers.
A criminal is always liable for his crime, but that doesn't excuse not taking measures to avoid being the victim of the crime in the first place. Do you leave your doors unlocked? Do you leave valuables inside your car, with the doors unlocked, and a sign outside saying "please don't steal the valuables inside this unlocked vehicle"? You can whine and point fingers all you want after becoming a victim, but you're still a victim. I'd rather avoid that.