The hub that this guy was on was the last one we have left to replace in the college.
The CCTV (not ours) was college run, not University run. As has been pointed out, it was a black box installation, and not under the remit of the college IT staff when it was installed (as I understand it).
Disclaimer: These are my own views, and do not necessarily represent the views of either the college I work for, nor Oxford University.
Right, that's out the way, then.
I work for the college that one of these students attend. So far there's been very little said by the IT staff on this matter - it's all been done by the official channels of the university. But this seems to be a good place to set the record straight on a few things.
These students didn't hack anything. All they did was sniff some tcp/ip traffic. That they could only do because it was the last hub left to upgrade in college. I'm fairly certain they wouldn't have had the intelligence to bypass a proper switch, but even then, it's hardly a massive security failure. None of the college's administration systems were compromised in any way. None of the student servers were compromised. The emails and passwords they compromised were not the official university ones, and if they were, it is because the email clients were not configured properly. The new webmail interface (unpopular for a reason that's beyond me) is through https: and therefore secure. They only got these passwords at all because email passwords under pop, as well as imap if you don't use ssl, are transmitted through clear-text, people. Just like msn messenger and the internet.
Somehow we are being held accountable for how the internet works. Maybe it's because Tim Berners-lee attended here.
There is no real problem here, except the issue of user awareness. And that was in no way raised by the article these two hacks wrote - rather people are more paranoid (not a bad thing in itself) yet further misled in their understanding of the university networks.
It is not journalism to create a story. It is journalism to report a story in a fair and unbiased manner. Out of the article printed by these two in the Oxford Mail, the various editorials in both the above and the other Oxford Student paper, the Guardian and the BBC, the only unbiased report I've seen is from the BBC. And even then it's because you get the impression they're too lazy to get involved;op
No, that's not journalism. That's scare-mongering.
I agree with those people who say this should not have gone to the police - but by that time it was being handled by people who didn't understand the technicalities of what these people did.
The only thing I think that is dumb on the administration's part is having the Closed Circuit Televisions controlled via the internal network, that shit should be on a totally different network
Yeah, exactly. That wasn't us, btw. But even so, I'd like to point out that being able to access a security camera in a public area is not exactly a breach of privacy. Just a bit dumb of whoever put it in. Probably someone going over the head of the IT admin , if I know oxford...
Somebody fire this person (re: the comments by IT officer A)
It's better to stay quiet and be suspected a fool than open one's mouth and remove all doubt.
These were members of the legitimate press, who in the course of their duties as members of a free press, alerted a population about a situation where the authorities who they trust to provide security have failed in carrying out their responsibilities
Uh.. I don't see it as the duties of the free press to break the law in order to create a story - or even to report one. As for the failing of responsibilities - it should be obvious by now that this hasn't happened.
Have you heard of Whistleblowing
Have you heard of Shit-stirring?
Slashdot Mirror
what, all of them?
There's a pint waiting for you at my local(in Oxford).
The hub that this guy was on was the last one we have left to replace in the college.
The CCTV (not ours) was college run, not University run. As has been pointed out, it was a black box installation, and not under the remit of the college IT staff when it was installed (as I understand it).
Uh.. damn. First time posting, neglected to include para breaks.. sorry ^-^;;
Disclaimer: These are my own views, and do not necessarily represent the views of either the college I work for, nor Oxford University. Right, that's out the way, then. I work for the college that one of these students attend. So far there's been very little said by the IT staff on this matter - it's all been done by the official channels of the university. But this seems to be a good place to set the record straight on a few things. These students didn't hack anything. All they did was sniff some tcp/ip traffic. That they could only do because it was the last hub left to upgrade in college. I'm fairly certain they wouldn't have had the intelligence to bypass a proper switch, but even then, it's hardly a massive security failure. None of the college's administration systems were compromised in any way. None of the student servers were compromised. The emails and passwords they compromised were not the official university ones, and if they were, it is because the email clients were not configured properly. The new webmail interface (unpopular for a reason that's beyond me) is through https: and therefore secure. They only got these passwords at all because email passwords under pop, as well as imap if you don't use ssl, are transmitted through clear-text, people. Just like msn messenger and the internet. Somehow we are being held accountable for how the internet works. Maybe it's because Tim Berners-lee attended here. There is no real problem here, except the issue of user awareness. And that was in no way raised by the article these two hacks wrote - rather people are more paranoid (not a bad thing in itself) yet further misled in their understanding of the university networks. It is not journalism to create a story. It is journalism to report a story in a fair and unbiased manner. Out of the article printed by these two in the Oxford Mail, the various editorials in both the above and the other Oxford Student paper, the Guardian and the BBC, the only unbiased report I've seen is from the BBC. And even then it's because you get the impression they're too lazy to get involved ;op
No, that's not journalism. That's scare-mongering.
I agree with those people who say this should not have gone to the police - but by that time it was being handled by people who didn't understand the technicalities of what these people did.
The only thing I think that is dumb on the administration's part is having the Closed Circuit Televisions controlled via the internal network, that shit should be on a totally different network
Yeah, exactly. That wasn't us, btw. But even so, I'd like to point out that being able to access a security camera in a public area is not exactly a breach of privacy. Just a bit dumb of whoever put it in. Probably someone going over the head of the IT admin , if I know oxford...
Somebody fire this person (re: the comments by IT officer A)
It's better to stay quiet and be suspected a fool than open one's mouth and remove all doubt.
These were members of the legitimate press, who in the course of their duties as members of a free press, alerted a population about a situation where the authorities who they trust to provide security have failed in carrying out their responsibilities
Uh.. I don't see it as the duties of the free press to break the law in order to create a story - or even to report one. As for the failing of responsibilities - it should be obvious by now that this hasn't happened.
Have you heard of Whistleblowing
Have you heard of Shit-stirring?