[Dshield] Surely Not?

Joel Esler eslerj at gmail.com
Fri Jan 6 23:05:53 GMT 2006


Quite possible, however, this also sounds like a fundamental  
misunderstanding of computers in school.

Quick War Story. 10 years ago, I was in high school in "Keyboarding  
1".  We had a networked room full of IBM machines that ran nothing  
other than Wordperfect.  (WordPerfect?  That was the one with the  
blue screen and white writing, and you had to know a lot of commands  
via Ctrl, and Atl and Shift to accomplish anything right?  Anyway...)

I figured out that the Administrators computer was networked to the  
room via share, (don't know if it was a netbios share or nfs..  but  
in retrospect it had to be netbios..)  and I figured out how to dump  
the program and browse the Admin's computer, (then called a "Sysop",  
we should go back to that title).  Well apparently there was another  
kid that sat over my shoulder and saw how I did it, and he did the  
same, the teacher caught us, didn't tell us, and subsequently told  
the principal and we got suspended.  For "Changing the Sysops password".

Did I do anything?  No.  Did the other kid do anything?  No.  But  
from then on I was known as the "Hacker" in the school, and went on  
later fixing and securing the entire schools networks (Appletalk and  
Netbios).  But this story was all to illustrate the lack of  
understanding the the various Boards of Education around the US.

I bet the kid made a webpage, the administrators probably couldn't  
figure out how he did it, and the page had some kind of live  
content.  A friend tells two friends, and they tell two friends, and  
so on, and so on.  Eventually you have a school full of kids hitting  
F5 to refresh some kind of stupid content on a web-page, which really  
has no impact in the real world.  Except to inadvertently bring this  
schools webpage down.  My guesses are, he's from a small town.   
(Uniontown is a rural suburb of Akron, OH, the former Tire capitol of  
the world.)

J




On Jan 6, 2006, at 4:00 PM, Sean Smith wrote:

> Sorry. I misunderstood your point. I thought you meant prosecuting the
> refreshers...however, this kid had malicious intent. A felony though??
> Sounds like a high school prank. Nothing like marbles down the hallway
> at lunch, but still...
>
>
> S Smith
>
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Joel Esler
> Sent: Friday, January 06, 2006 2:43 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Surely Not?
>
> This isn't like a "TGIF" joke is it?  There's no way they would
> prosecute someone for people refreshing the page...
>
> J
>
> On Jan 6, 2006, at 3:03 PM, stu wrote:
>
>> UNIONTOWN -- A Stark County high school senior has been arrested and
>> charged for allegedly trying to crash his school's computer system.
>> Police say the student, created a website which connected to the
>> school's system.
>>
>> When enough users logged on and hit the F5 button, it overloaded the
>> school's system.
>>
>> But, Lake High School caught-on before the system crashed. Its
>> computers
>> started slowing down.
>>
>> "It's a crime and it is important we take this seriously ...
>> especially
>> for school officials ... it could have done a tremendous amount of
>> damage," said Canton City Prosecutor Frank Fronchione.
>>
>> Stone is charged with a felony and could face jail time.
>>
>> But prosecutors say community service is more likely and disciplinary
>> action from the school.
>>
>> http://www.wkyc.com/akron/akron_article.aspx?storyid=45721
>>
>> Surely the people pressing F5 are liable? If I link to a website the
>> people who abuse that are liable?  How many people would they have
>> needed to refresh the page to cause it to slow down!?! What does
>> "tremendous amount of damage" actually refer to; I'd like to see the
>> description for releasing student records in comparison with  
>> trying to
>> DoS a web server.
>>
>> _________________________________________
>> Learn about Intrusion Detection in Depth from the comfort of your
>> own couch:
>> https://www.sans.org/athome/details.php?id=1341&d=1
>>
>> _______________________________________________
>> send all posts to list at lists.dshield.org
>> To change your subscription options (or unsubscribe), see: http://
>> www.dshield.org/mailman/listinfo/list
>
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own
> couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
>
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your  
> own couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
>
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http:// 
> www.dshield.org/mailman/listinfo/list



More information about the list mailing list