[Dshield] Surely Not?

Chris Wright dshield at yaps4u.net
Fri Jan 6 23:21:04 GMT 2006


Regardless of how far fetched it seems, if it was in the UK, the webserver
would probably be the same machine handling the telecoms, the voicemail,
security system, time table analysis, email server, heating controls, food
ordering system etc etc.

Not to mention that the principle couldn't gain access to
www.dodgypornsite.com during his break.

Not that our IT systems in schools are 20 years behind the rest of the
world.
We probably still have kids hacking 386's.... (You think I am kidding)

Chris 

-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Joel Esler
Sent: 06 January 2006 23:06
To: General DShield Discussion List
Subject: Re: [Dshield] Surely Not?

Quite possible, however, this also sounds like a fundamental
misunderstanding of computers in school.

Quick War Story. 10 years ago, I was in high school in "Keyboarding 1".  We
had a networked room full of IBM machines that ran nothing other than
Wordperfect.  (WordPerfect?  That was the one with the blue screen and white
writing, and you had to know a lot of commands via Ctrl, and Atl and Shift
to accomplish anything right?  Anyway...)

I figured out that the Administrators computer was networked to the room via
share, (don't know if it was a netbios share or nfs..  but in retrospect it
had to be netbios..)  and I figured out how to dump the program and browse
the Admin's computer, (then called a "Sysop", we should go back to that
title).  Well apparently there was another kid that sat over my shoulder and
saw how I did it, and he did the same, the teacher caught us, didn't tell
us, and subsequently told the principal and we got suspended.  For "Changing
the Sysops password".

Did I do anything?  No.  Did the other kid do anything?  No.  But from then
on I was known as the "Hacker" in the school, and went on later fixing and
securing the entire schools networks (Appletalk and Netbios).  But this
story was all to illustrate the lack of understanding the the various Boards
of Education around the US.

I bet the kid made a webpage, the administrators probably couldn't figure
out how he did it, and the page had some kind of live content.  A friend
tells two friends, and they tell two friends, and so on, and so on.
Eventually you have a school full of kids hitting
F5 to refresh some kind of stupid content on a web-page, which really has no
impact in the real world.  Except to inadvertently bring this  
schools webpage down.  My guesses are, he's from a small town.   
(Uniontown is a rural suburb of Akron, OH, the former Tire capitol of the
world.)

J




On Jan 6, 2006, at 4:00 PM, Sean Smith wrote:

> Sorry. I misunderstood your point. I thought you meant prosecuting the 
> refreshers...however, this kid had malicious intent. A felony though??
> Sounds like a high school prank. Nothing like marbles down the hallway 
> at lunch, but still...
>
>
> S Smith
>
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Joel Esler
> Sent: Friday, January 06, 2006 2:43 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Surely Not?
>
> This isn't like a "TGIF" joke is it?  There's no way they would 
> prosecute someone for people refreshing the page...
>
> J
>
> On Jan 6, 2006, at 3:03 PM, stu wrote:
>
>> UNIONTOWN -- A Stark County high school senior has been arrested and 
>> charged for allegedly trying to crash his school's computer system.
>> Police say the student, created a website which connected to the 
>> school's system.
>>
>> When enough users logged on and hit the F5 button, it overloaded the 
>> school's system.
>>
>> But, Lake High School caught-on before the system crashed. Its 
>> computers started slowing down.
>>
>> "It's a crime and it is important we take this seriously ...
>> especially
>> for school officials ... it could have done a tremendous amount of 
>> damage," said Canton City Prosecutor Frank Fronchione.
>>
>> Stone is charged with a felony and could face jail time.
>>
>> But prosecutors say community service is more likely and disciplinary 
>> action from the school.
>>
>> http://www.wkyc.com/akron/akron_article.aspx?storyid=45721
>>
>> Surely the people pressing F5 are liable? If I link to a website the 
>> people who abuse that are liable?  How many people would they have 
>> needed to refresh the page to cause it to slow down!?! What does 
>> "tremendous amount of damage" actually refer to; I'd like to see the 
>> description for releasing student records in comparison with trying 
>> to DoS a web server.
>>
>> _________________________________________
>> Learn about Intrusion Detection in Depth from the comfort of your own 
>> couch:
>> https://www.sans.org/athome/details.php?id=1341&d=1
>>
>> _______________________________________________
>> send all posts to list at lists.dshield.org To change your subscription 
>> options (or unsubscribe), see: http:// 
>> www.dshield.org/mailman/listinfo/list
>
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own
> couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
>
> _______________________________________________
> send all posts to list at lists.dshield.org To change your subscription 
> options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own 
> couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
>
> _______________________________________________
> send all posts to list at lists.dshield.org To change your subscription 
> options (or unsubscribe), see: http:// 
> www.dshield.org/mailman/listinfo/list

_________________________________________
Learn about Intrusion Detection in Depth from the comfort of your own couch:
https://www.sans.org/athome/details.php?id=1341&d=1

_______________________________________________
send all posts to list at lists.dshield.org To change your subscription options
(or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list