Sat, 12 Nov 2005 23:58:50 +1100
Sore Saturday
Really long time, no post. I've been tied up in heaps of stuff lately though.
Straight into it...
Last Sunday was the annual school fair. I arrived at a nice and early 9am to start setting up. Set up went pretty well, a few speakers around the place on hacked up wireless links. The best highlight of the day for me was the great food in the international food stalls section as well as spending the finale of the day with friends. Such a fun day.
Tuesday was jam-packed as well, the last social for the year. Rather than being organised by the SRC, this was organised by a group of friends who are going to Borneo, with all the money being fundraised. As usual I did all the music. The choice of music seemed to be good, though for next time I need to lay off on the trance.
Wednesday was also busy, Bendigo Cup day. I spent the morning and a bit of the afternoon at a friend's place at their birthday party. After the party (about 4:30) I went along to the cup to hang about with some other friends until about 7. A fun, tiring and hot day.
The rest of the past week was filled with the usual classes.
Now for my er dilema.
After numerous discussions I decided to tell someone high up about all the security flaws in the school network. On Thursday I had a casual chat to the Headmaster who looked shocked that there were problems and told me to see the Senior Master about it. So at lunchtime I had a meeting with him and gave him a live demonstration showing that anyone could get full administrator access very easily. He thanked me, while looking shocked at the password (quote: "123456? That's not a bloody password!"). After school I visited the sys admin and told him about all the other flaws, he thanked me and gave me his standard lecture saying that I wouldn't get away with it at uni - which he's already given me at least 3 times before. So everything seemed cool at the end of the day.
What I didn't tell anyone about was the account I created called 'davidhasselhoff' as a proof-of-concept that the account I found the password to was indeed an admin account.
On Friday, I checked all the flaws I found and they were *shock horror* fixed. In addition to that, davidhasselhoff's account was disabled - but not deleted. On later discussions I found out that the admin had (finally) found the account. At this point, my parents (who were working at the time) received a phone call from the Senior Master saying that I had 'hacked the network', that there will be a meeting on Monday with them to apparently discuss 'my future at the school' and that the school may think about getting the police involved.
After a stack of frantic discussions with various sources who are knowledgable in the area, I confirmed that what I have done, as far as the law is concerned, is indeed not hacking. I also had a discussion with a friend who is the sys admin at another local school (much bigger than mine. This particular school also happened to be the school mine 'steals' most of the IT setup ideas from, but sets them up quite badly) who also happens to be a friend of our sys admin and he said the whole situation is bullshit and he'll do what he can to help me out.
Moral of the story: If you find a flaw on a network and the sys admin hates you, don't tell anyone about it.
I also had to sprint 1.2km from home to the bus stop in 2 minutes first thing (without breakfast) in the morning today to get to work. My legs are sore.
Sleep well and look after yourselves (and don't dig yourselves into deep holes...).
Last editted: 00:14:55 Sun 13 Nov 2005
Straight into it...
Last Sunday was the annual school fair. I arrived at a nice and early 9am to start setting up. Set up went pretty well, a few speakers around the place on hacked up wireless links. The best highlight of the day for me was the great food in the international food stalls section as well as spending the finale of the day with friends. Such a fun day.
Tuesday was jam-packed as well, the last social for the year. Rather than being organised by the SRC, this was organised by a group of friends who are going to Borneo, with all the money being fundraised. As usual I did all the music. The choice of music seemed to be good, though for next time I need to lay off on the trance.
Wednesday was also busy, Bendigo Cup day. I spent the morning and a bit of the afternoon at a friend's place at their birthday party. After the party (about 4:30) I went along to the cup to hang about with some other friends until about 7. A fun, tiring and hot day.
The rest of the past week was filled with the usual classes.
Now for my er dilema.
After numerous discussions I decided to tell someone high up about all the security flaws in the school network. On Thursday I had a casual chat to the Headmaster who looked shocked that there were problems and told me to see the Senior Master about it. So at lunchtime I had a meeting with him and gave him a live demonstration showing that anyone could get full administrator access very easily. He thanked me, while looking shocked at the password (quote: "123456? That's not a bloody password!"). After school I visited the sys admin and told him about all the other flaws, he thanked me and gave me his standard lecture saying that I wouldn't get away with it at uni - which he's already given me at least 3 times before. So everything seemed cool at the end of the day.
What I didn't tell anyone about was the account I created called 'davidhasselhoff' as a proof-of-concept that the account I found the password to was indeed an admin account.
On Friday, I checked all the flaws I found and they were *shock horror* fixed. In addition to that, davidhasselhoff's account was disabled - but not deleted. On later discussions I found out that the admin had (finally) found the account. At this point, my parents (who were working at the time) received a phone call from the Senior Master saying that I had 'hacked the network', that there will be a meeting on Monday with them to apparently discuss 'my future at the school' and that the school may think about getting the police involved.
After a stack of frantic discussions with various sources who are knowledgable in the area, I confirmed that what I have done, as far as the law is concerned, is indeed not hacking. I also had a discussion with a friend who is the sys admin at another local school (much bigger than mine. This particular school also happened to be the school mine 'steals' most of the IT setup ideas from, but sets them up quite badly) who also happens to be a friend of our sys admin and he said the whole situation is bullshit and he'll do what he can to help me out.
Moral of the story: If you find a flaw on a network and the sys admin hates you, don't tell anyone about it.
I also had to sprint 1.2km from home to the bus stop in 2 minutes first thing (without breakfast) in the morning today to get to work. My legs are sore.
Sleep well and look after yourselves (and don't dig yourselves into deep holes...).
Last editted: 00:14:55 Sun 13 Nov 2005
Sun, 13 Nov 2005 10:20:04 +1100
"Moral of the story: If you find a flaw on a network and the sys admin hates you, don't tell anyone about it."
True that.
True that.
Tue, 15 Nov 2005 17:23:22 +1100
You'd think that by now, the IT idjits (I bet they're trying to bring down the school from the inside) would have been fired... grr. In other news, WHY did those sick, sick people at Jaycar think that... that... that... that was just SCARY!!!!!
Tue, 15 Nov 2005 18:50:59 +1100
haha, yeah. Nice reaction, I might add. =D
Ewwwwww nooo way :P
Ewwwwww nooo way :P
Tue, 15 Nov 2005 19:14:55 +1100
After you both left, they said I should er 'go for it'...
Tue, 15 Nov 2005 19:22:51 +1100
Bahahahaha, that's a new one. Was it Damien or the old guy? He seemed to be a bit of a goer :P
Tue, 15 Nov 2005 20:36:52 +1100
It was "Eeeew! Hell no!!!", not "Eeeew! No way!". 'Hell no' has stronger connotations... Matt, ur icky. Very icky.
Tue, 15 Nov 2005 22:05:03 +1100
Lol, I don't. I'm sure it a major pick up. Just not sure who's the guy and who's the chick in this relationship. Well whatever kinky crap you guys get up to is your business.
J
J
Wed, 16 Nov 2005 22:10:44 +1100
We both wear the skirts in this relationships... its just that my skirt will be shorter than his... and the kinky stuff... lets see... do you remember that steamroller i told you about earlier?
Thu, 17 Nov 2005 17:34:01 +1100
So Russ is going to be wearing a skirt? Gee... that music on his iPod should have made it obvious :p
It's OK James, we're still here for you (With a divy van out the back, white coats on us and a room booked for life at the mental institution)
It's OK James, we're still here for you (With a divy van out the back, white coats on us and a room booked for life at the mental institution)
Thu, 17 Nov 2005 18:15:53 +1100
Yay! I can finally scream wildly whilst being dragged away. Ohhhh a dream come true...
J
J
Fri, 18 Nov 2005 23:27:12 +1100
The question is more where am I being dragged to?
J
J
Sat, 19 Nov 2005 10:02:55 +1100
That's for me to know, and you to find out from the back window of a divvy van.
