Thursday, October 8, 2009

Busted

There are two things i hate: stupid people and crappy software.
Unfortunately at the school i attend i deal with both.

When i started attending this last summer i was dismayed to find that on all the computers the only browser installed was Internet Explorer7. The student accounts were also locked down to prevent software from being installed. I cant use IE, it's a piece of crap. I talked with the IT department and asked them if they could install Firefox on some of the machines around campus. one of the dudes was a Microsoft fanboy, he went off on how FF was insecure, then the other guy said that it wasn't compatible with their systems. Keep in mind that there are also macs on the network, and they DO have FF installed and work just fine.

after failing to convince the IT people, i resorted to attempting to bypass the security software on the computers. The student accounts are all hosted on a central server, so instead of messing with the software i decided to try a few exploits of windows itself. To my surprise the terminal had not been disabled on the student accounts, i was able to change the administrator password from the terminal using a little known command. I could then log into the computer and install FF or whatever i pleased. i did this for months. however, while i was vigilant about removing evidence from the compromised machines, there are always places to slip up.

Fast forward to yesterday, i got a call from the IT admin. I have google voice so i sent the call to voicemail and listened in, he left a message that i was supposto meet with him. when i went to talk to him today, he had another bigwig in there with him. They found the hidden accounts i created and they knew it was me. He asked how i got in, so i told him how.

Luckily, because all i had done was install browsers they let me off with a warning. No action would be taken against me as long as i don't do it again. However, they did not fix the hole that i used to get in because some of the management software uses it. If somebody else starts using the same tactic they are probably going to think its me.

You cant win i guess.
Posted by at 2:44 PM
Labels: , ,

3 comments:

  1. Although there might be some validity to the evidence at hand, I'm inclined to believe that the accounts were all they really had. I can't fathom what you would be so naive to leave behind to get caught... unless you left browser history that traced you back to social networking spots... which then thats all they would need.

    Next time I would recommend never doing the such... unless you know how to access the logs and delete them. My guess is that they pulled security camera with date and times of when you were using the facility... at the same times the accounts were created / software installed. I.E... those pesky server activity logs. Blasphemy!

    No big deal my friend.... keep on trucking. ;) Love yah man!

    -Joe
    ReplyDelete
  2. a few people knew about the hacked accounts, perhaps word spread until somebody reported it. This is what i think happened, otherwise i would have been caught much sooner. I always ran the browsers incognito (no history or cookies saved) so the possibility of them getting anything identifying from the history is pretty slim.
    ReplyDelete
  3. I got busted in college for using net send (did you use the net command to change the admin password?) to prank other computer users into shutting down their own computers. I got off with a warning too, but I was angry that I got caught because I just made a simple mistake.

    Out of curiosity, would you log out of your own account, then into the admin account right after, or vice versa? If so, it's as simple as looking at the access logs to see that one person was always logging into the same machine right before or after the fake admin account.
    ReplyDelete

Subscribe to: Post Comments (Atom)