School District IT shenanigans

[steve_v]

You as tech support/fixmybrokenpcguy are supposed to act professionally when dealing with private data you have access to while fixing a machine. Refusing such a repeat customer because you don't like the same .... he likes is not only unprofessional, but it may actually be illegal, depending on where you live.

As this is not my day job, and I work only for beer, I will damn well refuse whomever I feel like.

I don't mind teaching people how to avoid these problems, or cleaning up the mess if they honestly didn't know any better. I'll even help to set up things like proper backups, so long as the 'customer' is willing to learn.

A computer is a tool, a conduit and processor of information. It has no mind of it's own. Garbage in = garbage out. Treating a complex system like a toaster, and then complaining that the machine didn't read your mind or protect you from the thing you shouldn't be doing anyway just means I'll get my beer elsewhere.

In my day job, where a virus could mean real physical catastrophe, the only solution is to keep the machines under lock and key. Because users do not listen.

And you know what? No luser access = no viruses / malware etc. Proven time and time again.

I used to intentionally download viruses, to pull them apart and see how they work. Hell, I even wrote (but didn't release) a couple of them myself. Number of (unintentional) infections = 0.

I still have DOS / Windows 3.11 / Windows '95 machines to take care of, number of infections = 0.

In fact I'm just about done rebuilding an old 486/dx2-66 machine for the use of ancient 8-bit proprietary ISA comms cards - I have the utmost confidence that it will do many years service, provided no clown interferes with it. Bring back case / drive bay locks I say.

As for proxies and network security, if the gate unlocks when you walk through it backwards, and there's no clear legally binding agreement not to do so... That security checkpoint is broken, and whoever administers it should be flogged.

If your policy forbids circumventing the poxy and you do so anyway, you are in the wrong, end of story. It's aggravating to anyone who knows what they're doing and I feel your pain, but that's the way it is.

Aside, if anyone calls me a hacker, I'll take it as the highest complement. A cracker is something else entirely.

Edited May 30, 2015 by steve_v

[Rath]

My recently reduced the amount of money they spent on the student wi-fi because someone hacked the teacher wifi and found out the password so we can all get in.

[steve_v]

Wireless security used to be problematic due to flawed encryption. No longer.

If someone managed to crack the wifi, then whoever set up that access point is a fool.

The key to wireless security is don't trust the vendor, pentest it yourself.

I'd bet your school doesn't do regular security audits either.

The number of places I've been where I take out my phone, scan the wifi, and think to myself "15 seconds, that's all it would take. Must... resist... temptation..."

There are still plenty of outfits using WEP, or open nets with a captive portal and no ssl... Then there are home users who don't realise that wifi doesn't stop at the front gate. Sigh.

Edited May 30, 2015 by steve_v

[Ethanadams]

get into wifi use dns then go on google and use inconito mode. still even doing that it is exessivly easy to tell if some one is using your wifi what there looking up.

[Camacha]

The entire point of hacking IS to circumvent security. No serious hacker would EVER directly attack a password, that's TV idiocy.

You are missing the point. Legally there is a huge difference (again, this does depend on jurisdiction) between making use of what is already there, or actually breaking and/or altering a system. Just like there is a difference between trespassing and breaking and entering in real life.

use inconito mode.

Incognito mode will not hide your network traffic. Incognito mode will only limit the history stored on the local computer. So your mom will not know you looked at nudy pics after closing the browser, but the network traffic will be the same. Anyone looking at the network traffic will see what you do.

Edited May 30, 2015 by Camacha

[steve_v]

get into wifi use dns then go on google and use inconito mode. still even doing that it is exessivly easy to tell if some one is using your wifi what there looking up.

Or you could just use TOR. Or an SSH tunnel. Or a VPN for that matter. It's only "exessivly easy" for someone to see where you're going if you don't know what you're doing.

[Fel]

You are missing the point. Legally there is a huge difference (again, this does depend on jurisdiction) between making use of what is already there, or actually breaking and/or altering a system. Just like there is a difference between trespassing and breaking and entering in real life.

I'd like case law reference, it sounds more like you're talking about mens rea than "hacking."

Hacking requires there to be a deficit in the system and you make use of that deficit; you cannot add deficits in, though you can exasperate them. Now, that deficit can be digital, or it can be human. Humans that accept and run trojans, humans that provide passwords for money, etc.

So if I pay someone for the "key" I am not hacking? I'm just "entering"?

There is no "legal" hacking, there's cases where someone who supplied a backdoor (re: proxies) won't be charged because the whole mens rea issue... but if that same person was paid to open that proxy, yes, we have a guilty mind and a strong legal case.

- - - Updated - - -

You seem like the kinda person who would also own a set of lockpicks.

Or a bump key ;p

[steve_v]

Of course ,a set of lockpicks or a bump key does not a locksmith make... Like most things, lockpicking is not at all like on TV, and requires considerable skill and patience.

[Ethanadams]

or you can be less subtlle and use a hammer. works great on locks and computers

[Fel]

Or you could just use TOR. Or an SSH tunnel. Or a VPN for that matter. It's only "exessivly easy" for someone to see where you're going if you don't know what you're doing.

Does TOR protect against deep packet inspection? I think it's designed to provide minimal backtrace information but forward trace is something else, and if you're controlling the network it isn't terribly difficult to turn yourself into a man-in-the-middle attack. (In the idea of intercepting and changing SSL certs for your own)

[steve_v]

AFAIK, it's possible (but difficult since TOR traffic looks just like TLS/HTTPS) to detect the use of tor with DPI. However I am not aware of any tech that can actually get any meaningful information beyond that.

In theory, it should be nigh on impossible to MITM, since the encryption keys are not only ephemeral, they also change with each hop. - Hence the onion reference, each hop unwraps a layer of encryption.

The biggest threat to TOR is compromised nodes, but again, you would have to compromise every node in the chain, and that chain is reconstructed with each new connection.

If the NSA all but admits they can't crack TOR, I seriously doubt a school IT department can

It's also fairly easy to detect someone switching SSL keys on you, provided you have control of the client.

Edited May 30, 2015 by steve_v

[Ethanadams]

i think this thread has gotten a little off topic

[Fel]

In theory, it should be nigh on impossible to MITM, since the encryption keys are not only ephemeral, they also change with each hop. - Hence the onion reference, each hop unwraps a layer of encryption.

At some point though, certs would have to be sent to the client to create those multiple layers of encryption. Using certs from the cache of course makes something like this... maybe... you're not suppose to change a cert before it expires but with the right token you could possibly invalidate it (that, of course, requires having access to the private key and kind of makes it pointless.)

i think this thread has gotten a little off topic

Well... yeah XD.

[Camacha]

There is no "legal" hacking, there's cases where someone who supplied a backdoor (re: proxies)

A proxy is not a backdoor. This discussion has little use if terminology and knowledge are both not up to par, though the latter seems to be okay.

The biggest threat to TOR is compromised nodes, but again, you would have to compromise every node in the chain, and that chain is reconstructed with each new connection.

The sad thing is, you do not. Not really. It is clear by now that government agencies are getting quite far by compromising nodes and deducing traffic and information from it. It is not as anonymous as you would hope any more. Great for school browsing, not so great for dissidents in far away countries.

Also note that searching for it or talking about it means increased surveillance. Even this simple discussion will mean more scrutiny.

Edited May 30, 2015 by Camacha

[Fel]

A proxy is not a backdoor. This discussion has little use if terminology and knowledge are both not up to par, though the latter seems to be okay.

A proxy provides a path into an infrastructure that avoids the normal checks of the firewall. That is the very definition of a backdoor.

Let us simply establish that we disagree, because you obviously adhere to different definitions than I do.

Okay, fine.

Just noting that proxies also can provide clients that bypass port security. This means something that would normally be blocked via the external network (i.e. port 21) is no longer blocked. It isn't always just a webpage, client software brought from home (i.e. TOR) can be designed to open ports normally closed due to firewall security... ports such as IRC or those typically used for gaming... or ports that have more malicious uses.

Internal security isn't at the same level as external security. Hence getting past the external firewall is not insignificant in the slightest; even if you have no real permissions due to network security, you do have access to additional information as to what programs are being run on the systems and can look to see if there's any security advisories in response to said programs.

Though, "firewalls", especially "software firewalls" is so broadly defined that the term itself may be causing confusion. What is the term? Network Access Control? Eitherway...

Edited May 30, 2015 by Fel

[Camacha]

A proxy provides a path into an infrastructure that avoids the normal checks of the firewall. That is the very definition of a backdoor.

Let us simply establish that we disagree, because you obviously adhere to different definitions than I do.

Edited May 30, 2015 by Camacha

[steve_v]

The sad thing is, you do not. Not really. It is clear by now that government agencies are getting quite far by compromising nodes and deducing traffic and information from it. It is not as anonymous as you would hope any more. Great for school browsing, not so great for dissidents in far away countries.

Much as I would like to argue with you (nothing quite like a good argument ), Data vs. metadata et al... I feel the off topic lock hammer inching closer by the minute

[vger]

Early 90's. Senior year computer science course. Pretty much everyone there had never touched a computer before, except for me and two others. Not surprisingly, we ended up being partners in crime in all manner of digital mischief-making. The epic moment though was a fake virus written in Q-basic. Before we left the class at the end of the day, our instructions were always to end whatever programs we were running, and leave the terminal at the command prompt for the next class to come in. This was the moment to execute the program, and turn the speakers all the way up.

Running the program would create a fake command prompt screen that was every bit as convincing as the normal one. Until someone pressed a key. Then came the flashing screen, klaxon alarm noises, garbled text, and something about an imminent critical failure. When this happens on numerous machines simultaneously in a class full of people who don't know squat about computers, the panic is comparable to that of a nuclear bomb alert.

Unfortunately, due to our reputation for trouble and computer skill, it wasn't hard to guess who was responsible, even though nobody, not even the computer teacher was able to fully comprehend it. He didn't know HOW we did it, but he knew it was us. Nevertheless, the punishment was well-worth the laughter.

[Camacha]

Much as I would like to argue with you (nothing quite like a good argument ), Data vs. metadata et al... I feel the off topic lock hammer inching closer by the minute

If I understand you correctly you are right, it (still) is mostly meta data, though without that anonymity normal data could easily be had, they are getting better by the minute at tracking things, and meta data is already a huge resource that tells pretty much anything and everything about someone.

I cannot dig up which new agency it was, but one did an article about what meta data said about you. It is scary how you can pretty much build a complete image of someone's activities, interests, location and affiliation. People always feel safe when it is only meta data, while in reality it is almost the same thing.

And I am sure the mods will not lock a good and honest discussion

[Fel]

Much as I would like to argue with you (nothing quite like a good argument ), Data vs. metadata et al... I feel the off topic lock hammer inching closer by the minute

You might be right...

On the other hand we do have people talking of all the ways they screwed with computer security XD

What this thread topic actually is about remains kind of vague.

[Newt]

AFAIK, it's possible (but difficult since TOR traffic looks just like TLS/HTTPS) to detect the use of tor with DPI. However I am not aware of any tech that can actually get any meaningful information beyond that.The biggest threat to TOR is compromised nodes, but again, you would have to compromise every node in the chain, and that chain is reconstructed with each new connection.

==To the first bit, Iran is able to track TOR with DPI, China may do a similar thing with the Great Firewall. It comes at great expense of speed, however. For a breif period, (less than a day) TOR was blocked in Iran, but this was quickly fixed. As far as compromised nodes, that is one means. More easily, though, you can track people by accessing their computer directly, and monitoring activity there. TOR does not help if you are being tracked by a keylogger. Or if your user agent gives a unique enough fingerprint.

==But, yeah, ultimatley it is a lot more effort than most organizations will be able, willing, and determined to put out. You probably do not even need to use TOR to get past most school blocks, Google Translate probably can often do the trick perfectly well.

==But, to link this post more directly to what is at hand, at my highschool, things were pretty, disorganized as far as computer networks; we were able to create wifi networks from desktop computers, bypassing all the blocks and getting faster speeds. All the computers were pretty unlocked bootable from USB media. Of course, there was not much to steal or destroy (apart from on teachers laptops, I suppose. There were never any problems with this, but I probably could have caused havoc in minutes with a fast booting OS on a USB).

==This did give some interesting opportunities, too, though. I ended up helping fix a very (very) broken laptop that had been donated. IT was somewhat given to a couple of students, myself included, to try to figure out the issues and get it running. It turned out the hard drive, was no longer able to work, and we ended up getting Windows 7 up on it again (I am pretty young).

Edited May 30, 2015 by Newt
trying to fix wall-of-text-itis

[11of10]

Well, regarding school:

Second year of high school, computer science class, we got a new CS teacher, and the poor guy literally knew less than my friend or I.

Now, my friend Ivan and I were perhaps a bit snobby, since our previous teacher simply adored us due to our knowledge (and pretty much let us do whatever we wanted during classes, sometimes using us as teaching assistants).

So anyway, this new guy comes and decides to "put us in proper place". After a few classes, we're furious with him since he literally got scared silly when screensaver started on teacher's computer, and there he is, telling us, who know more than him, what to do. So, I go to one corner of the classroom, and start using DOS "attrib" command to hide all files in all folders on the hard drive (Windows 3.11). Ivan goes to the other corner, and starts placing passwords in BIOS. It's petty I know, but that's what we did.

That was Friday.

Comes Monday, first class was Chemistry, we're all sitting sleepy and trying to learn about electron power levels and such, when school principal storms in, and starts to yell at the entire class: "YOU UNGRATEFUL BUNCH OF MISCREANTS, YOU DIABOLICAL SABOTEURS (He actually said that!) YOU NO GOOD BUNCH OF CRIMINALS" etc etc...

So we're all sitting scared silly and confused, not knowing what it was (we forgot actually what we did on Friday!) when he drops it: "THE ENTIRE COMPUTER SCIENCE CLASSROOM IS DESTROYED! HALF THE COMPUTERS HAVE EVERYTHING ERASED, THE OTHER HALF ARE LOCKED, AND YOU WERE THE LAST CLASS TO ATTEND! I'LL EXPEL EVERY LAST ONE OF YOU FROM SCHOOL!".

Ok, we're in trouble!

-another angry tirade from the principal later, he composes himself a little, and says: "I know who did it!" I just thought "Oh crap!" when he said "NNNNN It was YOU! I know it was you, you know all that computer stuff" And suddenly, the entire class went from being frozen in terror to laughing our rear ends off, since the guy couldn't even install a simple game, let alone make such a "diabolical sabotage", but he always was bragging how he could do this and that...

God, I still laugh when I remember that story!

[steve_v]

Second year of high school, computer science class, we got a new CS teacher, and the poor guy literally knew less than my friend or I...

Dang, deja-vu much Sounds a lot like my CS classes at HS.

Though most of our shenanigans revolved around getting a LAN game of DooM to run on the typing (Gah, boooring) class machines... Not so easy when they're 486s running Win 3.11 and the original Doom engine didn't support TCP natively...

IIRC we ended up hacking up a copy of Fastlynx, using it's DOS serial port emulation as a bridge onto the TCP/IP LAN.

Lots of work, and only 4 players, but better than typing class.

Eventually I and a few others got booted from the CS class, for taking 'shortcuts' (read "better, more efficient code than the teacher") and then getting bored and wandering off to raid the IT storeroom .

School experiences also instilled in me a powerful loathing of BASIC. Awful language IMO.

If there's one thing I can't stand, It's being told "you must do it this way" without a rational explanation as to why. When the tutor is clueless, and relying solely on his own textbook, that explanation is rarely forthcoming.

Incidentally, I still can't touch-type to save myself

- - - Updated - - -

==To the first bit, Iran is able to track TOR with DPI, China may do a similar thing with the Great Firewall. It comes at great expense of speed, however. For a breif period, (less than a day) TOR was blocked in Iran, but this was quickly fixed. As far as compromised nodes, that is one means. More easily, though, you can track people by accessing their computer directly, and monitoring activity there. TOR does not help if you are being tracked by a keylogger. Or if your user agent gives a unique enough fingerprint.

==But, yeah, ultimatley it is a lot more effort than most organizations will be able, willing, and determined to put out. You probably do not even need to use TOR to get past most school blocks, Google Translate probably can often do the trick perfectly well.

That's pretty much what I was going to say For all practical purposes, TOR is an opaque box. While you could analyse traffic flows from exit nodes and attempt to match them up to encrypted streams, it's a lot of work and only going to yield pretty vague metadata. Unless you can also compromise the client in some way you are really relying on bulk traffic patterns. Padding the streams would help, but it's not critical enough yet to justify the performance/bandwidth hit.

For most purposes, TOR is actually overkill. I tend to use SSH tunnels (aka. the 'poor mans VPN') a lot. Gets around poxies, allows tunneling of pretty much any protocol you like, and so long as you know the fingerprint of the SSH server it's pretty hard for someone to snoop on without being noticed.

The best bit is that most sysadmins are loath to block SSH, as they tend use it themselves.

Edited May 31, 2015 by steve_v