School District IT shenanigans

[Ethanadams]

lots of my viruses come from accedentle clicking of adds because my mouse is really easy to click and not knowing what sites im going to im not doing anything secritive or inapropriate and corrupted files. well now i know why im getting the click of death

[Leszek]

why would they get mad over a virus now days it is almost impossible to not have a virus or seriusly currupted files in computers

It is spectacularly easy to not get a virus/malware. I have gone months even years without a virus checker without getting one. I had real difficulty figuring how it was such a problem until I started fixing other peoples computers.

A 90+% of the time a virus is the users fault. They don't know what they are doing and don't read what is on the screen and click accept to everything. Software on the internet is like candy from strangers, but people don't see it that way.

The handful of times I got a virus it was my fault, I knew I got it right away, I cleaned it. (Normally I just re-install windows. I have Windows on its own drive so all my pictures, e-mails, weblinks, ETC are still there.)

I haven't had an issue with corrupted files since my hard drive started shedding back sometime in the late 90's.

Edited May 28, 2015 by Leszek

[r4pt0r]

long ago I used a proxy to get around the firewall at school and they called my parents because I was "hacking"

[pxi]

long ago I used a proxy to get around the firewall at school and they called my parents because I was "hacking"

There's a certain numerically-titled computer security magazine that I subscribe to. Almost every issue the letters page has at least one similar (often worse) story. It's sad really. Unfortunately it's easier to 'shoot the messenger' than actually address the root issue of the infrastructure itself being faulty.

[steve_v]

long ago I used a proxy to get around the firewall at school and they called my parents because I was "hacking"

I once got pulled up for 'hacking' because I had changed the desktop background on a bunch of machines to solid red.

Admittedly it was my intention to cause some chaos, as a red background was the mechanism the clueless teachers used to identify admin logins.

By this stage I already had all the admin logins, the desktop background trick was a smokescreen for the real game - a quick floppy disk boot on the crummiest machine in the room while everyone was distracted. Nobody ever figured out why I liked that box so much either.

The local IT monkey tried to screw me, claiming it took him 2 hours to change those wallpapers back, so later that week I wiped his secret (and pirated) copy of StarCraft (or was it WarCraft?) off the network drive.

Not that I'm condoning cracking school networks of course, but they just made it so easy... The infrastructure was indeed faulty, but I rather liked it that way.

We were allowed and encouraged to carry 3.5" floppy disks around between machines, but when I tried to bring along a store bought pressed CD... I was told it wasn't permitted as it might have a virus on it.

That was a while ago now, seems school IT departments haven't improved much since.

It is spectacularly easy to not get a virus/malware...

Agreed. If there's one thing in IT that really irks me, it's people that claim "viruses happen, it's not my fault" or seem to believe that computers somehow break themselves with no user input. Even that the machine is somehow 'cursed' or 'out to get them'.

eg.

It was fine when you got it, you used it and now it's broken/infected/full of pr0n... And you're telling me you had nothing to do with it? Yeah, sure. Computers do these things by themselves.

Alternatively: Oh no, the computer deleted all my files..." No. You deleted those files and/or failed to keep backups. Tough bikkies, what do you want me to do about it?

The best defense against malware is to teach people not to download malware.

... I know where they get their viruses from - sites and apps they shouldn't be visiting/playing with. I find no excuse for it.

Again, this^. I get the same sort of side jobs from time to time, IME this kind of thing accounts for ~95% of 'problems'.

If you care to venture into the darker side of the 'net, be sure you know what you're doing. Or have deep pockets for 'repairs', I don't do these jobs for free anymore.

I've been around the 'net since the 14.4k, and I know some fairly dark and disturbing corners. But the stuff I find on some peoples repair jobs makes my hair stand on end... They also tend to be repeat customers.

Edited May 29, 2015 by steve_v
Bored, more.

[pxi]

We were allowed and encouraged to carry 3.5" floppy disks around between machines, but when I tried to bring along a store bought pressed CD... I was told it wasn't permitted as it might have a virus on it.

That was a while ago now, seems school IT departments haven't improved much since.

That's quite head-shakingly stupid.

Agreed. If there's one thing in IT that really irks me, it's people that claim "viruses happen, it's not my fault" or seem to believe that computers somehow break themselves with no user input. Even that the machine is somehow 'cursed' or 'out to get them'.

eg.

It was fine when you got it, you used it and now it's broken/infected/full of pr0n... And you're telling me you had nothing to do with it? Yeah, sure. Computers do these things by themselves.

Alternatively: Oh no, the computer deleted all my files..." No. You deleted those files and/or failed to keep backups. Tough bikkies, what do you want me to do about it?

The best defense against malware is to teach people not to download malware.

I get this attitude myself quite a bit. It's wilful ignorance. If someone is willing to find out what went wrong, I'm perfectly happy to enlighten them, but it's very rare. Meh, as you say, it pays the bills. And yeah, if you're going to fix computers for a living, you'd better be prepared to see some interesting stuff on people's pc's. The pr0n downloading rootkit is truly the industry's best-kept secret, because yeah, the end-user is never, ever to blame.

[Kinglet]

I once got pulled up for 'hacking' because I had changed the desktop background on a bunch of machines to solid red.

Admittedly it was my intention to cause some chaos, as a red background was the mechanism the clueless teachers used to identify admin logins.

By this stage I already had all the admin logins, the desktop background trick was a smokescreen for the real game - a quick floppy disk boot on the crummiest machine in the room while everyone was distracted. Nobody ever figured out why I liked that box so much either.

The local IT monkey tried to screw me, claiming it took him 2 hours to change those wallpapers back, so later that week I wiped his secret (and pirated) copy of StarCraft (or was it WarCraft?) off the network drive.

Not that I'm condoning cracking school networks of course, but they just made it so easy... The infrastructure was indeed faulty, but I rather liked it that way.

We were allowed and encouraged to carry 3.5" floppy disks around between machines, but when I tried to bring along a store bought pressed CD... I was told it wasn't permitted as it might have a virus on it.

That was a while ago now, seems school IT departments haven't improved much since.

Agreed. If there's one thing in IT that really irks me, it's people that claim "viruses happen, it's not my fault" or seem to believe that computers somehow break themselves with no user input. Even that the machine is somehow 'cursed' or 'out to get them'.

eg.

It was fine when you got it, you used it and now it's broken/infected/full of pr0n... And you're telling me you had nothing to do with it? Yeah, sure. Computers do these things by themselves.

Alternatively: Oh no, the computer deleted all my files..." No. You deleted those files and/or failed to keep backups. Tough bikkies, what do you want me to do about it?

The best defense against malware is to teach people not to download malware.

Again, this^. I get the same sort of side jobs from time to time, IME this kind of thing accounts for ~95% of 'problems'.

If you care to venture into the darker side of the 'net, be sure you know what you're doing. Or have deep pockets for 'repairs', I don't do these jobs for free anymore.

I've been around the 'net since the 14.4k, and I know some fairly dark and disturbing corners. But the stuff I find on some peoples repair jobs makes my hair stand on end... They also tend to be repeat customers.

Computers can corrupt files by themselves, but its rare and usually small scale. A friend of mine had his NVIDA driver get corrupted, but I guided him to make a reinstall. He is very careful about downloads and programs, so it is very unlikely that he did it.

[Camacha]

Computers can corrupt files by themselves, but its rare and usually small scale. A friend of mine had his NVIDA driver get corrupted, but I guided him to make a reinstall. He is very careful about downloads and programs, so it is very unlikely that he did it.

That is what backups are for. There are simple and clear procedures on how to keep your data safe, failure to understand or comply is really up to the user.

[LordFerret]

... know some fairly dark and disturbing corners. But the stuff I find on some peoples repair jobs makes my hair stand on end... They also tend to be repeat customers.

Yes. And just when I thought I'd seen just about everything..... Some of it has been truly appalling. A thing once seen cannot be unseen.

I know what you mean about 'repeat customers'. I have a few habitual bad habit surfers I deal with. One of my solutions is escalating fees. Some of them, never mind 'repeat customers', I call them 'repeat offenders'. One such individual, I had to warn them to change their ways, and to not bring me such a machine to fix ever again.

[Camacha]

Yes. And just when I thought I'd seen just about everything..... Some of it has been truly appalling. A thing once seen cannot be unseen.

I know what you mean about 'repeat customers'. I have a few habitual bad habit surfers I deal with. One of my solutions is escalating fees. Some of them, never mind 'repeat customers', I call them 'repeat offenders'. One such individual, I had to warn them to change their ways, and to not bring me such a machine to fix ever again.

I do not really get this. Someone might be doing legal things that are a bit unusual, in which case it is his own choice and a private matter, or someone is into illegal things, in which case it should be a police matter.

[Shpaget]

I do not really get this. Someone might be doing legal things that are a bit unusual, in which case it is his own choice and a private matter, or someone is into illegal things, in which case it should be a police matter.

Yep.

You as tech support/fixmybrokenpcguy are supposed to act professionally when dealing with private data you have access to while fixing a machine. Refusing such a repeat customer because you don't like the same .... he likes is not only unprofessional, but it may actually be illegal, depending on where you live.

[Camacha]

Yep.

You as tech support/fixmybrokenpcguy are supposed to act professionally when dealing with private data you have access to while fixing a machine. Refusing such a repeat customer because you don't like the same .... he likes is not only unprofessional, but it may actually be illegal, depending on where you live.

I think browsing through material not essential for a repair is illegal in most instances too, though it depends on the country of course. You are expected to respect someone's privacy, even if he hands over his computer himself.

[pxi]

I think browsing through material not essential for a repair is illegal in most instances too, though it depends on the country of course. You are expected to respect someone's privacy, even if he hands over his computer himself.

It's a grey area. It can be hard to avoid stumbling across some material. As for respecting someone's privacy, I've never once spoken directly about a single thing I've seen. (I did once get legal advice about a particular case where something that I saw was really pushing the boundaries of legality.) I don't go trawling looking for dirt, but the reality is you're going to see things when you're tasked with moving files from one PC to another, or wiping an email mailbox or whatever. There are times when you are instructed to do things in a certain way, and that's what you do.

[Camacha]

It's a grey area. It can be hard to avoid stumbling across some material. As for respecting someone's privacy, I've never once spoken directly about a single thing I've seen. (I did once get legal advice about a particular case where something that I saw was really pushing the boundaries of legality.) I don't go trawling looking for dirt, but the reality is you're going to see things when you're tasked with moving files from one PC to another, or wiping an email mailbox or whatever. There are times when you are instructed to do things in a certain way, and that's what you do.

Hence the not essential for a repair part of my post, since that was a rather essential bit.

[Ethanadams]

so i figured out what the corrupted files were coming from i might have the click of death and a scratch on the drive so yeah

[Starwhip]

Speaking of insecure infrastructure... the codes for our school's computer accounts are stupid. The <insert expletive here> local admin account has the same username and password. I mean, COME ON.

And then through that admin account you can reset the password on the network admin account....

I've never messed with this stuff personally, but good God someone could seriously screw their system over.

Oh, and if you change the id at the end of your records download url you can get the record of any student.

[kenbobo]

The network at my old school was an all mac network. On this network, if you just go to the server, and choose the "users" drive, you can access all of the students and teachers files. Then we (i guess) changed to Google apps and now that's nullified.

[Flymetothemun]

Speaking of insecure infrastructure... the codes for our school's computer accounts are stupid. The <insert expletive here> local admin account has the same username and password. I mean, COME ON.

And then through that admin account you can reset the password on the network admin account....

I've never messed with this stuff personally, but good God someone could seriously screw their system over.

Oh, and if you change the id at the end of your records download url you can get the record of any student.

IIRC, Credit cards used to be this way until they were randomly generated numbers. Increase your credit card number by 1, 2, or a few, get lucky and guess the PIN right, and you could use another guy's money. Thank goodness it isn't that way now.

[Fel]

long ago I used a proxy to get around the firewall at school and they called my parents because I was "hacking"

That IS hacking. You are utilizing resources to circumvent network security and if someone uses that pathway to get into the system, are you going to say "I wasn't doing anything wrong... I just was bypassing network security?"

why would they get mad over a virus now days it is almost impossible to not have a virus or seriusly currupted files in computers

For the same reason they get mad over people hacking the system. If it is your personal computer, don't give a crap... but if you unleash a virus on the network it is a MAJOR pain to fix. Home security is nearly pointless, but when you're dealing with thousands of computers all needing to be reimaged due to a compromised network... and the problem was you disabling the anti-virus because it was preventing you from downloading something.

Ever watch those "Upgrade to a digital life / security" commercials and think "So you want to put cameras all over my home, have a closed security system that I cannot check to see if they're still secure, and risk someone hacking into the system, or employee's leaking it online?" Of course not, because no one thinks about network security until it is too late.

I don't get it.

So what if your computer had some malware? It's not your fault. You did not put it there.

In fact you should go back to school and tell that media center person that their insufficiently protected device has put you and your privacy at risk, then sue them for all the trauma you are experiencing due to your personal info potentially being available to an unknown party.

Once you reap the millions they owe you, send me a check to 25%.

He did put it there. ~100% of the time a user willingly downloads and runs a virus. There are network viruses which use weaknesses in the network; but the real problem comes from the user, downloading anything that can be downloaded and giving everything root level permissions.

[Camacha]

That IS hacking. You are utilizing resources to circumvent network security and if someone uses that pathway to get into the system, are you going to say "I wasn't doing anything wrong... I just was bypassing network security?"

Hacking is generally defined as breaking through or manipulating security, not circumventing it altogether.

[Ethanadams]

dont look here i made a mistake

Edited May 30, 2015 by Ethanadams

[Camacha]

circumventing it is a type of hacking its called a back door

Do you even know what you are saying? You seem to be confusing things, or should explain yourself a little better.

[Ethanadams]

sorry i got that confused with something else but yes circumnavigating blocks is generally viewed as "hacking" by most people

[Fel]

Hacking is generally defined as breaking through or manipulating security, not circumventing it altogether.

The entire point of hacking IS to circumvent security. No serious hacker would EVER directly attack a password, that's TV idiocy. Wanna crack a computer in 30 seconds? Use a boot disk. No matter how strong your password is, unless you encrypted the hard drive I can access it. But you set a bios password, well many bios passwords can be "circumvented" by flooding the prompt and causing a buffer overflow. Circumvention, fast, clean, simple.

Even when getting passwords, you download the database and just use hybrid attacks. Hybrid attacks already account for many of the likely candidates without bothering with the whole "think like the person" nonsense.

[Dman979]

The entire point of hacking IS to circumvent security. No serious hacker would EVER directly attack a password, that's TV idiocy. Wanna crack a computer in 30 seconds? Use a boot disk. No matter how strong your password is, unless you encrypted the hard drive I can access it. But you set a bios password, well many bios passwords can be "circumvented" by flooding the prompt and causing a buffer overflow. Circumvention, fast, clean, simple.

Even when getting passwords, you download the database and just use hybrid attacks. Hybrid attacks already account for many of the likely candidates without bothering with the whole "think like the person" nonsense.

You seem like the kinda person who would also own a set of lockpicks.