In high school I was blacklisted from an admin position for demonstrating that you could write in Digital Command Language a program that simulated the login environment, stored login attempts, and then after three tries exited to the real login environment to let the user in. In college I was nearly expelled for just mentioning to the IT guys that they didn't have a password on some database, and I could get in with just telnet. These attitudes haven't changed much since 1990 at least.
maratd|12 years ago
Why would they?
A blatant oversight is a sign of incompetence and by making such incompetence public, you're threatening their job security. Why would anyone react positively?
You're better off making the disclosure anonymously.
genwin|12 years ago
When the info comes from an anonymous source they can't take their frustration out on the messenger. (Instead of thanking the messenger as they should.) I don't get why these hackers often give up their anonymity.
edvinbesic|12 years ago
It would let you try one time, tell you you entered the wrong password (saving it to file) and exit, at which point windows would load the novell login screen that looked exactly the same.
Good times.
GrinningFool|12 years ago
I collected many passwords - I never used them or intended to, I just wanted to see if I could do it.
I made the classic mistake though - I told someone about it. A few days later word got around. I was suspended for a week and was banned from computers for the rest of my time there.
Edit: Now that I think about it (I haven't in years): What kind of response is that? Someone shows some creative thinking and does so in a way that is obviously[1] quite naive/without ill intent. While I understand that you want to discourage the specific behavior, perhaps steering the culprit to use talents with more foresight would have been a better answer.
[1] Looking back, I was something of an asshat in the personal skills department so it's entirely possible that they simply didn't believe my lack of nefarious intent.
bradyd|12 years ago
We did end up getting the admin password and getting access to the server. I had written another program (also in VB) that would run hidden in the background and randomly open and close the CD-ROM drive. I uploaded this program to the server and attempted to get it to push to all of the computers in the school, but I don't believe I was successful as I didn't really know anything about Novell and never saw it working on any machines.
One of my fellow classmates also found the schools SOCKS proxy so we were able to run AIM and ICQ on the school machines. Our teacher pretty much let us do whatever we wanted in that class. It was my third year taking a programming class with her and she allowed the advanced students to work on their own projects. In that class I also wrote a Group/IM chat client in VB with a Perl server. As GrinningFool said, responding to teens who are obviously interested in computers with bans or expulsion or worse is just stupid. If I hadn't had the freedoms that my teacher gave us in those classes, I wouldn't have learned anywhere near as much as I did.
richforrester|12 years ago
perlpimp|12 years ago
I'll conjure up respected Arthur C. Clarke - Third law: Any sufficiently advanced technology is indistinguishable from magic. Put scared people and magic together and you got bonfires going. This why hackers rot in jail for longer than murderous psychopaths.
But then again I was more of a black hat for most of my life than white.
my 2c
monksy|12 years ago
I also figured out how to access the middle school's library database without a login. [That wasn't secured, nor did it require a password]
Also, nearly got in trouble with the IT administrators at my high school because I found out how to send Novell messages.
I was a very bored kid.