Student gets 'A' for hacking school computer (School Asks Tech Geeks To Find Security Holes!)

Clymer News Network ^ | 12/18/02 | Jeordan Legon

[Recovering_Democrat]

You see, Reid already has a perfect 4.0 grade point average at Anzar High School in San Juan Bautista, California. So to leave his mark, he decided to lower his grades to a 1.9 GPA -- a meager D+.

"I couldn't do what most people would want to do when they hack into the school's computer," Reid said. "So I thought it would be funny to do the opposite."

[Recovering_Democrat]

The speed with which kids learn only solidifies my opinion that character training is more important than merely technical knowledge...if one knows the difference between right and wrong, one will use the technology ethically.

For instance, look at, say, Bill Clinton and nearly every other President of the USA...lots of power at the fingertips, most use it ethically--and a few barbarians use it selfishly.

[Recovering_Democrat]

Sorry, forgot to mention: this is an EXCERPT. The URL will take you to the full article.

[lelio]

charactertraining is more important than merely technical knowledge Not to mention that technical training goes stale after about a year, while character stays with you.

[Flashman_at_the_charge]

Script kiddy. :-)

[Maceman]

The speed with which kids learn only solidifies my opinion that character training is more important than merely technical knowledge...

I am amazed how kids take to computers. My 4-year-old daughter, and all her friends at pre-school, can't get enough. They love to play computer games on the PC. It's gotten to the point where I have to fight my four-year-old for computer time on my own system.

Guess 4 years old is the age at which kids start needing their own computers, judging by my daughter and her peers. I hadn't expected that.

[Callahan]

Can this kid hack into Al Gore's head and fix the broken personality chip?

[NUCKLEHEAD]

It took three hacking programs less than a second -- 200 milliseconds to be exact -- to find the password to the school's computer, Reid said. It was the school secretary's name: Silvia.

I don’t mean to belittle his abilities, but this is sort of like defeating an alarm system that was not armed.

I’d like to see the results of his hacking programs working on our passwords. They are 26 characters – 8 letters (at least two must be “other case”), 8 numbers, 4 punctuation/special characters (excluding ‘~’), and then you append your SecurID number (that changes every 60 seconds) on the end. You can have no more than 3/3/2 letters/numbers/special characters in any substring – except for the 6 digits at the end.

Oh, and you have to change your password ever 72 hours or it expires and you get locked out.

The good part is that we have had no instances of unauthorized access. The bad news is that 1)nobody can remember their password, 2) nobody can remember to change their password, so they get locked out, or 3) they lose/misplace their SecurID token.

Other than that it’s a really great system. (snicker).

[supercat]

I’d like to see the results of his hacking programs working on our passwords. They are 26 characters – 8 letters (at least two must be “other case”), 8 numbers, 4 punctuation/special characters (excluding ‘~’), and then you append your SecurID number (that changes every 60 seconds) on the end. You can have no more than 3/3/2 letters/numbers/special characters in any substring – except for the 6 digits at the end.

Yeesh. Okay, I guess a1a1-a1a1-a1a1-a1a1-123456.

Do I win?

[supercat]

Sorry, A1a1-A1a1-A1a1-A1a1-123456.

[NUCKLEHEAD]

Yeesh. Okay, I guess a1a1-a1a1-a1a1-a1a1-123456.

Do I win?

I know… it’s overkill. I didn’t create the specifications - but you don’t have any “other case” letters, you use the same letter more than three times, you use the same number more than twice, and there is a “pattern.” The 31 page password rule-set does not allow that. I’m serious – I’m laughing, but serious.

You’d have to have something more like this example:
aC3%d^kT91fNo8$92#4791A37F = 8 letters (aCdkTfNo), 8 numbers (39189247), 4 special chars (%^$#) – then you add your (91A37F) ID number at the end (but that changes every minute, so YMMV).

They literally have a Password Wizard to guide you through the painful password creation process. I’m not kidding.

You can see what a great scheme that is… Remember that for three days then make a new one.

I’ve never seen a password cracker (brute force) that can pop it in the 60 seconds before the last 6 digits expire (even if they have the uname/serial number for the token) or in the 72 hours before the whole thing expires. That’s about the most positive thing I can say for it.

I guess that's what they had in mind, because it sure is a PITA. But does seem to work... so far.

[amigatec]

Well from the looks of the picture the school was using Windows, no wonder he hacked it so easy.

[Amelia]

Then there was the school where I once worked...the student computer labs were on the same network as the teachers' grade program. Teacher's ID was their first initial and last name, password was last 4 digits of SSN. Teachers weren't allowed to change either.

If were on the network, put in a teachers' ID, didn't know the password and hit "cancel", you'd go right into their grades anyway.

I don't know if they ever fixed it or not.

[goodnesswins]

My grandson was fascinated with my computer - at about 16-18 months - he just KNEW that mouse had power....and he wanted it!

[Jack of all Trades]

Sounds like my son, now 19 months. He'll toddle on over to the computer and demand "Truck" or "Pooter - Truck". Whereupon I'll have to stop whatever I'm doing to find a website with truck pictures. Once he's on my lap though, he won't rest until he has a hold on the mouse. He knows it makes the screen move, and stuff pop up, but he hasn't yet realized that he can control the exact movement of the mouse pointer.