School NAS

[Badmanh]

Hey, i recently found a bug in the college NAS, i logged off my pc and went to tell the tech's, anways about a week later i come back to college and everyone knows how to access peoples work.. i never thought anything of it, now a month later, people are saying there work has been deleted/renamed.. the bug is as follows, open ms office word, toolbars > web > \\nasdevice\username\work and explorer opens with their work. Now i have been told i have been watched(from a kid that got caught), is there anyway they could possibly do this? logs on the NAS?

I have no way to prove i'm innocent if they havent been watching/logging because i found this bug, even though i told them straight away, it hasnt been fixed..

now i'm just wondering about consiquences..

and anyway to possibly fix it?

[Swathe]

After you found the bug, did you continue to access the NAS? If you kept going back afterward there would be little you could do to make it innocent looking. Personally, I would have kept this "bug" to myself. I guess write some sort of letter stating when you found the bug and who you spoke to about getting it fixed.

[Badmanh]

No I didn't keep accessing it other then my

Own work, also never told anyone.. I went straight to the server room and demoed it to them, they said thanks we'll fix it and that was the last I heard until now

[stingwray]

If it hasn't been fixed then it would be polite to write a letter to them, detailing everything and some of the implications of it, then also send a copy to the headmaster (say that you are doing this in the letter), and keep a copy for yourself.

Remember to be polite and re-iterate that you are informing them because of the risks and possibly to see this as a free service that many companies and institutions pay for. You can also suggestion ways to resolve the problems if you can think of something.

If this doesn't worth then you may want to get the parent's association (or equivalent) involved if it is serious enough. I.e. you believe people could delete or alter other peoples work etc.

But what ever you do, do not tell any of your friends or people not previously mentioned in this post.

[SomethingToChatWith]

You know, the scary part is that some colleges allow ftp access to student files from anywhere. If the tech guys won't listen take it to administration and have them handle it.

[Badmanh]

The thing is I have never told anyone about it but my fear is that it will come back to me.. The good guy always finished last I guess I will never help them securing there servers.. I just wanted to clarify can they log what you are doing nas side?? If not that may help me.. I know you can watch on rdp but I have never seenn the accept message

[SomethingToChatWith]

They should be able to log just about anything they control, but by the problems you've described it sounds like they're doing a half-ass job if anyone could access anyone elses files.

[H@L0_F00]

I hate when shit like this happens :( IMO Swathe is right about keeping what you find to yourself. By telling them they have a basis to blame *everything* on you... You pleaded guilty without even knowing it

[Swathe]

Plus that "backdoor" will get closed and it may have been something useful to have up your sleeve. When I find anything at work or wherever, I make sure it's noted and filed for potential future use.

[WhollyMindless]

I'd be keeping my personal stuff somewhere else... (grin)