Freakish Posted June 20, 2006 Share Posted June 20, 2006 Yes to the Second point, and its not just about my school its more about my ethics. Would it be right for me to give your debit card and pin number to a random person? It wouldn't affect me but I still would be doing something wrong. Quote Link to comment Share on other sites More sharing options...
Shaun Posted June 20, 2006 Share Posted June 20, 2006 Ah, it's about ethics is it? Not about how you don't want this to be patched so you can exploit it? Tell your admins and the company that develops the software then. Quote Link to comment Share on other sites More sharing options...
Freakish Posted June 20, 2006 Share Posted June 20, 2006 I'm not done having fun with it yet. Quote Link to comment Share on other sites More sharing options...
ZeR0BuG Posted June 20, 2006 Share Posted June 20, 2006 I'm not done having fun with it yet. You are talking about it falling in to the wrong hands and your "not done having fun with it yet." it sounds like its in the wrong hands right now. Quote Link to comment Share on other sites More sharing options...
Shaun Posted June 20, 2006 Share Posted June 20, 2006 I'm not done having fun with it yet. But surely you are putting systems at risk at your school and every other school that uses this software if a more malicious person were to discover it? Your not allowing this vulnerability to be patched for your own personal amusement could put other students' school work at risk, therefore surely you should report it? It's a matter of ethics, don't you know? Quote Link to comment Share on other sites More sharing options...
Freakish Posted June 20, 2006 Share Posted June 20, 2006 I'm not doing anything evil with it. I'm just using it so I can do things like use my snes emulator, and go on firefox. Quote Link to comment Share on other sites More sharing options...
Shaun Posted June 20, 2006 Share Posted June 20, 2006 I'm not doing anything evil with it. I'm just using it so I can do things like use my snes emulator, and go on firefox. But in allowing the hole to remain unpatched someone else might do something evil. Quote Link to comment Share on other sites More sharing options...
ZeR0BuG Posted June 20, 2006 Share Posted June 20, 2006 i totaly agree with you Horza... hes talking about it falling into the wrong hands, when he doesnt want to stand up and say that the school network has a vulnerability and have it patched so grades, finanical information, contact information wont get compromised, when he is obviously using it for his own purposes. and what if he was using that to install something, and a virus came along with it, and then you have every computer in the district compromised now because he didnt want to tell them that they had a problem. Quote Link to comment Share on other sites More sharing options...
Freakish Posted June 20, 2006 Share Posted June 20, 2006 I'll probably tell my teacher when I'm in my cisco coarse next year. School ended today. Quote Link to comment Share on other sites More sharing options...
ZeR0BuG Posted June 20, 2006 Share Posted June 20, 2006 you can email the schools sys admin.. they still do stuff over the summer... and then the summer school students are using the computers over the summer.. and that vulnerability is still open for them to find and exploit. Quote Link to comment Share on other sites More sharing options...
Shaun Posted June 20, 2006 Share Posted June 20, 2006 I win :) Quote Link to comment Share on other sites More sharing options...
ZeR0BuG Posted June 20, 2006 Share Posted June 20, 2006 no.. we both win 8) :idea: :idea: :idea: :idea: :idea: Quote Link to comment Share on other sites More sharing options...
Freakish Posted June 20, 2006 Share Posted June 20, 2006 I don't know if I want to risk it... I've sort of broken several rules. Quote Link to comment Share on other sites More sharing options...
ZeR0BuG Posted June 20, 2006 Share Posted June 20, 2006 anonymous email... dont tell them that its you. just tell them that they have a vulnerability. lol Quote Link to comment Share on other sites More sharing options...
manuel Posted June 20, 2006 Share Posted June 20, 2006 I'm not doing anything evil with it. I'm just using it so I can do things like use my snes emulator, and go on firefox. Good for you. I truely hope they catch you soon, since I agree with others here. This concept has gotten to the wrong hands already. ...and its not just about my school its more about my ethics If you call this ethical, then fine so be it. Ethical in this case would be to notify the system admins of this issue immediately. that's all I have to say. Manuel Quote Link to comment Share on other sites More sharing options...
ZeR0BuG Posted June 20, 2006 Share Posted June 20, 2006 Straight from a school sys admins keyboard! (am i correct) The sys admin at my school knows i look for bugs in their system, and the second i find one i report it to the sys admin and he thanks me. I dont get in trouble... well i havent done any thing that would break the rules in the student hand book. EDIT: Quit worring about your ass and start worring about the consequences of the vulnerability unpatched.. If you got in jsut think about how easy it would be for an experienced hacker to get in and so some real damage to the schools network. Like i said before, they keep financial recordon the computers. and the school could get screwed over if you dont step up and report it. Quote Link to comment Share on other sites More sharing options...
Freakish Posted June 20, 2006 Share Posted June 20, 2006 I still can't say that I agree. This exploit has been available for about 6-7 years, and as far as I know I am the only one to find it out. I'll think about telling an admin. Quote Link to comment Share on other sites More sharing options...
ZeR0BuG Posted June 20, 2006 Share Posted June 20, 2006 Don't Think... Just DO! Quote Link to comment Share on other sites More sharing options...
Freakish Posted June 20, 2006 Share Posted June 20, 2006 Well before I do anything I need to get on a computer at school and erase my tracks. Quote Link to comment Share on other sites More sharing options...
manuel Posted June 20, 2006 Share Posted June 20, 2006 Straight from a school sys admins keyboard! (am i correct) The sys admin at my school knows i look for bugs in their system, and the second i find one i report it to the sys admin and he thanks me. I dont get in trouble... well i havent done any thing that would break the rules in the student hand book. Yep, If it were my school, I'd kick you off of the systems if I discovered you were trying it for a period of time, regardless if you told anyone or not ( we require disclosure as per the Acceptable Use Policy). Now, if a student were to notify me of an issue immediately explaining everything he/she did, step by step, we would embrace that student's knowledge and possibly offer him/her a part time job. Hell, that's how I got started. My Senior year a few friends and I discovered some problems with the sys admins thinking. We had an intelligent conversation with the admin and explained what we noticed and offered to help patch the systems with his supervision. I am sure he wasn't sure of us, but because we approached him with inteligence he gave us the chance to show him and eventually gained his trust. By the end of the school year I had enough trust that I knew system admin passwords (not cracked, but earned) and have been working here since. ( Yeah I know I said "that's all I have to say..." but I can't STFU so :p ) Quote Link to comment Share on other sites More sharing options...
ZeR0BuG Posted June 20, 2006 Share Posted June 20, 2006 I explain to him step by step.... Ive gotten recongnition from the district superintendent and the district system administrator for helping them with their systems. My schools sys admin and I have intellegent conversations about the computer and he wants me to be his aide next year. I dont do any thing that violates the rules... I give him a list of proxies that I have dug up from students. Quote Link to comment Share on other sites More sharing options...
Freakish Posted June 20, 2006 Share Posted June 20, 2006 I'm still debating this in my mind. It's easy for other people to just tell me to go to an admin. Quote Link to comment Share on other sites More sharing options...
ZeR0BuG Posted June 20, 2006 Share Posted June 20, 2006 Its not hard to create an email telling him the vulnerability. Quote Link to comment Share on other sites More sharing options...
Freakish Posted June 20, 2006 Share Posted June 20, 2006 Well it's pretty hard for me right now. 1. I could get kicked off the computers (that I need for class) 2. My school's website is down so I can't get any of the emails. Quote Link to comment Share on other sites More sharing options...
ZeR0BuG Posted June 20, 2006 Share Posted June 20, 2006 well.. You dont have to say its you! Create a fake email. WHen the servers come back up like the CISD servers were down for a few days.... email them Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.