cooper Posted November 17, 2014 Posted November 17, 2014 I'm going to try and keep an eye on how this story develops as it portrays a very real scenario that it would seem a significant portion of visitors here are dreaming of. Here's one of the many dutch-language news articles on the story. So what happened? It all happened at a prestigious 'gymnasium' school in Amsterdam. Gymnasium is a dutch level of advanced learning and is reserved for approximately the top 5% of kids, you typically enrol at age 12 and move on to another school at 18. At this school, 3 students roughly 16 years of age at the time discovered the password of the 'conrector' - a title unique to the dutch school system for a senior teacher, acting just under the school's head master. They found out what his password was when one of the students simply looked over his shoulder as he typed it in, and wrote it down for future use. Over the course of the subsequent year, using this person's privileged account, they modified their school grades and absentee reports. It would appear that at this school there was no (enforced) policy for routinely modifying your password nor was there any process in place to verify the absentee reports. Outcome so far? The three students have been suspended as the school contemplates an appropriate punishment. Likely punishment is going to be that they'll get a few months suspension and will be set back a year to prove they actually did take in all the school material. Also fairly likely is that they'll be expelled from this school. So let this be a lesson to you young 'uns: Don't fuck with your school network! Quote
newbi3 Posted November 17, 2014 Posted November 17, 2014 The school I teach at has a open wireless network that you can connect to but it has a captive portal that you have to login to (which you create a username and password for before coming to the school). Anyways after becoming a teacher i logged in with my teacher creds and the second day i was there I opened my laptop and noticed I was never asked to login to the portal. so I immediately spoofed my mac address and was asked to login again. This got me thinking that they are identifying you based upon your mac so i spoofed another laptops mac address that had never connected to the network to my mac books mac that had connected and it got online right away with no questions asked. This is awesome because students have less network permissions than the teachers do (they can't go on facebook youtube but teachers can) so all a student has to do is spoof their mac to a teachers and they can do whatever they want. I'm really hoping that they never decided that since you are authenticated to the network (based upon your mac) that you should automatically be authenticated to email, gradebook, or whatever but I can see it happening Quote
Armaal Posted November 18, 2014 Posted November 18, 2014 (edited) Captive portal based "only" on mac adress is a really bad idea but i'm pretty sure it's almost 60% of WiFI router. HP ProCurve ? Edited November 18, 2014 by Armaal Quote
newbi3 Posted November 18, 2014 Posted November 18, 2014 Captive portal based "only" on mac adress is a really bad idea but i'm pretty sure it's almost 60% of WiFI router. HP ProCurve ? The last part didn't make any sense Quote
Armaal Posted November 18, 2014 Posted November 18, 2014 The last part didn't make any sense I was in hotel suite 2 days ago. The installation (Wifi Extender, Routeur etc..) was HP stuff. Exactly ProCurve. The system was performing under MAC filter only Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.