Hacker News

9 days ago by jimt1234

Working in IT/tech for school district is the worst. My experience from many years ago - around 2002, I think:

1. First day on the job, email to boss: "Hey, the computer lab at Springfield High has a ton of known security flaws that are begging to be exploited."

2. Reply, 1 week later: "Sorry, we don't have any money for that. Just keep everything up-and-running."

3. 3 weeks later the computer lab at Springfield High got "hacked". All the computers displayed a popup window that said, "Miss Krabappel is a dyke!" (sorry for the offensive language)

4. Next day, email from boss: "The computer lab at Springfield High was hacked! Figure out how to fix this and make sure it doesn't happen again!"

5. A few days later Miss Krabappel filed to sue the school district. The local newspaper picked up the story.

6. Email from boss, in full panic mode: "I need you to figure out who hacked the computer lab at Springfield High so we can report him to the police!"

7. A week later an independent consulting firm was brought in to help identify the person behind the "hack". I heard they were paid $50K and found nothing. However, the kid got ratted out when he told all his friends. (It wasn't Bart Simpson! ;) )

8. Several weeks later: meeting to discuss working with a consulting firm that's gonna fix all the security issues because the current staff (me and my team) lacks the skills.

9. About 6 months later, I quit.

8 days ago by acidburnNSA

I 'worked' for my own high school's IT dept, a few hours a week, as a student. It was an amazing experience working with those guys. I learned so many things, from how to punch, terminate, and run cables to how to set up a Ghost image and deploy it en masse across the district.

One day one of the old macs was showing the frowny face in a in-session classroom. Boss sent me down there with specific instructions: "pull out the hard drive and beat it really hard with the handle of this screwdriver". I was like: "?" and he was like, "just do it".

So I go down there and let myself in, trying not to interrupt the class. I climb behind the computer on a cart and pull out the HD. I beat it with the handle, like a good 10 times. Of course this got the class all riled up. I blushed, but told them this was normal operating procedure. Plug it back in and it works. I was (secretly) as amazed as everyone else in the class.

Back in the IT office, I say it worked. IT boss smiles and nods. I ask how. Well as it turns out some of those old hard drives used a vegetable oil based lube that seizes up if it's not used for a while. So if you bash it it un-seizes and starts turning again.

Anyway great times, fun memories. We all got our CompTIA A+ certifications at the end, but don't ask me what IRQ number is for the parallel port these days.

8 days ago by specialist

> ...pull out the HD. I beat it with the handle, like a good 10 times...

Heh. Nice.

A coworker's Mac wouldn't boot. I couldn't hear the hard drive. It was a model with the tip of the spindle exposed. I found a pencil with a gummy eraser. Gave the spindle a twist as I turned the power on.

Told the amazed user, "Do not turn off your computer until after you have backed up your data. That probably won't work twice."

Good times.

8 days ago by moepstar

Had a similar experience with the external HDD of a friend of a friend.

HDD wouldn't be recognized, sticking my ear to it i could only hear the motor emit a beep-like sound, no spin up.

Her masters thesis on it, inaccessible, i've opened up the case, removed the HDD, unscrewed the top and there was the drive arm, stuck in the mid of the platters...

Took a Torx screwdriver, turned the platters backwards and unstuck the drive arm...

Copied all data off of it and sent here to the nearest computer hardware store to get another drive...

Master thesis was successfully recovered!

7 days ago by Scoundreller

It probably would. Static friction is a lot harder to overcome than dynamic friction in terms of torque.

8 days ago by oaiey

And now ... a group of 30 - no-longer - students treat their IT equipment with hits by a screw driver ... because it works.

Our education system is amazing ;)

7 days ago by croon

Cargo culting in a nutshell.

8 days ago by sandworm101

>> un-seizes and starts turning again.

More likely an armature rather than a platter. Violence also worked when the drive would get stuck on a bad sector. Bashing the drive horizontally, while it was on, would sometimes move the arm enough for the drive to reacquire and hopefully not hit the same error on the next read attempt.

8 days ago by shwoopdiwoop

I believe the term for this is ‘percussive maintenance’

8 days ago by niccl

A few years ago a friend ran a camera shop. From time to time someone would come in with an SLR that wouldn't behave (long exposure, no exposure, nothing in viewfinder). He'd take it, tell them to go away and come back in an hour, then hit it on a telephone directory. 9 times out of 10 that would free the stuck/sticking mirror and everything would be fine. He had to tell the customer to go away, though, so they didn't get agitated seeing him bash their expensive SLR around

8 days ago by nemosaltat

In the Navy, we called it “mechanical agitation” it raised fewer eyebrows than “I hit it with a wrench and it started working again.”

7 days ago by themaninthedark

American components, Russian components, all made in Taiwan!

8 days ago by iso1631

I haven't needed to use it since....

last Tuesday

9 days ago by genmud

Are you me?! This basically was my experience working for a very large school district in the early 2000's. My favorite was they asked me to train a school bus driver to be the newest member of the IT staff because "they wanted to learn computers", it also just so happened that this person was the only person their budget could afford (less than 40k/year).

I worked for them as a contractor for a while and one of the big issues they had was they had tons of money to implement new technology (mostly from grants and things like that), but nearly nothing to maintain old tech. They could buy new computers all day long, but if something needed to be repaired/updated/maintained, there was no budget or resources to do it. So there were all sorts of fun issues, like they would buy computers and before they could get deployed their warranty would expire (since they weren't allowed to buy 3 year warranties on the computers) and computers with bad HDDs would get disposed of, even though the fix might be $50 and 10 minutes of time.

8 days ago by foooobaba

That’s hilarious, at a small school our bus driver was the local it admin… 7 minutes of rainbow tables with ophcrack live cd was all it took to become domain admin.. never changed it for all 4 years lol.

8 days ago by whymauri

The IT in my district was so bad the students basically ran it for my middle and high school. We did all the desktop repairs and component swaps for free. I don't even think we had an "IT guy." This was 2009-2014 for me.

On the bright side, we got comfortable with computers and ended up building our own little projects (in and outside of school). In 10th grade we souped up one of the engineering lab computers by consolidating a bunch of old graphics cards and played games on it, lol.

9 days ago by yakk0

That's funny, I worked for a school district about 10 years ago and our IT director was also the transportation director. He knew nothing about IT but I guess they had to give the role to someone at one point and it was him. I think I lasted 2 years before finding my current job.

8 days ago by Cthulhu_

I've had an internship once at a chain of elementary schools, the main IT guy(s) at those schools were regular teachers that had computers as a hobby. I came in with a few years of school, doing some maintenance, installing some printers (really satisfying with the stick-on stuff), fiddling with the server (a workstation in a broom closet), and playing runescape / internetting in the dark, warm server room at the other location away from the main IT guy.

8 days ago by gorgoiler

When I was a teacher my school IT was run as a petty fiefdom. I don’t know if it was outright maliciousness, or just extreme anxiety from the IT team lead about job security, but they were universally derided amongst staff (including some senior managers I knew) as being terrible to work with.

If I wanted to do something I would be told that there weren’t the resources. If I volunteered to be those resources — in my spare time! — I would be told it’s against policy. If I asked if we could revisit the policy I would be told I was welcome to ask the IT committee (closed door meetings, unminuted) to consider it for their agenda. Time passes. Proposal rejected.

I gave myself one term to see if we could find a working relationship. It obviously didn’t work out so I ghosted them and just did everything myself without asking, out of my own pocket. I felt like an asshole but at some point you’ve just got to move on, especially if your end goal is improving teaching and learning for the pupils.

8 days ago by lostlogin

> It obviously didn’t work out so I ghosted them and just did everything myself without asking, out of my own pocket.

In my one experience in a university, this how it’s done. Just set you own stuff up, hope you aren’t discovered and ideally have a friend high up the ranks.

8 days ago by mdip

   >  I don’t know if it was outright maliciousness, or just extreme anxiety from the IT team lead about job security
It's probably anxiety about job security/being overworked rather than maliciousness, but it could be both. It is made more complex by the likelihood that the position pays far less than comparable positions pay elsewhere. This causes the district to hire whatever candidate they can get to take the job. The outcome of that works out one of two ways: (a) the employee leaves as soon as they have enough experience to be paid more to do less work by someone else or (b) the employee stays knowing nobody else will hire them and makes sure to only hire other people who know less than they do.

   > If I wanted to do something, I would be told that there weren't the resources.
You were told correctly, but probably not told just how bad it is. If it works like it worked for folks I know in similar situations, 80% of the job -- regardless of what you were hired in for or what your title is -- is fixing things that teachers/administration broke or didn't know how to use correctly. Tell them the laptop is for school business only until you're blue in the face, they'll visit every web site offering Flash games, some will surf porn sites riddled with malware and if your IT guy doesn't have a mental breakdown by then, the only thing they're spending the rest of the 20% of time on is blocking teachers/non-IT staff from doing things that they've been told, clearly, not to do. The rest is spent locking things down or softening security policies to keep teachers/non-IT staff from taking more of that 80% time.

   > [Volunteering my time] is against policy.
It could be against policy, but that's probably just an excuse being used because it's effective at shutting down the request. There's a very good reason to say "no" in the IT person's mind: your volunteering will still involve their time, and if you're not as capable as you claim to be, it'll involve a lot of their time. If you're one of their users and you're claiming to know a lot about IT, you're more likely to be seen as "someone who knows enough to be dangerous"--the worst kind of user. Even if they believe you, they're confronted with the reality that you deploying/using this new "unapproved thing", will cause others to ask for it -- another teacher/staff member will want it and at some point that IT person is going to end up having to deploy it, patch it, fix it, and maintain it. You'll find this thinking prevalent in most IT support organizations -- the camel can barely walk so it's easier to say "No" and hopefully keep it that way than say "yes" and add enough load to the break its back.

   > I gave myself one term to see if we could find a working relationship. 
I feel your pain. I'm not sure what you've tried and you could very well have just run into a BOFH but assuming this IT person is typical of those I've worked with when I did this work, there are some options. You may have tried these -- it's not meant as "well, you obviously approached this all wrong" but rather advice for others on what I have personally seen work (and had work on me when I did this sort of work, albeit a long time ago).

For anyone in a similar situation, there are a few ways to "hack your IT person". It's nothing magical and can be applied well beyond IT folks, but I'm aiming at folks in this conundrum. While I've not worked for a school district, I spent the first 10 years of my career in several levels of support/systems and ultimately architecture with the first few being similar to the whole "small IT with too many users who hate IT[2]". First, understand what their motivation is -- less support, more time to improve/architect (or play WoW ;) ...). If you have the expertise, approach that person and "talk shop" -- don't reveal that you "have skills", just ask a question or two in an area that teachers/staff often know little about, or go with a simple "I wouldn't do what you do ... all these teachers, many of whom haven't touched a keyboard that wasn't on their phone since 2010 or so ... it's got to be hell". If you can get them to tell a "war story" or two you'll probably find a few opportunities to say something that will reveal that you have somewhat of a clue what you're talking about. Do this outside of work, on their schedule -- Happy Hour or off-site lunch (not often possible during the school day due to time).

If things go well, say something like "I can't imagine how you get anything done with such a computer illiterate staff to babysit (aligning yourself with IT over said staff) ... I'm happy to help out anywhere I can if you can think of something I can do to reduce that grief[0]" This IT person spends their work life dealing mostly with people who are unhappy about things that are broken and the staff they support place blame for those breakages, not the resolution, at their feet[1].

You're now in the magical role of "the teacher who believes IT isn't incompetent." If you are received well, make your ask. Make it very limited -- if you need to be an admin of your laptop, insist that it be temporary and that you'll call the IT person when you are done (offer to let them watch if they want. They won't). Insist that you'll not let people know IT made an exception and will provide the required excuse if someone notices you're running something they can't: usually "IT doesn't know about it" is settled on. Maybe it's something you want every teacher to have -- don't dare explain that, and if you have to, outright lie: "I'm not interested in seeing the district adopt this, I just want to use it myself." You're not shooting your grand plans in the foot, you're giving yourself time to provide hard facts/evidence to make the case that it should be deployed. If it works out well, start planting the seeds with your IT person: "I really love this application, thanks for letting me use it on my school laptop ... what do you think the support overhead for something like this would be if every teacher had it?" ... listen to their concerns, find answers to each of them, revisit the topic. Your IT person is used to management (administration in schools) saying "this is what we need on every PC" without care for what amount of work/grief IT will deal with to sort it out. Administration doesn't care about IT griping very much -- it's seen as IT, "yet, again", complaining about having to "do work" and treating completely reasonable (in their minds) requests as though they're equivalent to scaling Mount Everest. If you have the data from your unofficial pilot to back you up, and the right person in IT (at least) not working against you, and other financial considerations/contracts aren't in the way, you'll be successful. If you're successful and your project works, the next time you may not have to ask at all.

Your IT person makes just as many judgements about you and their users as they make about IT but there's a lot more of you than their are IT folks. Having an ally/expert among the "clueless users" has a much higher value to your IT person than having that person as your ally does for you, even if it doesn't seem that way[1--(again)].

[0] How much time is IT spending doing "Help Desk" kind of support for everyone outside of IT (regardless of title/responsibilities the IT person was hired in for)? It's probably 80% "User Support" and 20% "everything else" which means all of the effort put into "everything else" centers around reducing how often teachers have to take time away from IT. Your offer, if its trusted, will reduce that burden at no cost to the IT person. Don't make that promise if you're not willing to do it, but it's unlikely anything will be asked of you.

[1] In the "Game of IT Support" (or it's variants: "The Game of Network Security Administration", etc), you can never have a score greater than "Zero". Zero is "everything works". When something breaks, you lose points. When you fix it, you gain points up to (but not always) your top score of "Zero". Roll out massive new infrastructure for WiFi? You're at Zero (or less since it probably won't work as conveniently as it does at home). You're an expense who's purpose it is to make things operate the way everyone expects they're designed/intended/meant to work. They also expect that you (IT) shouldn't be necessary -- these things should just work like my router/PC/internet service at home works and shouldn't require so much "policy" to "avoid doing things".

[2] While I was still living with my parents, my neighbor referred me to the IT job -- he was in Development. I'll never forget when my Dad called me up asking "why is IT (where I worked) at (company) so bad?" after listening to my neighbor berate my company's IT operations teams (never me, specifically). We were so hated. By everyone, especially non-Support IT. That was an impossible conversation to have.

8 days ago by gorgoiler

Thanks for taking the time to write all this up.

9 days ago by snerbles

> All the computers displayed a popup window

When I engaged in `net send` shenanigans at the local community college, at least the IT staff was smart enough to know where to scramble a runner whenever those dialog boxes popped up across campus.

"ALL YOUR BASE ARE BELONG TO US" was quite the meme then, but apparently they thought it was some form of cyber-terrorism.

9 days ago by koboll

A good buddy of mine did the same, but with the message "DOOM!"

His punishment was community service, and the service was having to be basically an intern for the school IT guy. Smart administration, really.

8 days ago by ipdashc

That's the only proper response, really. You love to see it.

I'll never understand braindead school administrators whose response is "throw the entire CFAA book at them" for kids who do the most harmless sort of "hacking". I mean, they're literally 16-year-olds. How disconnected from reality does one have to be to think that police/legal action is appropriate for this type of stuff? It's like they're specifically trying to ruin lives and create criminals/blackhats.

Edit: And something I remembered while scrolling this thread... it's particularly disappointing when it's the actual IT staff who get mad and threaten to press charges. Like, sure, if it's a 60-year-old secretary who's worried about you starting WWIII by whistling into a payphone, that's just ignorance, that's one thing. But IT people ought to know enough about security/"hacking" to see how ridiculous they're being... just sad.

8 days ago by snerbles

I received a similar punishment for running an autoclicker against some charity adware installed by a well-meaning administrator.

That semester of internship was pretty fun, all things considered.

9 days ago by saltyfamiliar

That's such a wholesome punishment.

8 days ago by sjapps

Same punishment for me back in high school when I "guessed" the admin password. They all knew I didn't guess it and was given the job/community service. They kept the same password.

9 days ago by onionisafruit

I haven’t thought of net send in years. Circa 2000 I worked at Cisco and added some javascript to my profile in the corporate directory that sent me a net send message with the hostname of the computer that viewed my profile. At that time the hostname usually included the employees username, so I had a nice heads up that somebody was looking me up.

I should have left it at that, but Ingot cheeky and also did a net send back to the origin saying something like “thanks for your interest in onionisafruit”. That got escalated and I was threatened with disciplinary action. It didn’t occur to IT that they shouldn’t allow arbitrary script tags in user profiles. The best response was just to threaten the people who were creative with what they were given.

9 days ago by mustardo

Curious how you escaped a (browser?) With JS to do "native" net send? Assume it was some activeX?

8 days ago by halgir

When I had my net send fun back in school, an IT guy found me and just explained that if it becomes a recurring thing, they'll have to disable it on the network. And that they would prefer to keep the functionality available, so it would be a real shame if I ruined that for them. I never did another one, because I understood it would be a dick move.

No condescension, no threats. Just treating me like an adult with a constructive conversation. It never occurred that anyone might overreact like many in this thread experienced. Makes me feel pretty fortunate now.

8 days ago by skapadia

Ah good ol net send… we had a lot of fun in high school with that in the 90s

8 days ago by cphoover

O mannn I was suspended from HS, and banned for 2 years from touching school computers for net send shenanigans as I wasn't smart enough to cloak the originating workstation.

My message to every single computer in our HS:

"Hey what's up!"

my friend added to this:

"Your network (H:/) drive is being deleted."

School administrators and teachers did not find this funny.

8 days ago by snerbles

About a year after the college prank, I was recounting the incident to a helpdesk coworker on a relatively quiet Saturday. He refused to believe that "net send" even existed, and dared me to do it. So I did, the content of that message being a rather tame "This is a test message, press OK to close."

He was on phones, got about twenty calls including one from a VP - with even more popping in throughout the following week as people returned to workstations to see the dialog. We were able to play it off as "testing the network" (not wrong I suppose), but our manager was a responsible sort and had it blocked with a group policy shortly after.

8 days ago by iso1631

What year was this? I remember a time in the mid 90s (c. 1996?) when Novel had just upgraded to "intranetware" and all the computers had fancy "web browsers" which was fun, there was a 64k ISDN for the computer suite (we actually had two, but the other was RM Nimbus machines which could just about run netwars). This was in the UK

I changed the homepage to a webpage which redirected to file://c:/con/con (which for those who don't know caused a windows BSOD at the time).

IT teacher thought it was hilarious, used it as part of the lesson about how computers can be broken into, and told everyone "ok we've seen that, don't do it again".

Another time I remember writing a simple program, probably in qbasic, which captured passwords to a file. It only wrote a the first 4 or so letters to the file - showed what we could do, had a little fun, tricked the teacher into logging in, and then told him "ha ha".

As long as you came up with creative things (not just copying others, which is tedious), which didn't cause too much disruption (no deleting files), and stopped doing it once you proved it could be done, you were fine.

Networked IT was new and exciting then though, to the students and the teachers. A few years earlier and it was all BBC Micros, a few years later and everyone was on the internet and trying to install backorifice, but for a brief moment well meaning harmless (for a teenager) curiosity was rewarded.

8 days ago by smcl

> and banned for 2 years from touching school computers for net send shenanigans

Ha, yeah I got banned for using net send as an IM app with friends too. There were a couple of us in my school who were skilled, enthusiastic programmers - it is kinda stupid that the punishment they decided on was to prevent us from being educated :-/

7 days ago by habeebtc

At a place I used to work, there was a lady who would prank folks. She was not very technical.

Those folks came to me with a request for some sort of Net Send revenge.

I wrote a VB script which ran in a loop, which randomly 8-10 times a day would get a new message from the BOFH excuse generator and net send it.

Ahh, youth.

9 days ago by bfirsh

Reminds of me my school leaving prank. I rewrote the whole internet on my school's computers. Google's logo became "Leavers '08", Facebook became "Hatebook" and was red, YouTube only played videos of cats, amongst other things.

These were the days when nothing had SSL, so you could just intercept and rewrite traffic!

My only requirement was: do no actual damage

It was implemented as a Debian live CD that you could drop into any school computer. It would boot up, then Ettercap would MITM the whole network by spoofing the router. It routed all HTTP traffic via Squid and a custom ICAP server that did the actual rewriting. If you removed the live CDs, the network just went back to normal within a couple of minutes.

Routing the whole school's network through one old Pentium machine wouldn't work though, so I figured out a way of doing distributed load balancing: it would do the ARP spoofing slowly and randomly. So, as you added more machines, it would just magically balance between them.

It worked great for about an hour then whole network mysteriously stopped working for the rest of the day. I left all the live CDs in the computers as a calling card.

Sorry, school network admins.

9 days ago by kortilla

Unless you had a special case for the hijacking machines to ignore the spoofed ARPs, the whole thing probably fell apart when they ended up with a loop between each other rather than a path to the real gateway.

9 days ago by bfirsh

Oh, yeah. That's a very good point. That's probably why it stopped working. I always thought the network admins pulled the plug assuming they'd been hacked.

9 days ago by WrtCdEvrydy

That's a common issue with distributed systems.

Something has to be "the leader" and you need a system for choosing a new one once the old one is offline for a certain amount of time.

Add in a sprinkling of how to figure out if you have more than one leader active at a time.

9 days ago by pfraze

Used to be that Windows allowed programs to hook into each others’ event busses. (It might still, I’m not sure.) This might be why a few of my Highschool’s computers would interpret every 5th right click in minesweeper as a left click

8 days ago by aimor

I ran into a fun bug in W10 where my arrow keys were moving the mouse cursor around. Turns out MS Paint does this as a feature and somehow it leaked beyond Paint.


9 days ago by Stratoscope

Yup, you can still do that. AutoHotkey is a wonderful tool for this. You can intercept input events globally, and transform them or send completely different events to the target app.

For example, I use AutoHotkey to implement my JKLmouse program, which turns certain keyboard events into mouse movement for precise control. It's similar to the MouseKeys that comes with Windows, but made for laptop keyboards without numeric keypads.

And yes, you could definitely do that Minesweeper hack in AutoHotkey! :-)


9 days ago by Quessked73

Would you mind sharing that script? I have been looking for something simmiliar, but didn't find anything that worked well and did not have the time yet to give it a try myself. I would really appreciate it.

8 days ago by steerablesafe

> This might be why a few of my Highschool’s computers would interpret every 5th right click in minesweeper as a left click

This is just pure evil.

9 days ago by anyfoo

Wow, somehow that use of random and slowly ARP proxying as a duct-taped together load balancing mechanism makes this so much cooler.

I'm not sure I quite understand the details, though. I assume there was only one gateway for the segment, so were the spoofed ARP replies unicast instead of broadcast? Otherwise, wouldn't all clients just switch to whatever machine announced their spoof for the gateway IP last?

9 days ago by bfirsh

This was 13 years ago so my memory is fuzzy... if I recall correctly, spoofed ARP replies were unicasted to every possible address on the network. It switched from machine to machine slowly, which is fine because they all served the same content.

There were several subnets at the school, each with its own gateway. I remember having to set up live CDs in several computer labs to cover each of the subnets.

9 days ago by detaro

based on http://www.ex-parrot.com/pete/upside-down-ternet.html by chance? or parallel evolution? :D

9 days ago by bfirsh

Hah! I have vague memories of this. I think this might have inspired it, yes.

9 days ago by ubermonkey

Three things are remarkable about this, and make it a happy story.

First, that the pranksters were so egregiously responsible in the way they went about it. They avoided disrupting any actual educational activities; it was meant to be harmless fun, not vandalism. No harm came to anything here.

Second, that they documented their findings to the administration as part of the action, including recommendations for improvements.

Third, the administration took this as exactly that: a harmless prank by smart, ethical kids who ALSO did them a favor by pointing out the vulnerabilities. If the admin had a panicked fit about this, they could have made it an ugly situation.

My educational experience was populated far more by "freak out and yell" types than this school district, which was a shame.

9 days ago by nutwit

The school district itself was relatively chill, however the individual deans freaked out. Because the penetration report was sent to the tech team and not the deans, the deans were intent on finding out exactly who did the hack to find something to report to their bosses (and according to them concern about the grade book system being exposed?? Not sure how you’re supposed to rick roll a grade book but if anyone has an idea i’d love to know). As the earliest poster of footage of this event, I actually got tracked down (despite the fact that the only information they had to go off of was my youtube channel which had no references to my actual name whatsoever) and interrogated about what I knew of the event by the dean. The penetration report had been sent a while prior to this (which I knew about, as being a sibling of the original blog poster can have many benefits) which made the entire thing so much funnier. I was thankful that masks were a requirement for in person students at the time, as my mouth was literally twitching the entire time during the interrogation.

8 days ago by dr_orpheus

> grade book system being exposed

In our high school they didn't expose the gradebook in that you could get in and change it, but we were able to see everyone else's grades. Teachers would post grades for their class and "obscure" it by posting it with the student ID (you were only supposed to know your own) next to the grade. But when the posted, the entire list was still in alphabetical order so it wasn't hard to figure out everyone's grade and student ID.

And the cherry on top of this was that all the students' passwords were their student ID.

9 days ago by saltminer

>and according to them concern about the grade book system being exposed??

Junior year in high school, I got suspended for "hacking."

The tl;dr is that I was using a proxy to fetch assignments for class (because the county decided "yeah, this state run Moodle instance is obviously not appropriate for education" and one of my classes used Moodle) and got caught with the proxy configuration screen open. I wish I was joking.

Anyway, when I was sitting in the guidance counselor's office as the teacher was talking up how "dangerous" I was, I noticed a sticky note with a username and password written on it. Turns out it was an admin account for the gradebook, though I think it was just intended for scheduling.

I never did anything bad with those credentials, but that really tanked what little respect I still had for the administrators there.

On a lighter note, when stack exchange & co got blocked the next year, I was good friends with the librarians since I helped out a fair amount fixing up their laptop carts (and doing other things the sysadmins were too busy to take care of), and they were able to get them unblocked. It taught me a lot about office politics: people are willing to return favors, so you should always make those connections.

8 days ago by ubermonkey

>but that really tanked what little respect I still had for the administrators there.

I mean, why did you have any in the first place?

I've met very, very few employees of high schools who were worthy of any sort of intellectual or professional respect.

8 days ago by nutwit

yeah, those inner connections were really important. guess it was a good thing my brother was friends with the tech person at our school.

8 days ago by BBC-vs-neolibs

Yep. It's also a general signal that you'r a good actor willing to do the work. An observer with no interaction can see what you did for the librarians and put in a good word for you somewhere without you ever even knowing.

8 days ago by MauranKilom

> espite the fact that the only information they had to go off of was my youtube channel which had no references to my actual name whatsoever

Assuming you took the video at the top of the article, it was presumably trivial to figure out who was in the class you were in and then rule out everyone who appears on camera as the camera man. Or just ask the teacher...

8 days ago by brundolf

For contrast, I once got suspended from the school computer labs for two weeks for the heinous crime of... running an unauthorized executable from a flash drive.

It was Rainmeter; I was showing it to a friend. The IT guy even was like "yeah Rainmeter's pretty cool, I read about it in a magazine". But it was auto-detected and school policy, apparently.

7 days ago by noasaservice

If they were that nazi-like with their IT policy, why wasn't AppLocker turned on?

Why report when you can simply administratively deny?

6 days ago by zenithd

Your presumption of competence is bold.

8 days ago by zenithd

Same story but with putty.

My own child will never use a school-issued laptop or school wifi.

9 days ago by joshuamoes

Preface this by saying this was a smaller school, and the students had limited access to wifi. For example a teacher would create a set of radius credentials that would only be active for 1 hour. Since data was also expensive that was not an easy work around.

In my grade 11 electronics class, one project we were assigned was to create a digital clock with notifications for one of the teachers. Me and a friend set up a raspberry pi with magic mirror installed on it, and modified some available plugins at the time to allow a google calendar for test dates embedded on the display. The teacher was quite pleased with this, but we convinced him to hard wire it to the network for "stability". In the background we had installed a vpn connection to one of my vps that I used to host my website, and created a new set of sudo enabled credentials naming it magic-mirror or something. The teacher then reviewed the project and changed the normal user credentials etc. Then right before it was installed in the ceiling, we attached a wifi adapter to the pi. A week or so later we remoted in through the tunnel and enabled a wireless hotspot from the pi. This provided us with internet while we were close to the classroom for the next year. People also over time learned that you could extend the range by hot spotting additional jumps using laptops.

9 days ago by bowmessage

Nice! I used to carry around a wireless router in my backpack for the same reason, and made sure to surreptitiously plug it in at the back of every class. Similarly, the school had very restricted WiFi, but no restrictions on the wired network. Fun times.

9 days ago by joshuamoes

For sure lots of fun, we also very quickly found the staff wifi password, and just cloned mac addresses of allowed devices to bypass the filtering.

9 days ago by hx2a

When I was in High School (early 90's) we got a new computer system that nobody was using yet. I discovered there was an email system of some kind and that every student had an email address that we were not told about. I also discovered Tetris installed in a directory on the server. I was able to play Tetris and I could show other students how to access it, but it was inconvenient to get to.

Therefore I decided I would email Tetris to every student (I emailed the executable, not a link to Tetris), making it easier for everyone to play also. As soon as I did this the entire system got very slow...apparently the server had no quotas or partitioning and the hundreds of copies of Tetris filled up 100% of the hard drive space. It was a disaster. The computer "specialist" had no idea how to fix the system and she was teaching an adult education class that evening that required the system to work. She was furious and wanted me to get suspended. It didn't happen though because I spoke up about the problem right when I knew there was a problem and also some other teachers intervened on my behalf.

The woman who was responsible for the computer system back then is now the superintendent of the school system. I wonder if she remembers me.

9 days ago by codazoda

She remembers you.

I also graduated in the early 90's and my children recently graduated from my alma mater. When I went with them to teacher conferences some of the same teachers were still there. Teachers that I didn't even have classes with remember me.

8 days ago by zengargoyle

In like '89 when I was 19 and at university my work-study job was with the IT/ComputingResources department (old names). I worked as a graveyard shift NOC operator swapping tapes and handing out print-jobs, running system tests and stuff like that. We had several 24/7 computer labs full of Sun 3/50(60) workstations and things like that. But there was one lab that was closed from 10-5 overnight and I thought to myself "hey, there's a whole room of workstations not doing anything" so I wrote some scripts rsh/NFS and used that lab one night to run distributed ray-tracing jobs. The next day my account was disabled and I had to go talk to Security. They sorta laughed a bit then went like NO don't do that. I worked for the IT department for the next four years. Then I left for a decade. Then I came back and applied for a job. The interview lasted all of five minutes, I worked for a few months before being forcibly promoted up into the upper circle. My first task was to go around to the dozen others who had root and ask for advice and update the root-speech documentation. I got to Security.... tippity tappity "Oh, hello Mr. zengargoyle, let's see... '89 'misuse of computing resources'." LOL, still had root by the end of the day.

So, this is just to say... that places like education where people may stick around for a long while in the system and such. They probably do remember a bunch of events from even a decade ago. It's the good places that have a sense of humor or appreciation for a worthy harmless infraction. They may even be secretly proud or have some admiration.

Though I do sorta fear that I just happened to hit the tail end of old-school hackery where such things are such things are rewarded. Now get off my lawn.

9 days ago by dyingkneepad

I feel so dumb when I read kids doing these things. Back in High School all I knew was how I could run arbitrary executable files by renaming them to calc.exe. We also did the classic "take a screenshot of the desktop, set it as the wallpaper, then remove all icons and the start menu" thing.

9 days ago by rmorey

Another good one on that level was using the Windows keyboard shortcut ctrl-alt-down to rotate the display upside down - totally harmless, but absolutely maddening if you don’t know how to undo it

8 days ago by rocqua

Even better if you combined it with an upside down screenshot of the desktop. So it looked like only the mouse was upside down and all buttons didn't work.

9 days ago by gpt5

Unfortunately, this feature was discontinued by most graphics drivers.

8 days ago by nyanpasu64

I think it's a good thing that Ctrl+Alt+Arrow is no longer intercepted by graphics drivers, since IMO shortcuts not containing Win should be handled by apps and not the system.

8 days ago by lysurgic

This is still a common prank at work on win10 pc’s

9 days ago by alistairSH

All this. Plus TI-86 king fu. Though this was 1991-1995, IoT didn’t exist and email and web access was mostly through AOL or Prodigy.

8 days ago by quadcore

I told a friend who knew absolutely nothing about computers to go and type format c: on the school only computer and wait for the result. It turned a bit ugly but we're still friend :)

8 days ago by severak_cz

Change wallpaper to some crap. Take a screenshot of desktop. Change wallpaper back and open screenshot with crap on the background in fullscreen mode.

9 days ago by RubberShoes

I went to Buffalo Grove High School in this same district and graduated many years ago. At the time no IPTV systems or EPIC bell systems were in place. However, as soon as I walked in my freshman year I noticed the 'teacher' WiFi was only using MAC Address Filtering. One minute scan and a spoof later I was poking around to discover a whole lot was visible from this privileged network. “...From the results, we found various devices exposed on the district network. These included printers, IP phones... and even security cameras without any password authentication!” It was even worse back then. It was all exposed on wide open WiFi!

My senior prank was going to revolve around the printers. We were shocked to discover every printer not just in BG but across the entire district was accessible with no authentication of any kind. We cooked up ideas and were planning to print either porn or I has cheezburger/lolcat memes via telnet (I'm dating myself.)

Ultimately I got into other trouble before we could execute and figured this wasn’t worth not graduating over. I moved on and so happy to see a much better prank on this same network happen so many years later with almost no repercussions. Congratulations and great prank!

9 days ago by driverdan

In middle school all classrooms had their own printer. They were also shared on the entire school network with no security. We had a lot of fun printing stuff to other classes and never got caught.

9 days ago by jcims

I’ve said this a bunch on here so please tell me to stuff it if it’s tiresome, but having been on the far side of a large scale bug bounty i am incredibly impressed with the skills that young folks are developing in infosec. Probably not particularly unique but the industry is still a bit of a combination of tradecraft and academic pursuit and can be confusing for people to find a way in. I think this is why i really appreciate those that just bear down and get after it.

Daily digest email

Get a daily email with the the top stories from Hacker News. No spam, unsubscribe at any time.