Massassi Forums Logo

This is the static archive of the Massassi Forums. The forums are closed indefinitely. Thanks for all the memories!

You can also download Super Old Archived Message Boards from when Massassi first started.

"View" counts are as of the day the forums were archived, and will no longer increase.

ForumsDiscussion Forum → How to break into your local computer labs
How to break into your local computer labs
2005-11-02, 5:35 PM #1
So, my networking teacher was discussing some various caveats of cyber security, and one threat he mentioned was social engineering. He decided to give a real-world example - two students from his Cyber Security class (which I'm taking next semester). The two of them followed this little scheme, and managed to get ahold of a passcode to what was supposed to be a locked lab with restricted access. Oops!

Note: this does not advocate the abuse of these weaknesses in a college bureaucracy. Do not do this. It's bad for you. God kills a kitten for every time you do this.

Call your campus IT services. Ask for a list of computer lab monitors in the building. Pick a monitor and create a Hotmail account using the name of the person as a username. Contact the secretary for engineering using this e-mail address, saying that you lost the password. Bing-o, you got the passcode to the door.

Whoopsies! I expect this little security hole will be fixed shortly.
the idiot is the person who follows the idiot and your not following me your insulting me your following the path of a idiot so that makes you the idiot - LC Tusken
2005-11-02, 5:37 PM #2
I'll be logging in as Wolfy Shortly.
This signature agrees with the previously posted signatures. To violate previously posted signatures is a violation of the EULA for this signature and you will be subject to unruly behavior.
2005-11-02, 5:40 PM #3
Human error is to blame here.
Pissed Off?
2005-11-02, 6:10 PM #4
Originally posted by Avenger:
Human error is to blame here.

This is exactly why Social Engineering is the #1 security risk at "secure" facilities.
</sarcasm>
<Anovis> mmmm I wanna lick your wet, Mentis.
__________
2005-11-02, 6:18 PM #5
Yes social engineering. Great stuff.
MithShrike: First Mateneer
Pimpin' Yerba Mate Drinker
2005-11-02, 6:28 PM #6
I still remember all my sneaky methods of hacking at work and at school :D
2005-11-02, 6:31 PM #7
Wow, that's stupid. They should be sending passwords only to the user's university e-mail account and none other.
Bassoon, n. A brazen instrument into which a fool blows out his brains.
2005-11-02, 6:34 PM #8
GOD DOESNT KILL KITTENS!!!11


ahem... *wanders off*
If you choose not to decide, you still have made a choice.

Lassev: I guess there was something captivating in savagery, because I liked it.
2005-11-02, 7:52 PM #9
Yes, social engineering at its finest. Kevin Mitnick would be proud.
And when the moment is right, I'm gonna fly a kite.
2005-11-02, 10:15 PM #10
That is stupid, and wouldnt work at any place with any sense in secuirty. I know it wouldnt work here, cause I work at the helpdesk, and it wouldnt work at my other place of work.
In Tribute to Adam Sliger. Rest in Peace

10/7/85 - 12/9/03
2005-11-02, 10:26 PM #11
I was in one of the electronics labs a couple of weeks ago, and my lab partner accidentally entered the wrong command into the bash console - thereby bringing up a list of the door codes for the labs. Needless to say, we both wrote them down, but haven't had a chance to use them as of yet.

I'd say this one is just a case of bad programming.
Stuff
2005-11-02, 11:00 PM #12
the art of deception by kevin d mitnick... read it, wonderful book. has some really good story type examples.
roses are red, violets are blue, I am schizophrenic, and I am too!
2005-11-03, 5:25 AM #13
Originally posted by kyle90:
...accidentally entered the wrong command into the bash console...

You use Unix at school?
And when the moment is right, I'm gonna fly a kite.
2005-11-03, 5:38 AM #14
A bit, yeah. This was actually just a Unix terminal.
Stuff
2005-11-03, 7:05 AM #15
Originally posted by Han5678:
the art of deception by kevin d mitnick... read it, wonderful book. has some really good story type examples.


I was going to mention this book. I read it, and it was awesome
Ban Jin!
Nobody really needs work when you have awesome. - xhuxus
2005-11-03, 8:23 AM #16
I'm going to go find that book now.
"Nulla tenaci invia est via"
2005-11-03, 9:38 AM #17
Originally posted by gbk:
You use Unix at school?

That's all I use at school. Some PCs run XP, but most of my work is done via SSH on the school's CS servers which run SunOS (blah, Solaris, same thing). There's also SunRay thin clients in both the public labs and the CS labs.

As to the topic, I'd be shocked if this actually worked at my school. They're pretty good with security.
2005-11-03, 9:44 AM #18
i just use the key thay gave me :em321:




i work in the computer labs
Laughing at my spelling herts my feelings. Well laughing is fine actully, but posting about it is not.
2005-11-03, 4:23 PM #19
I will also advocate The Art Of Deception. Someone once said (too lazy to look it up, hell the quote may not be verbatim) "Security is a proceeder not a product."
The tired anthem of a loser and a hypocrite.
2005-11-03, 8:29 PM #20
heh, my school just has you scan your ID to open the door (they don't really track what rooms you open with your ID, though...) and then you're supposed to sign in. all the lab monitors do is ask you to sign in or *try* to fix Word for people heh

our computer labs are boring places. i only go there to print stuff.
"*quickly adds in disclaimer that Is may still yet end up being slapped with a white glove, as all women are crazy and there are no rules*" --mavispoo

↑ Up to the top!