Thursday, May 25, 2006

I guess you could call me the "mastermind" behind the computer crisis at enloe. I helped organize and fix computer problems around the school so they decided to give me a password and re-enable my account. What I really want to know is...who actually cared that the whole thing happened? I mean beyond the extent of getting new passwords (which I personally think is hilarious).


Anonymous
06:35:40 PM

6 comments:

Anonymous said...

Sir (or madame), you are being extremely narcissistic and deceitful in your assumption of the "mastermind" title. You should elaborate on your definition of your accomplishments, or simply your claim to fame, instead of blandly flaunting language that may be construed as claims that are entirely false.

More to the point of the discussion: I couldn't care less that the passwords were leaked and required changing, since (a) my password was my own, and was not the standard one distributed by the school at the time, and (b) continues to be as such (though a new and different string, of course). Such are the perks of the ability to manipulate the system. What numbers are used in the passwords others is of little concern to me with regards to the well-being of the data I store on the school's server.

That being said, the breach caused a ridiculous, avoidable commotion that will affect students for several years to come. Because the NCWise numbers (passwords) were tied directly to student user login ID's, and the list propogated carelessly by undertalented CompSci students looking for a cheap thrill, the passwords, at least for the present, must be created by a new algorithm.

This may sound trivial, but currently they are concocted via random-numeration schematics, and cannot be remembered by an easy piece of information (such as the final digits of an NCWise number). This means that instead of a faculty member being capable of reminding their students of a simple numbering scheme, they must email, call, or send students to the library (or comprable point of information) to obtain their passcodes, thus wasting limited technological instruction time.

Perhaps you believe it to be easy to remember your number; perhaps all your friends do too. However, on the first day your class goes to use the computers after Summer vacation, or for students new to Enloe who are accustomed to the NCWise numeration pattern, time must be expended obtaining new codes, only for them to be forgetten again once, twice, or thrice more.

I can nearly guarantee that NCWise numbers will not be used for passwords at least for another year, most likely not until all remnants of students affected by the breach have graduated in three years. Each year this deviant password system is in place will cause problems for students coming in from other schools and create hassles for teachers and staff members alike.

That being said, I have no interest personally vested in this security event. To me it's simply an interesting exercise in policy and enforcement.

Anonymous said...

I couldn't log on to the computer today because I forgot my password -again-, and it's all your fault.

Anonymous said...

How long did you get suspended for? I can pretty much guarnetee you dont really know the half of it. The list was only a small problem.

Anonymous said...

Yessir, I guess we'll have to hold you entirely indemnible of the fallout of the password fiasco. I mean, in your own words, "it took absolutel no skill at all to find them/distribute them."

Just because you ran across them on the server doesn't mean your only logical viable mode of action was to redistribute them and broadcast their presence. You could have easily alerted a faculty member to the problem, or (if you consider that noobish/narcing/your-fav-insult-here), you could have simply deleted them using your own login.

It is not your fault that the passwords were made available. However, as the events fell out, it is entirely your fault for how things evolved following your happenstance stumble across the data.

The kids who decided to install keyloggers committed a similarly dangerous breach of network and system security to your actions, though in a different fashion. nstead of simply broadcasting the passwords and usernames of all students who can access the network, they installed script-kiddie apps to reap the information of all users who happened across a particular machine (including email passwords, website authentication information, etc).

In reality, contrary to your belief that the denizens of Enloe should remove their blame from you and place it upon a group of (relatively) unknowns, the effect of the password resets rests hardly on them. if you'd like to debate this point, let's examine the facts.

You distributed an entire list of the network authentication codes of nearly 2,500 students. This list was shown to be actively used in false authentications and subversive activity (allowing alternate logins, and endangering the data stored on the server by every student on campus). Number of people whose network access and data security were affected: 2,500.

They harvested large quantities of personal data on a handful of people with a limited audience. This data ranged beyond network passwords to nearly everything you can imagine that could pertain to the individual users. This breach was more serious, but also more limited in scope. Number of people whose network access and data security were affected: a few dozen. Plus, these people were already affected by the earlier security leak.

The less serious breach you addressed, of the modification of the login sound to berate the user is just as I described it, less serious. It does no harm, and can be restored in a matter of minutes when brought to the attention of the proper staff. It does not endanger the security of the computer, nor does it betray any weakness of the network. It's simply a low-level functionality made available by Microsoft Windows operating systems since their creation in the late-1980's.

(In layman's terms, the sound you hear when you log on to the systems is in no way tied to the passwords used to login.)

If you'd like to dispute my analysis, or if i am missing some key details, do contribute your experience and expertise to the discussion.

Also, a reference to your statement that "if i wanted to flaunt my accomplishments and be truly narcissistic i would have told you my name." Your original post on here tells me exactly who you are merely by its nature and content. Don't act so cocky.

About that second chance. I'm sure most people would be willing to give it to you, if you took responsibility for your actions, or even showed an inkling of remorse. That's the tricky thing about second chances -- they must be earned.

Why do you feel that you are "owed" a second chance, simply because you feel put upon for making a bad decision? It's clear that you don't take responsibility for your decision, so why should your peers feel obligated to forgive you for something you hardly claim you did (beyond the boasting of personal acheivement, of course)?

You mention that you're "making amends" for your actions. This seems contradictory to your previous stance. Are you taking responsibility for your involvement, or aren't you? You must determine this before you can even begin to ask for people for forgiveness and acceptance.

You did something stupid. You got caught. You actually suffered a consequence for your actions.

Accept responsibility for you did, grow up, and move on. You'll get that second chance someday.

Like I said earlier, the breach of the security of the network authentication authentication information did not (and does not) affect me. However, I find fault with your arguments and logic, so I debate the issue :-)

Anonymous said...

^Jesus, after all the trouble and anger you've caused you still haven't learned a damn thing. If I were the administration and got a hold of this post I'd suspend you all over again and seriously consider holding you back a year. People sporting this level of immaturity need to be punished until they know better and it's clear that Enloe seriously dropped the ball.

Maybe you'll finally understand what an ass you've been when you're getting a degree from Wake Tech becasue no other college will accept a student suspended for hacking. (Yes you will have to write an essay explaining it to each and every one)

Until you finally learn I hope this mistake follows you for the rest of your life.

Anonymous said...

anon1

why the HELL are your comments so long? No one is even gonna read it.

and dear mastermind:
A lot of people know who you are...