Re: Network Hacking
From: Rabid_Roach (no@spam.all)
Date: 02/24/03
- Next message: Analysis&Solutions: "Re: File Integrety Checker"
- Previous message: Luis Vieira: "password"
- In reply to: Privacy, please: "Re: Network Hacking"
- Next in thread: Privacy, please: "Re: Network Hacking"
- Reply: Privacy, please: "Re: Network Hacking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Rabid_Roach" <no@spam.all> Date: Sun, 23 Feb 2003 23:52:06 -0500
"Privacy, please" <no.spam@wanted.here> wrote in message
news:qcOdnXL8ldhNNsujXTWcqQ@comcast.com...
> "Rabid_Roach" <no@spam.all> wrote in message
> news:ecG7T3e2CHA.1640@TK2MSFTNGP10.phx.gbl...
> > You have obviously missed the point.
> > The skills of the admin in question have no bearing on wether the
> professor
> > was right or wrong in assigning the students to hack the network and
steal
> > passwords.
> >
> > You seem to want to put the blame on the admin, without knowing a thing
> > about how the network is setup or secured. Have you had a bad
experiance?
> > perhaps been fired for breaking into your employers network? or expelled
> for
> > the same?
>
> Nope... I personally don't hack. I didn't even take up a former
professor's
> offer that anybody who could break the encryption on his grading program
> would get an automatic A in the course. Nice and weaselly way of thinking
> though... when logic fails attack the presenter.
Just trying to figure out why you automitacally want to attack the admin
knowing nothing about him
or the network. There must be a reason somewhere.
>
> > The point was and is "should the professor assign his students to hack a
> > live, production network and steal as many administrative passwords as
> they
> > can".
>
> That bit about stealing administrator passwords was pretty silly: a good
> network only has a couple of administrator accounts anyways.
Now whay do you say that's silly?
The original posted said, and I quote
"There grades are based on how many administrative passwords they are able
to obtain."
You think the professor is silly for assigining the students the task?
or the admins are silly for having more then 1 admin password?
Any admin who would setup a network with only 1 admin password would not be
silly, he would be an idiot.
>
> > Are there better ways? -- irrelevent.
> > It's only for educatioanl purposes? -- irrelevent.
> > Is the network secure -- irrelevent.
> > Is the admin doing his job? -- irrelevent.
> >
> > Should the professor have done it in the first place? Now THAT'S the
> > question.
>
> Is this group not intended for technical discussions? From a security
> (technical) point of view the ethics are irrelevant. Regardless of the
> ethical behavior of the teacher there was a threat presented to the
network.
> Instead of working to ensure that the attacks fail an emphasis is placed
on
> the misguided intentions of the instructor. I can see your logic now:
fire
> the instructor and go to bed all happy and secure in the belief that
> securing the network doesn't need to be a priority because the teacher is
no
> longer on campus. And since the system vulnerabilities were discovered by
> the students, burn the list without review - after all, you wouldn't want
to
> use tainted information to fix a problem would you?
When did this discussion suddenly become a "technical" discussion?
I said the prof should be fired, you said he should not be, no technical
discussion there.
Please stick to the subject. Wether you like it or not, most if not all
companies and/or schools/universities etc, have an electronic
communication/network policy that
says it is not OK to hack thier network. Punishment ranging anywhere from
suspension to criminal prosecution.
The prof in question doing it for educational purposes has nothing to do
with it.
He had no right to do it, period. It's the job of the admin to find and
repair system vulnerabilities, not the professors or the students.
If the admin does not do his job, then yes, he should be terminiated and
replaced with someone who can, but that is NOT the profs decission to make.
If the professor feels there are problems with the network, he should not
take it upon himself to fix them. It's not his job.
>
> I think a better challenge (with the knowledge of the sysadmin) would have
> been to offer credit for every vulnerability discovered rather than
> collecting passwords. The students get experience and the school gets a
> free security review worth thousands of dollars and can then patch the
> holes.
Maybe, maybe not. The point is that is not what he did.
Should have, would have, could have are easy outs after the fact.
>
>
- Next message: Analysis&Solutions: "Re: File Integrety Checker"
- Previous message: Luis Vieira: "password"
- In reply to: Privacy, please: "Re: Network Hacking"
- Next in thread: Privacy, please: "Re: Network Hacking"
- Reply: Privacy, please: "Re: Network Hacking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
