| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 94835 | 2008-11-14 00:38:00 | Woah... | ubergeek85 (131) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 720126 | 2008-11-14 01:42:00 | Just read the appropriate policy (www.cpit.ac.nz) now. There's no 'shoot-the-messenger' stuff, which is good... 2.2a: Use only those facilities for which they have authorisation, whether these facilities are at CPIT or at any other location accessible through a network. 2.2f: Not subvert, or attempt to subvert, any user identification and/or authentication scheme on any system. 2.1g: Not use privileges as a member of the CPIT’s computing community, or cause harm to any individual or to any software or hardware system (internal or external to CPIT). Examples of harmful activities, in addition to those noted elsewhere in this Code, include, but are not limited to: <snip> * compromising security Hate to break it to you, but any of those three points could cover your activities. I hope your admins are nice. |
Erayd (23) | ||
| 720127 | 2008-11-14 01:46:00 | Ooh, the version I read was pinned to the wall. I guess they updated it. | ubergeek85 (131) | ||
| 720128 | 2008-11-14 01:54:00 | 2.2a: Use only those facilities for which they have authorisation, whether these facilities are at CPIT or at any other location accessible through a network. 2.2f: Not subvert, or attempt to subvert, any user identification and/or authentication scheme on any system. 2.1g: Not use privileges as a member of the CPIT’s computing community, or cause harm to any individual or to any software or hardware system (internal or external to CPIT). Examples of harmful activities, in addition to those noted elsewhere in this Code, include, but are not limited to: <snip> * compromising security Hate to break it to you, but any of those three points could cover your activities. I hope your admins are nice. It could be argued that "facilities" in point 2.2a relates to physical buildings, despite the "or at any other location accessible through a network" By finding a security hole, I don't believe that could be interpreted as subverting, or attempting "to subvert, any user identification and/or authentication scheme on any system." I imagine Geekster is logged into the CPIT network as himself (and is therefore identifiable and already authenticated)... And by not carrying out what he described in the OP, he avoids problems with 2.1g. He hasn't compromised security - the admins have, probably via an oversight. If the campus does take action, there will be legal avenues to follow. But it would be a very petty admin to overreact to a report of a potential breech... |
johcar (6283) | ||
| 720129 | 2008-11-14 01:54:00 | I'd still alter it. How could you not? |
Metla (12) | ||
| 720130 | 2008-11-14 02:02:00 | I'd still alter it. How could you not? Exactly. |
rob_on_guitar (4196) | ||
| 720131 | 2008-11-14 02:09:00 | It could be argued that "facilities" in point 2.2a relates to physical buildings, despite the "or at any other location accessible through a network" By finding a security hole, I don't believe that could be interpreted as subverting, or attempting "to subvert, any user identification and/or authentication scheme on any system." I imagine Geekster is logged into the CPIT network as himself (and is therefore identifiable and already authenticated)... And by not carrying out what he described in the OP, he avoids problems with 2.1g. He hasn't compromised security - the admins have, probably via an oversight. If the campus does take action, there will be legal avenues to follow. But it would be a very petty admin to overreact to a report of a potential breech... I'm not saying that those policies are clear-cut, but they don't need to be. If his admins are petty enough (which they hopefully aren't), just about anything will do. And the law is on the side of the admins - regardless of what the policy document says, it doesn't grant him administrative authority, and changing the MOTD is clearly an administrative task. This would make it unlawful access. It's far better to be overcautious than get burned by not being cautious enough. I have seen something exactly like this happen twice before - thankfully I wasn't the poor sod who got burned. |
Erayd (23) | ||
| 720132 | 2008-11-14 02:16:00 | I'd still alter it. So would I. Its not damaging. The IT people should be able to lock this sort of thing down without being told. |
pctek (84) | ||
| 720133 | 2008-11-14 02:18:00 | Yeah, and anyway, I can alter it, but not modify the text. They'd be hard-pressed to find something wrong with that. | ubergeek85 (131) | ||
| 720134 | 2008-11-14 02:48:00 | Is the 5 minutes of fame, or whatever bragging rights worth the risk of: - being kicked out of your school - having a black mark against your name (are you thinking of a career in IT?) Schools take breach of access seriously, so do employers. Don't start down the path of something you may regret, sure changing the login message of a system is minor, but is shows poor judgement and potential for worse breaches. |
dyewitness (9398) | ||
| 720135 | 2008-11-14 03:41:00 | **** there are a lot of lamers in this thread. Change the message to "CPIT sucks dick for crack" or similar. |
roddy_boy (4115) | ||
| 1 2 3 4 | |||||