zlacker

[return to "IoT hacking and rickrolling my high school district"]
1. ubermo+Qs[view] [source] 2021-10-12 22:29:56
>>revico+(OP)
Three things are remarkable about this, and make it a happy story.

First, that the pranksters were so egregiously responsible in the way they went about it. They avoided disrupting any actual educational activities; it was meant to be harmless fun, not vandalism. No harm came to anything here.

Second, that they documented their findings to the administration as part of the action, including recommendations for improvements.

Third, the administration took this as exactly that: a harmless prank by smart, ethical kids who ALSO did them a favor by pointing out the vulnerabilities. If the admin had a panicked fit about this, they could have made it an ugly situation.

My educational experience was populated far more by "freak out and yell" types than this school district, which was a shame.

◧◩
2. nutwit+ZH[view] [source] 2021-10-13 00:33:09
>>ubermo+Qs
The school district itself was relatively chill, however the individual deans freaked out. Because the penetration report was sent to the tech team and not the deans, the deans were intent on finding out exactly who did the hack to find something to report to their bosses (and according to them concern about the grade book system being exposed?? Not sure how you’re supposed to rick roll a grade book but if anyone has an idea i’d love to know). As the earliest poster of footage of this event, I actually got tracked down (despite the fact that the only information they had to go off of was my youtube channel which had no references to my actual name whatsoever) and interrogated about what I knew of the event by the dean. The penetration report had been sent a while prior to this (which I knew about, as being a sibling of the original blog poster can have many benefits) which made the entire thing so much funnier. I was thankful that masks were a requirement for in person students at the time, as my mouth was literally twitching the entire time during the interrogation.
◧◩◪
3. saltmi+HO[view] [source] 2021-10-13 01:36:56
>>nutwit+ZH
>and according to them concern about the grade book system being exposed??

Junior year in high school, I got suspended for "hacking."

The tl;dr is that I was using a proxy to fetch assignments for class (because the county decided "yeah, this state run Moodle instance is obviously not appropriate for education" and one of my classes used Moodle) and got caught with the proxy configuration screen open. I wish I was joking.

Anyway, when I was sitting in the guidance counselor's office as the teacher was talking up how "dangerous" I was, I noticed a sticky note with a username and password written on it. Turns out it was an admin account for the gradebook, though I think it was just intended for scheduling.

I never did anything bad with those credentials, but that really tanked what little respect I still had for the administrators there.

On a lighter note, when stack exchange & co got blocked the next year, I was good friends with the librarians since I helped out a fair amount fixing up their laptop carts (and doing other things the sysadmins were too busy to take care of), and they were able to get them unblocked. It taught me a lot about office politics: people are willing to return favors, so you should always make those connections.

◧◩◪◨
4. nutwit+ZW1[view] [source] 2021-10-13 13:08:19
>>saltmi+HO
yeah, those inner connections were really important. guess it was a good thing my brother was friends with the tech person at our school.
[go to top]