12 May 2000 »
Fellow master procrastinators, I paid big time today. My fingers are mucho sore from doing much typing. Good thing I don’t have bad wrists (yet!).
work morphs into hackery or vice versa
But joy! A wonderful thing has happened! More on this issue once the paperwork has been done. There’s a delicious irony due at the SAGE-Au conference, which I’ll let everyone know about once the i’s are dotted and t’s are crossed (Chris/Markus if you’re reading this, don’t worry, it’s funny!).
security and punks like you!
More importantly, how do I get someone to do something about it without looking like some l33t cr4x0r?
Decklin, my advice is to write a review of your findings with recommendations required to address the issues by applying whatever set of patches or configurations required, and do some research and cut-n-pastes with references.
Now, the tricky bit. Go to the sysadmins. As long as they are not already out for your blood and have their handy LART at the ready, talk to them mano a geek. Help them understand the problem and present your review. They should fix the problem(s) you have found. If they don’t help, find their boss and present a business reason for her/him to get his/her staff to fix the problem. That’s as high as you need go. If they bite your head off, send em to me, whilst I make them aware of the SAGE-Au’s Code of Ethics, which sort of prohibits sys admins biting user’s heads off.
Now, the problem remains: if you did the equivalent of testing a bunch of locked doors by using a security scanner like nessus, nmap, or just read something interesting on bugtraq and tried it out on the school machine, I don’t blame the school for going after you. I would in their place. Do it on your own machine and learn.
If you need to repair bridges, try a packet of Tim Tams. They’ve always worked for me. If you’ve been a bad entity, double coated or bust.