Me: *finds severe bug in school-contracted software, emails teacher about who to talk to to get it fixed*
Teacher: "should I report you on grounds of computer misuse and hacking or...?"

thanks fucker, school-contracted company it is.

  • 40
    Fucking illiterates.
  • 32
    Your teacher is a fucking twat.
  • 4
    EVEN BETTER: I have to get info from him before I can submit the issue. I need like 3 or 4 keys before they'll let me send the bug report, and there's no other way to report this.

    Can I make a CVE on this or does it qualify?
  • 10
    @Parzi can you contact someone higher up on the administration chain?
  • 8
    Needs to be an exploitable flaw. And honestly, they deserve to be bit by their own laziness and stupidity. 0 day them.
  • 11
    @SortOfTested I wouldn't do that in his case. They already have a hint of who could be behind the attack: Him.
  • 7
    @SortOfTested but other than that, they totally deserve such an attack
  • 10
    C'mon now. I'm in no way, shape or form excusing their retardation at all, but you have to have an idea of who's a good person to tell and who's not.

    Ik which professors I'd go to and which one's I would not for that exact reason.

    Also, you should ask around students wise. I've heard people in class talking about bugs they've reported.

    But again before ppl bitch at me, the Prof is still a fucking moron.
  • 3
    @Stuxnet i'm the only student here who can define "computer" outside "a magic box that does a thing."
    @sodaTab nope, he's literally head of their tech department. Makes sense why his head's this far up his ass, now that I think of it. It also requires HIS keys, no one else has his Cengage stuff.
    @SortOfTested i'm not gonna sploit a company that they contract due to their actions. 'tis not fair to Cengage.
  • 1
    @Parzi rip I thought you were in college already.

    And if you are then legitimately what the fuck lol

    Edit oh shit cengage? Ooof
  • 5
    This is why nowadays, if I stumble across a security issue, I don't generally report it, since the finger can so easily be pointed towards you !
  • 5
    This. One of my current clients, the only way I can get anything done most of the time is taking root via one of their myriad security holes. Their *nix administration team are a bunch of windows admins pointing and clicking, so it's not really surprising.
  • 3

    I'm reminded in a meeting once, someone asked the security question:

    "What's to stop someone typing del *.* ?"

    I hear they have fixed that now with a backup system. :-)
  • 5
    @Nanos But, what's to stop someone from deleting the backup?
  • 9
    Your teacher reminds me of one we had in high school that everyone hated. When people heard he was killed by getting decapitated with a huge garden scissor, they celebrated.

    When they found out it was gossip, they mourned.
  • 4
    Had the same.

    Was literally about to go ballistic on them because everyone with an ever so slight Idea about networking and stuff could fucking destroy their system.

    I mean, just the UAC control level.. IT WAS ON FUCKING LOWEST.

    Tried a couple exploits, fucking old ass gData didn't find shit cause they hadn't updated it in like millennia.

    Fucking idiots.

    Turns out I could use my collections on vulnerabilities to get myself out of sticky situations by selling out one at a time.

    Still got like 6 in store.

    Told the teachers about it, lowkey-"I'll look into it"-response.

    Such a fucking idiot.

    As a demo I literally raped the fuck out of one of their windows installations by using a simple batch script.

    Literally just infinite loop that would spawn a new instance of a command prompt window.

    Needless to say the poor thing died.

    Windows wouldn't boot anymore.
    I don't know why they even allowed an admin command prompt to be opened by a student but okay I guess.
  • 4
    @Ranchu that wouldnt've killed Windows but ok.

    @Stuxnet i am in college yes, it's an intro to CIS class in a fuck-all nowhere college in a farmer's state, these students are all end-users pouring monsters into their keyboards cause it's gotta be thirsty from all that typing amirite
    and yeh cengage's just "here's an EC2 server and free root"

    @SortOfTested i feel so bad for you

    @Nanos uh, permissions systems exist too... we're not back in 9x days when there were 2 permissions: "yes" and "probably"
  • 1
    @Parzi Well it fucking did.
    I genuinely cannot fathom why.
    Fact is, it died and they had to reimage it.
  • 1
    @Ranchu neat. Pagefile death or bad sectors, I wonder?
  • 1
    @Parzi me too actually.
    From what I can remember, the bootloader couldn't find a boot device.
  • 1
    "Report me on whatever bullshit you want, just get it fixed!" -- Security by Priority

    On a more serious note you can fill a complaint about that guy. He said "hacking" so I assume it's a privacy hole and you're the user of that system.
  • 3
    Oh, oh, I've got a better one! Anonymously e-mail Cengage saying:

    "You have a security hole and you should fix it because somebody might use it to /whatever the worst believable thing that can happen here/. Next Thursday. Around 6pm." -- Security by Anonymity
  • 1
    @Parzi I mean I am too (until I moved) but the ppl aren't that fucking retarded lol
  • 1
    @cprn infinite free AWS EC2 servers with a gigabit connection each, as root, which could easily be used to do whatever with. Not a privacy issue, but still possibly devastating. Also there's no email for that.
  • 3
    @Parzi Oh... So what you're saying is you can offer a cheap reliable hosting services?
  • 1

    Some places are still using systems from that era !
  • 2

    Good question !

    Sadly I never got to speak to anyone there to find out, since the second location was even more secret than the first one !
  • 0
    @Nanos what?
  • 1

    Think area 52 and 3/4..
  • 0
    @Nanos you just suddenly went off about old systems but we're not on about shit remotely related? and now... area 52.75.

    fuck are you on?
  • 1
    My first hack was on a Novell network. I was studying for their CNA cert back when things like that kinda meant something. I used VB to create a fake login dialogue and put that as the screen in a lab. Students would wander in and enter their creds and I’d log it to a txt file on the machine. They weren’t even tipped off by the fact that they had to log in twice. Later in the day I’d save the file to a floppy and then poke around in their accounts. Stupid simple but networking software was piss poor back then.
  • 1
    You can post your report here... 😁
  • 1
    @badcopnodonuts It's been like 2 weeks since their support desk has responded, and that was a generic "well we'll reply when we get more info"

    does it start on submission or on case closure?
  • 1
    @Parzi They sound wayyy too comfortable in their contractual position and don’t seem to have any fear
Add Comment