I just wanted to get a thread started with stories of highschool secuirty in hopes that we can make a true compilation... I experienced one form and know a few people who experienced quite a few... And may I add they were all the worst form of security imaginable... in fact some were almost as good as labeling something "please don't click here".

Here is my story: I had a programming class in high school, we weren't the l33t h4x0rz programmers, we were just some kids who had no choice but to take those classes because we were not zoned for that H.S....

So we were doing C(with objects)++ programming. Now there was a problem, every one in a 10 minute period we would get a general protection exception from Windows NT and no reason why our crappy-ass programs crashed. Basically we could not do our school work and sometimes even had our grades threatened because we could not produce output for our projects. Despite our pleas for sanity the teachers refused to believe that they had a retarded system set up.

This was until one kid got really bored and decided "what happens when I press ctrl+alt+delete during logon" and did, and lo-and-behold he noticed their security software running... Of course he killed it with the h4x0ry end-task, and thus his programms started compiling. And I say compiling because our programs compiled with no errors due to this wonderous security software and even executed, but infact they did NOT compile (i have no idea how) i had to compile at home.

I wrote a test during class for this GPE by doing a simple program which looked like this:

#include<stdio.h>

int main(){ printf("hello world"); return 0; }

that caused the GPE, and despite the proof the teacher thought I did something wrong...

So a yr after I graduated I had to come back, and one student showed me the new official logon procedure: ctrl+alt+del, kill security, login... wooh guess theres no need to uninstall now!

As to what security did other than f- us up? Nobody to this day knows! And no, this was not internet security since we had no internet connection :P

I don't understand - what was that so-called security software supposed to do? 

 No idea... Nobody knows. Infact I asked around, nobody knew, but nobody wanted to touch it. "Its an important and core part of our school security" was the best asnwer given. The best runner-up was "We have secuirty?" with "I don't know" as third place.

Edit: When asked as to who installed it, the answer was "It was always there"

dlikhten:

his programms started compiling. And I say compiling because our programs compiled with no errors due to this wonderous security software and even executed, but infact they did NOT compile (i have no idea how) i had to compile at home.

Let's try that one more time, but this time without the self-contradiction.

I agree with whatever Quietust just posted above.

dlikhten:

 No idea... Nobody knows. Infact I asked around, nobody knew, but nobody wanted to touch it. "Its an important and core part of our school security" was the best asnwer given. The best runner-up was "We have secuirty?" with "I don't know" as third place.

Edit: When asked as to who installed it, the answer was "It was always there"

Do you even read what you type before you click post?

I can only assume that "pressing Ctrl+Alt+Del during login" really means "pressing Ctrl+Alt+Del after logging in", since Windows NT hooks Ctrl+Alt+Del in order to do various things and won't bring up the task manager unless you're actually logged in.

Ahh. Makes sense. But, if that is really so, then that so-called security is even worse than I thought. Because a user can only kill his own processes if he doesn't have Administrator privileges. So:

1. Either that "security software" was launched through the Startup folder, or
2. All users are having Administrator privileges

One big WTF either way. 

dlikhten:

that caused the GPE, and despite the proof the teacher thought I did something wrong...

This kind of attitude sometimes extends to corporate IT staff. 

I once worked for a company which, at the site where I worked, had always done software development on hpux.  During the time I worked for them, the idea was floated to port the software to NT, but the desktop NT boxen were all managed by an offsite corporate IT firm, including those used by the software engineers.  Their reply to allowing 'software compilers' to run on *their* desktops was a resounding no.

When pressed, they agreed that software engineers could have a compiler, but each executable would be quarantined until it was OKd by IT staff.  

What followed was true comedy, culminating in corporate IT taking back their beige desktops, and even pulling out our ethernet segment (yes, they took the wire), followed by the local unix IT people bringing shiny new black desktops to share the ether with the hpux boxen.  

arty:

ok... now imagine taking THAT model and moving it into a high-school

Students were assumed (and often were) dumb, and so any error was assumed to be student's fault. Also students managed the computers (the brighter ones at least) but had no admin access. As to how to bring up Task Manager I honestly don't remember the exact procedure, but it involved running task manager before you are fully logged in.

The person who set this up was... well nobody not even the department head knew who that person was.

Also note that our programs COMPILED (c didn't have a problem). BUT there were compilation errors caz i took my program home and found a whole lot of em. And i mean syntax errors. This was using borland compilers and I have no idea what happened to let the programs compile.

And please go ahead and complain about how my spelling sucks. Go ahead... Asshat... comeon I definately have at least 10 mstkes! Find em all for a cookie, and ill make sure you misspell your address on the envelope.

dlikhten:

And please go ahead and complain about how my spelling sucks. Go ahead... Asshat... comeon I definately have at least 10 mstkes! Find em all for a cookie, and ill make sure you misspell your address on the envelope.

You wish I was picking on your spelling... But just in general all of your posts above were incredibly unclear and full of obvious mistakes.

Seriously, take an extra minute or two and just read what you write and you would be a lot better off.

OTOH, if you want me to pick on your spelling, then fine. How can someone who can't even spell security (twice) pick on someone else's security implementation?

Quietust:

I can only assume that "pressing Ctrl+Alt+Del during login" really means "pressing Ctrl+Alt+Del after logging in", since Windows NT hooks Ctrl+Alt+Del in order to do various things and won't bring up the task manager unless you're actually logged in.

Looks like it was Win9x, where Ctrl Alt Del invokes "Kill task" dialog, even before "login".

Sounds sorta similar to my experiances with HS computer security...

When I was there, they had mostly Win9x machines with a security set up that included:

1. Ctrl+Alt+Del somehow disabled.
2. Software that ran in the background and (amoung other things) automatically closed any window with "properties" in the title.
3. All local drives hidden from explorer/open/save.
4. DOS prompt disabled.
5. The "New" menu in explorer was removed (preventing the creation of shortcuts) and right-click had also been disabled.

Since access to local drives was not actually stopped and the only thing actually protecting files on C: was the read only bit (not changeable due to 1 and 4) I decided to look at c:\autoexec.bat as a starting point.

After opening it in notepad simply by typing the path into the open box, i noticed several lines that looked like this:

IF EXIST somefile.bat THEN CALL somefile.bat

Inevitably, some of these .bat files did not exist and there was nothing stopping me from creating them... So I did.

The next step was to work out what I could do from MS-DOS before Windows started to "fix" the security. The first thing I did was to write my newly-created batch file so that it would shell to COMMAND.COM, effectively pausing the boot proccess so I could look around (the F-key boot shortcuts had also been disabled). Eventually I found a file called something like "winkill.exe" which looked like it could be the file responsible for closing "properties" windows. So I removed it's read-only protection, renamed it and exited my shell.

After Windows booted and I logged in, it appeared that I had been correct, "properties" windows were no longer auto-closed. That opened up a bunch of possibilties, such as modifying shortuts to give me access to C: drive in explorer (as well as fixing a bunch of more legitimate actions).

Next thing I did was to download MS Policy Editor, so I could remove the retarded explorer limitations all together.

Unfortunately, a year or so later, everything was upgraded to the much more secure Windows 2000 (that didn't stop me from grabbing a copy of the local SAM file using a boot floppy) and then to XP (which had an "interesting" issue where if you logged in, logged out, unplugged the network cable, logged in and plugged the cable back in you would get much better local access than usual).

Ah, those were the days... 

I think I can beat this.

My school's I.T. department used a bunch of scripting to generate user accounts. This scripting was somehow linked to an Access database. They wanted to give staff the ability to reset students' passwords (for some reason, they wanted to keep track of passwords, so students weren't allowed to change their own), so they wrote up a little VB app that staff could run to reset a student password. It set the password and updated the database.

Anyway, a mate of mine came up to me one day with a list of every student in the school's user name and password... when I asked him how he'd done it, he explained that they stored the database in the netlogon share of the PDC...

*blink*

TheRider:

1. Either that "security software" was launched through the Startup folder, or
2. All users are having Administrator privileges

mallard:

<good story>

At my high school (Win95 days), we had a security suite called Fortress (or something like that) that handled all the security.  Mainly disabling right click and not allowing users to write to the local hard drive, though we could write to our UDS (all 5MB of it) and 

The problem came when some luser resized the taskbar.  In those days, if you did that, your icons would overlap each other and you could only get at the one on top of a stack.  Most of the teachers, etc knew that they could re-arrange the icons by right clicking on the desktop and selecting "arrange icons" but with right-click disabled, we had to get tech support in to fix icons around the building after some serial taskbar resizer struck the school.

belgariontheking:

mallard:

<good story>

At my high school (Win95 days), we had a security suite called Fortress (or something like that) that handled all the security.  Mainly disabling right click and not allowing users to write to the local hard drive, though we could write to our UDS (all 5MB of it) and 

The problem came when some luser resized the taskbar.  In those days, if you did that, your icons would overlap each other and you could only get at the one on top of a stack.  Most of the teachers, etc knew that they could re-arrange the icons by right clicking on the desktop and selecting "arrange icons" but with right-click disabled, we had to get tech support in to fix icons around the building after some serial taskbar resizer struck the school.

At my high school, we had an IT guy who was supposed to lock everybody but students taking programming classes out of the programming apps (because Turbo C++ let you drop down into DOS, at which point anything was possible).  Naturally, when we programming students came in for class one day, we discovered we couldn't use any of the programming stuff.  It took a couple days, but eventually the solution was discovered, which our teacher explained to us while rolling his eyes: the IT guy locked out only to programming students, instead of the other way around, and then was unable to figure out the problem for two days. 

"The command prompt has been disabled by the system administrator. Press any key to continue..."

We needed a prompt because Explorer was crippled beyond use.

Also, the desktop was completely empty, but every ten minutes a balloon would pop up "there are unused icons on the desktop...".

I have three WTFs from school.

When I was mid-way through high school in about 1995 the school had no Internet connection, but there were computers in the library that had MS Works (that's a WTF right there) and a few classrooms had computers. One teacher even let us dial some local BBSs, which was cool.

 Anyway, we eventually got Internet in 1996. It was dog slow, but webcrawler and OnLine Guitar Archive were cool. At this time the teachers started saving student grades in MS Works spreadsheets (or Excel? I don't know) to a network drive. All the computers ran Windows for Workgroups and if you went to a DOS prompt you could access the network drive, copy the spreadsheet to the computer, and edit it, then save it back to the network drive. I did test this and it worked.

 A second WTF was from the following year. One of the science classrooms had a supply storage room converted to a computer room and at lunch myself and one of my friends would sometimes browse the net. One day one of the computers was left logged in as an admin user so I ran MS Paint and made an image that said "School sucks!" and made it the system wallpaper. The next day the science teacher said one of the computers was hacked and he wanted to know who did it. I didn't get caught.

 A better WTF comes from university. The computers there were new Windows 98 machines that were connected to a Unix network. During class one of the computer science professors said that every year the network would get hacked at least once by a third or fourth year student and as long as no damage was done and a comp sci teacher was notified the school thought it was a good learning experience and nobody would be punished, but that nobody in first year would ever be able to do it. Sure enough, nobody in my class knew very much about Unix and searching online for hacks didn't find anything that worked.

Myself and a friend decided that Windows was clearly the weak link. Unix and Windows passwords were the same, so if we were able to compromise a Windows system to steal a password we could then use it to login to the Unix network. Windows 98 had no security to speak of so we could perform admin tasks. We wrote a Visual Basic program that looked identical to the Windows login screen and we set that as the Windows shell so after login Windows would load our program and the user would be presented with a dialog that said the password they typed was incorrect and they would type it again. We logged the password to a file on the c: drive and then loaded explorer.exe. We had plans to have the program automatically copy itself to the user's network startup folder so it could modify every computer that user logged into, but that proved unncessary. We simply loaded it onto a few computers and then broke a few settings and waited until one of the network admins came to fix it. After getting their password we were able to login to the Unix file server and using sudo we could do whatever we wanted. We made a text file with our names in it called 'hacked by first years' in the comp sci professor's network drive. I got some notoriety out of it from other geeks when the prof brought it up in class, but in case you were wondering, hacking the school's file server doesn't make you popular with girls. Not even with the two girls who were taking comp sci. Howeve, we did break into the network sooner into the school year than any other students ever had done.

My high school was so crappy that they didn't even offer any sort of computer/programming class beyond "how to use word/excel."  (I graduated in 1999.)  Does that count as a WTF? 

AbbydonKrafts:

the Tandy 286 I used at home kept planting a boot virus on the floppy disks

Wait... What?!