Discuss Scratch
- Discussion Forums
- » Advanced Topics
- » School IT
- herohamp
- Scratcher
1000+ posts
School IT
I found a spreadsheet of all the current students, parents email/phone number, address, student id, and password. and yes, I anonymously reported the issueGood for you.We found spreadsheets of the usernames and passwords of all the pupils in the school from 2010…Same here! I've also found things like security cameras, printers, network shares with the final exam, only hidden with a dollar sign… It's amazing how bad my school's security is if you bother to look for even a few seconds I've found enough loopholes in the school security to host web servers from the school PC…
Sigton
Sigton
Last edited by herohamp (Nov. 11, 2017 14:02:21)
- Sigton
- Scratcher
1000+ posts
School IT
Well is it really our fault if they leave them all sitting on the server? Your school should expel you. Sure, breaking into the system to install software or to make life easier is something that is acceptable and that I have done, but you're actively invading the privacy of fellow students and teachers? That's just not cool.
Our school doesn't block powershell either. Bad school IT: Not blocking powershell.
wmic useraccount list brief
Bam! List of full names and ages of everyone in the school, including teachers. Told the IT and they did nothing.
Sigton
Last edited by Sigton (Nov. 11, 2017 14:28:54)
- -stache-
- Scratcher
500+ posts
School IT
I mean they did technically give you permission to access it in their server giving it to you, no?Well is it really our fault if they leave them all sitting on the server? Your school should expel you. Sure, breaking into the system to install software or to make life easier is something that is acceptable and that I have done, but you're actively invading the privacy of fellow students and teachers? That's just not cool.
If someone knocks at the door and the dude you put at the door to open it let you in against your wishes, is it that someone's fault? lol
- Jonathan50
- Scratcher
1000+ posts
School IT
Was it called “THE USERNAMES AND PASSWORDS OF ALL THE STUDENTS.xlsx” or just “Spreadsheet1”?
Not yet a Knight of the Mu Calculus.
- herohamp
- Scratcher
1000+ posts
School IT
(schoolnamel)students2017 Was it called “THE USERNAMES AND PASSWORDS OF ALL THE STUDENTS.xlsx” or just “Spreadsheet1”?
- Sigton
- Scratcher
1000+ posts
School IT
We didn't steal it.Man, is it really our fault if we steal stuff from a house just because the door's unlocked?Well is it really our fault if they leave them all sitting on the server? Your school should expel you. Sure, breaking into the system to install software or to make life easier is something that is acceptable and that I have done, but you're actively invading the privacy of fellow students and teachers? That's just not cool.
Sigton
- myeducate
- Scratcher
500+ posts
School IT
It's common practice to put user account info in CSV files.(schoolnamel)students2017 Was it called “THE USERNAMES AND PASSWORDS OF ALL THE STUDENTS.xlsx” or just “Spreadsheet1”?
INACTIVE
SPA Member and Assosiate - Creator and overlord of ScratchNetwork - 700+ Forum Posts - Web and Desktop Dev - Fluent in VB, PHP and HTML. I'm okay at CSS and Javascript but am still learning. Sig written in PHP using the picture libary. Firebase is fun.
- TheUltimatum
- Scratcher
1000+ posts
School IT
Oh, it is? Sony definitely did this so I guess it's fine.It's common practice to put user account info in CSV files.(schoolnamel)students2017 Was it called “THE USERNAMES AND PASSWORDS OF ALL THE STUDENTS.xlsx” or just “Spreadsheet1”?
- JGames101
- Scratcher
100+ posts
School IT
Well… all of our passwords were student.They told us our passwords by showing the spreadsheet of everyones password to the whole class. All email passwords in spreadsheet accessible to all teachers…
ALL OF THEM.
They didn't teach us how to change them until High school (grade 8-12 where I live), and they reset them every three months, NOT WHEN REQUESTED. It's… pretty sad. They also wanted us to use Office 365 to store all of our school files, which used the same accounts. That meant that if you knew someone's user number, you could login to their account, get all files stored in their drives AND on their school cloud storage, and generally be evil. This is all theoretical, but it's very easy to even accidentally login to someone else's account.
- TheUltimatum
- Scratcher
1000+ posts
School IT
Not when the user passwords are {name} + {age}.Well, I don't think your school would care if you know the names and ages of people, as it is already obvious, and you don't need to hide it.PLEASE READ BEFORE POSTINGBad school IT: Not blocking powershell.
-snip-
wmic useraccount list brief
Bam! List of full names and ages of everyone in the school, including teachers. Told the IT and they did nothing.
Last edited by TheUltimatum (Nov. 15, 2017 03:23:25)
- Jonathan50
- Scratcher
1000+ posts
School IT
Except if you go to a big school with hundreds of students. Still, everyone is already aware of your name and age, so it's irrelevant.
Not yet a Knight of the Mu Calculus.
- herohamp
- Scratcher
1000+ posts
School IT
This not school IT but my login system on a site I made for someone…
https://cdn.discordapp.com/attachments/377218477066420226/380505459078987778/image.png
ik it's bad and insecure but for all they know it's secure and there is nothing that needs to be super secure behind it
https://cdn.discordapp.com/attachments/377218477066420226/380505459078987778/image.png
ik it's bad and insecure but for all they know it's secure and there is nothing that needs to be super secure behind it
Last edited by herohamp (Nov. 16, 2017 00:41:38)
- TheUltimatum
- Scratcher
1000+ posts
School IT
Correct, but I don't go to a “school” in general so probably what I say is null and void.Except if you go to a big school with hundreds of students. Still, everyone is already aware of your name and age, so it's irrelevant.
- TheUltimatum
- Scratcher
1000+ posts
School IT
Uh… What happens when someone gets rid of the “/login” part of the url? This not school IT but my login system on a site I made for someone…
https://cdn.discordapp.com/attachments/377218477066420226/380505459078987778/image.png
ik it's bad and insecure but for all they know it's secure and there is nothing that needs to be super secure behind it
- Jonathan50
- Scratcher
1000+ posts
School IT
I don't either, and in the past I've been to 3 schools with very low (all under 40) studentsCorrect, but I don't go to a “school” in general so probably what I say is null and void.Except if you go to a big school with hundreds of students. Still, everyone is already aware of your name and age, so it's irrelevant.
Not yet a Knight of the Mu Calculus.
- bybb
- Scratcher
1000+ posts
School IT
Year 8 students got everyone banned from laptops at Lunch and Break. Luckily, I have a laptop only I can use!
- bybb
- Scratcher
1000+ posts
School IT
FRII GAEMS!!1!11!What were they up to? Year 8 students got everyone banned from laptops at Lunch and Break. Luckily, I have a laptop only I can use!
Scratch got blocked at my school a few months ago since kids were playing games in lesson and it was blocked as “just another games site”. Luckily, it's unblocked now.
To everyone, has Scratch ever been blocked by your school?