Recent Posts

3701

Living Room / Re: Computer science student expelled for testing university software security

« Last post by Renegade on January 22, 2013, 11:18 PM »

Useful timeline of events and facts here:
http://www.hamedhelped.com/

Reading it just makes me more convinced that the computer science department at Dawson has behaved unforgivably; if they have a different set of facts they need to present them publicly.

-mouser (January 22, 2013, 10:43 PM)

From that page:

November 14th

Hamed is asked to meet with Diane Gauvin. She hands him his letter of expulsion citing professional misconduct. Security is on hand to immediately confiscate his Student ID.

Ummm... Does anyone know the difference between "professional" and "amateur"?

Students are amateurs. It doesn't matter how smart or how good their grades are - they are amateurs. They are unpaid.

Professionals are paid to perform a task/service. They perform that task/service for a living. Consistently.

What he did may have been misconduct, but it certainly wasn't professional misconduct.

If you hire Joe Blow because he needs a job, and has dabbled in XYZ, you're hiring an amateur. If you hire John Doe because he does XYZ for a living, you're hiring a professional. Not a particularly difficult concept to understand.

But I raise the issue because I've seen the word "professional" thrown around, misused, and abused in a few different areas. The Humpty Dumpty interpretation of language seems to be more prevalent now with educated people that should know better. I'll leave that there though...

Now, to tie this back into the thread, mouser pointed out previously about "weasel behaviour", and this is exactly that kind of deceptive garbage used by weasels and rats to wiggle out of the messes they create for themselves. They twist words far beyond their meanings in hopes of obfuscating the facts.

3702

Living Room / Re: Java's Deceptive Installation

« Last post by Renegade on January 22, 2013, 09:33 PM »

Just install the developer version! No crap in there~!

3703

Living Room / Re: silly humor - post 'em here! [warning some NSFW and adult content]

« Last post by Renegade on January 22, 2013, 11:27 AM »

I'm really liking mouser's Easy Screencast Recorder~!  

-Renegade (January 21, 2013, 08:12 AM)

Remember, Renegade Endorses Mouser's Easy Screencast Recorder.
That's Easy Screencast Recorder folks! By Mouser! All rights reserved. Some restrictions apply. See Mouser and Renegade for details. But they haven't prepared the pamphlet yet.

-TaoPhoenix (January 22, 2013, 11:05 AM)

Well, so far the "Renegade" portion of the pamphlet is limited to trivial hacking of web pages for the sake of making a mockery of bureaucrats. Not sure that mockery was what mouser had in mind for ESR, or that he'd approve of Renegade's renegade use of ESR.

I still approve of ESR though. Even for rebellious mockeries of all many hold sacred~!

3704

Living Room / Re: Computer science student expelled for testing university software security

« Last post by Renegade on January 22, 2013, 07:31 AM »

But that's been the historic response whenever arbitrary acts of authority get challenged.

-40hz (January 22, 2013, 06:52 AM)

"Why?" seems like a natural enough and reasonable enough question to me.

Yet we're debating what exactly?

-Stoic Joker (January 22, 2013, 07:06 AM)

Good point. I think we should get on to what students SHOULD do. i.e.

• Report vulnerabilities
• Don't report vulnerabilities
• Sell exploits to pay for books & tuition
• Publish the exploit on Twitter & PasteBin then watch the SHTF?

-Renegade (January 22, 2013, 12:16 AM)

I'm voting for #4 as it would be the most entertaining~!  

3705

Living Room / Re: Cookies, EU Regulations, and Making a Mockery of it All :D

« Last post by Renegade on January 22, 2013, 06:24 AM »

@Renegade: I've seen this idea before. I think maybe it was a tip in another post of yours somewhere.(?)

-IainB (January 21, 2013, 05:25 PM)

I remember that one
http://www.youtube.c.../watch?v=3x4TvQc1wtU

Automation would be nice

-tomos (January 22, 2013, 04:06 AM)

I totally forgot about that!

It just kind of pisses me off. They do such a crappy half-baked job of it, which is really what just drives me nuts. Actually, I just laugh as I spout out random insults.

It's just so entirely trivial to get around. Like, if you're going to do it, do it right. None of this candy-ass kindergarten silliness.

It actually reminds me of the Black Knight a bit:

3706

Living Room / Re: Computer science student expelled for testing university software security

« Last post by Renegade on January 22, 2013, 06:14 AM »

but i think we cannot let big organizations get away with this weasel behavior of saying: "trust us, if we explained to you the real reasons behind our actions you would understand, but we've decided we are not going to tell you the real reasons because [insert bullshit lie here]".

-mouser (January 22, 2013, 02:57 AM)

THAT! Yes! That! 

+1

3707

Living Room / Re: silly humor - post 'em here! [warning some NSFW and adult content]

« Last post by Renegade on January 22, 2013, 06:09 AM »

This is funny...

http://www.telegraph...he-Lightning-II.html

The "F-35 Lightning" (that's the name), at GBP 150 million per plane, cannot fly in lightning or storms.

How to defeat it? Outfit some Cessnas from farmers for cloud seeding~!

Figure around GBP 200,000 or so per aircraft, then throw in a generous 100k for outfitting it and for silveriodide... GBP 300,000... Hmmm... so, for the price of 1 F-35, you can easily get a fleet of 500 aircraft to defeat it. And never fire a shot~!

3708

Living Room / Re: Computer science student expelled for testing university software security

« Last post by Renegade on January 22, 2013, 02:10 AM »

^^ You guys have some good points, but no matter how many hypotheticals, I just can't get over this:

It's typical cowardly ass-covering behavior: insist there are some special secret facts that justify what they did and find some way to stall releasing it until the attention dies down.

-mouser (January 22, 2013, 12:37 AM)

It seems like the typical answer now. There was another thread with an article posted in it about an FOIA request... Oh sure they got the document. Completely redacted. As in almost 100% - the cover sheet had a few lines of text on it.

While there may be good reasons for some secrets, why is it that everything is a secret?

"We can't divulge that because it's sensitive information." Oh really? Please tell me more about the information's feelings. 

3709

Living Room / Re: Computer science student expelled for testing university software security

« Last post by Renegade on January 22, 2013, 12:16 AM »

To those defending the expulsion. Would you prefer if he would just keep the vulnerabilities secret and later he or someone else just abuse them? Because knowingly or not thats what you are advocating here.

-rxantos (January 21, 2013, 11:55 PM)

A thought popped into my head there while reading what you wrote.

What signal will this send to the next student?

• Report vulnerabilities
• Don't report vulnerabilities
• Sell exploits to pay for books & tuition
• Publish the exploit on Twitter & PasteBin then watch the SHTF?

Hmmm...

3710

Living Room / Re: Computer science student expelled for testing university software security

« Last post by Renegade on January 21, 2013, 11:19 PM »

The job offers are starting up now.
He may have fast-tracked his career!

Report says even Skytech is offering.
Hm, I think there will be more info sometime tomorrow.

http://news.national...es-to-reinstate-him/

-cmpm (January 21, 2013, 11:05 PM)

Sounds like things will work out for him! Good to hear! 

3711

Living Room / Re: Computer science student expelled for testing university software security

« Last post by Renegade on January 21, 2013, 11:17 PM »

You run a kinder and gentler shop than most if that's the case. Most of my experience has taught me when the poo really hits the fan it's shortly followed by a few sysadmins being thrown through those same blades.

-40hz (January 21, 2013, 10:10 PM)

Hahahahaha~! I love the metaphor there!

Still, let's remember that this guy is a STUDENT and not a sysadmin professional. He doesn't have 10 years of experience running large systems, and is unlikely to really understand a lot of the issues that sysadmins face. Sure, he may "know" XYZ, but there's a very big difference between "knowing" and "understanding".

Sysadmins are highly educated, well paid, experienced people that have been around the block probably more than a couple times. When they drop the ball through incompetence, well, yeah - there's hell to pay. But I'm not so sure that applying the same standards to amateurs (students) is really, meh. I'll drop it. Not the ball! I mean drop the whole amateur/pro thing.

3712

Living Room / Re: Computer science student expelled for testing university software security

« Last post by Renegade on January 21, 2013, 09:21 PM »

@40hz - Yeah, I know he kind of screwed up there. I can see also why he'd think that with a test account that he was given implicit permission to "test".

And yeah, I know keeping large systems up and running smoothly isn't an easy job. I do have sympathy for sysadmins - they seem to have one of those jobs where when the SHTF, it really hits the fan and splatters everywhere.

I've been rather one-sided above there and not very clear - to me, this seems to be about proportionality. So, did he screw up? Sure. Is he a baby seal skull bashing antichrist? Not really. What's a proportional response? I think StoicJoker had the right idea there - reel him in then scare his pants brown.

I hope he manages to get into another school there.

3713

Living Room / Re: Computer science student expelled for testing university software security

« Last post by Renegade on January 21, 2013, 08:19 PM »

Audio interview with the sudent:
http://www.cbc.ca/pl...treal/ID/2327525012/

-mouser (January 21, 2013, 02:58 PM)

If anyone listened to that... the student was GIVEN A TESTING ACCOUNT. What do you do with test accounts? Errr... test maybe?

Just to add insult to injury, he was given all zeros for all his grades.

Nice. Kick 'em while he's down why don't ya? Show 'em who's the boss.

Proportionality has disappeared from "laws/rules/regulations/whatever". I could give recent examples that would simply blow your mind, however, as they're real, and so utterly insane, they can only be put in the Basement.

The fact that he, on his own, informed them about the vulnerabilities the first time, tells you everything you need to know about his intentions, his moral character, and the nature of the "threat" he supposedly posed.

-mouser (January 21, 2013, 03:06 PM)

+1 - Agreed. Now if he'd have polked it twice all sneeky and quiet...then I'd be up for a BBQ. But that ain't what happened.

-Stoic Joker (January 21, 2013, 03:15 PM)

+1 and +1


Nothing better than BBQing a Good Samaritan though! They're not all that common, so when ya find 'em, better cook 'em up real quick!

3714

Living Room / Re: PowerPwn: Power strip by day, Hacking device by night!

« Last post by Renegade on January 21, 2013, 11:16 AM »

Ok... that's just evil. 

-wraith808 (January 21, 2013, 10:06 AM)

I think Cthulhu would be proud! Don't you?

3715

Living Room / Re: Computer science student expelled for testing university software security

« Last post by Renegade on January 21, 2013, 11:15 AM »

Hey, did that student pay for his license?

http://www.acunetix.com/ordering/

Acumotherkillerservertrixiephant Seems a bit beyond student budgets...

Maybe he should be crucified for that too!

(Just kidding! The university probably has licensing to cover students. Meh? What the heck! Let's have a good old fashioned lynching! )

Maybe ethics courses or legal courses should be included in first year university?

3716

Living Room / Re: Computer science student expelled for testing university software security

« Last post by Renegade on January 21, 2013, 09:41 AM »

+1 for mouser.

As for the legality of it? Meh. Not really all that interested in legal BS. Especially when you've got laws that make it illegal to get drunk and pass out in your own bathroom.

http://cynic.me/2012...toilet-in-cambridge/

Sure, maybe it's possible that he could crash the system. Only goes to show that they don't have any protection against DOS/DDOS there. Chalk another point up for the good guy.

I know what you mean about pros getting fired, and laws, and all that. I've simply lost any kind of interest in "legality" anymore. Laws are created by lobby groups, and not by the people. Why should anyone care what the letter of the law is anymore? Ok, I'm being extremely cynical, but sheesh... Like mouser points out, he's a student trying to help out and doing a damn good job of being a good student! But expulsion? Sheesh. Why throw the baby out with the bath water when you can throw it in the blender?

Is there no balance in the law? Is there no compassion? Is there no justice? Is there no sanity left? Has the letter of the law become so important that we've sacrificed our common sense and humanity on the altar of the "law books"?

What happened to proportionality?

3717

Living Room / Re: Computer science student expelled for testing university software security

« Last post by Renegade on January 21, 2013, 09:03 AM »

So, he helps them, they say they took care of it, he checks, he gets expelled for checking.

Yup. No good deed goes unpunished.

3718

Living Room / Re: silly humor - post 'em here! [warning some NSFW and adult content]

« Last post by Renegade on January 21, 2013, 08:15 AM »

No idea if this is right, but it very well could be:

http://www.all4humor...sane-statistics.html

This is funny and sad at the same time…can you imagine working for a company that has a little more than 500 employees and has the following statistics:

29 have been accused of spousal abuse
7 have been arrested for fraud
19 have been accused of writing bad checks
117 have directly or indirectly bankrupted at lease 2 businesses
3 have done time for assault
71 cannot get a credit card due to bad credit
14 have been arrested on deregulated charges
8 have been arrested for shoplifting
21 are currently defendants in lawsuits
84 have been arrested for drunk driving in the last year

Can you guess which organization this is? ... Give up yet?

It's the 535 members of the United States Congress. The same group that crank out hundreds of new laws each year designed to keep the rest of us in line.

3719

Living Room / Cookies, EU Regulations, and Making a Mockery of it All :D

« Last post by Renegade on January 21, 2013, 08:12 AM »

I came across a site that wanted to place a cookie, and warned me about it and told me all kinds of wonderful things about EU regulations and complying with them.

So? What should I do? Make a mockery of it of course~!

It's in HD if you want to watch it larger.

I'm really liking mouser's Easy Screencast Recorder~!  

3720

Living Room / Re: Internet freedoms restrained - SOPA/PIPA/OPEN/ACTA/CETA/PrECISE-related updates

« Last post by Renegade on January 21, 2013, 07:07 AM »

^^ Reminds me of the film "The Corporation" where corporations are characterized as psychopathic.

3721

Living Room / Re: PowerPwn: Power strip by day, Hacking device by night!

« Last post by Renegade on January 21, 2013, 12:07 AM »

I'd hate to be a sysadmin right about now...

-wraith808 (January 20, 2013, 11:38 PM)

It only gets worse...

http://pwnieexpress....for-the-raspberry-pi

Raspberry Pwn: A pentesting release for the Raspberry Pi

 Pwnie Express is happy to announce the initial release of Raspberry Pwn! Security enthusiasts can now easily turn their Raspberry Pi into a full-featured security penetration testing and auditing platform! This fully open-source release includes the following testing tools:

SET, Fasttrack, kismet, aircrack-ng, nmap, dsniff, netcat, nikto, xprobe, scapy, wireshark, tcpdump, ettercap, hping3, medusa, macchanger, nbtscan, john, ptunnel, p0f, ngrep, tcpflow, openvpn, iodine, httptunnel, cryptcat, sipsak, yersinia, smbclient, sslsniff, tcptraceroute, pbnj, netdiscover, netmask, udptunnel, dnstracer, sslscan, medusa, ipcalc, dnswalk, socat, onesixtyone, tinyproxy, dmitry, fcrackzip, ssldump, fping, ike-scan, gpsd, darkstat, swaks, arping, tcpreplay, sipcrack, proxychains, proxytunnel, siege, sqlmap, wapiti, skipfish, w3af


Download your Raspberry Pwn here: https://github.com/p...xpress/Raspberry-Pwn

Special thanks to @zenofex for letting us borrow his Pi. Enjoy!

- The Pwnie Express Team

Sysadmins! Welcome to HELL~!

3722

Living Room / Re: PowerPwn: Power strip by day, Hacking device by night!

« Last post by Renegade on January 20, 2013, 11:25 PM »

The former.  That's why I think it would be so insidious.

-wraith808 (January 20, 2013, 08:46 PM)

And, while you're at it, might as well take the evil to a slightly lower level:

http://pingbin.com/2...p-wifi-raspberry-pi/

Make the PWNIE wireless, hide it out in the open, then you only need to hide the PB, making concealment just a bit easier.

3723

Living Room / Re: PowerPwn: Power strip by day, Hacking device by night!

« Last post by Renegade on January 20, 2013, 10:12 PM »

The former.  That's why I think it would be so insidious.

-wraith808 (January 20, 2013, 08:46 PM)

Damn. You're right. You could hide the combo anywhere then once you connect to the PB from the computer, boom... PWNAGE~!

Very insidious. Maybe I should make them and sell 'em on eBay~!

3724

Living Room / Re: PowerPwn: Power strip by day, Hacking device by night!

« Last post by Renegade on January 20, 2013, 07:55 PM »

That is true... but there's a more insidious way to do it if you have inside help- one that's harder to trace.  Bridge the network connection on a legitimately connected computer...

-wraith808 (January 20, 2013, 11:58 AM)

So a computer on the network connects to the PB, which is connected to the Pwnie? Or, the Pwnie connects to the computer and to the PB?

3725

Living Room / Re: silly humor - post 'em here! [warning some NSFW and adult content]

« Last post by Renegade on January 20, 2013, 07:51 PM »

@Iain - Those were good! The math one was particularly clever!