I got in trouble for a bunch of things. I wrote a utility that was supposed to cover up the "system tray" clock (with an identical one with context menu) so I could run command line apps on school computers, but the system thought it was a virus. (I guess Delphi 3 apps named iexplore.exe are suspicious? :P)
Then I embedded the Game Maker installer in a Powerpoint presentation, since it was one of the few ways to be able to run a foreign exe (along with zip files, but they are more obvious targets and they're more likely to inspect them).
Then I exposed (didn't exploit) a serious XSS issue in the school's VLE, which of course they gave me a final warning for.
Edit: The School's IT policy, previously a single A5 page, became two-and-a-half A4 pages thanks to me.
At my school for whatever reason I was able to change for whatever reason the hosts file. I changed the popular mail service to redirect my clone site to collect passwords... I got caught in a week.
I sniffed the traffic of my schools network, performing an ARP-poisoning attack, and then redirecting all traffic to https://internal.schoolwebadmin.thing.com to http://internal.schoolwebadmin.thing.com and caught the person attempting to login to update the internal web site of the school. Then I updated internal website-info, changing the https://accessitfromoutside.com link to http and started sniffing that server again. Over-night I got around 400 passwords from both teachers and students one of which was the administrators password for the local domain, where I could do many more things. But then it stopped being fun and I played counter strike again.
For some reason I still don't understand today, 9 of us in my high school programming class had read permission on absolutely everything. It was only students numbered "01" through "09" in that particular class -- I checked the border conditions in a very OCD-style.
I remember in high school, the computers where running windows 95. They used this shell hacking "protection" software called Fortress. It worked by hiding buttons and menus and trying to prevent you from opening up various apps or clicking certain files in common dialog boxes.
My first "hack" was just a boot disk that simply copied fortress.exe to another directory (a little choice.exe with autoexec.bat magic).
The second hack came later. The computers were upgraded to Windows 98 and my autoexec.bat trick stopped working because of a BIOS password. Thankfully the machines came with Word which had nice shinny feature called Visual Basic for Applications. Most of the shell was hacked to hide menues still in Fortres 2.0 but good old VBA was still accessible. Using VB I could call Win32 apis and it was just a few calls to enumerate and kill the startup entries for fortress in the registry.
The best part of this was that it was all sanctioned activities sort of. The IT department was in a central building downtown (30 minutes away from our school) and who was always a pain to work with for the teachers. Their gradebook apps failed under fortress and even their teacher passwords failed to disable all the shell hacks. Shutting off fortress was the only compatible way to get things to run correctly for the teachers.
At first when the local IT department found out, they laughed, but then later got upset when the disk of my magic word document spread. It was making it's way across the district via email lists.
At some point in the school year I got accused of spreading 'a virus' to other students that allowed them to download 'warez' on school computers. Apparently fortress was the only thing preventing kids from using WinPopUp and windows NT messenger to send broadcast messages to all desktops across the network.
I tried to fight it and explain exactly how the thing worked and the silliness of shell hack in the first place. It didn't work. The Principal said I was hacking regardless and suspended me. After getting the suspension (and after they called my parents who knew before I did and were very upset already), I quickly called the computer programming teacher (who knew knew C++ and VB and had previously been an assistant for in my sophomore year). He called the principle and super and explained that I was not hacking and that I was 'improving productivity' and that the IT department's policies were hindering teachers. I got out of the suspension by the super the next day but no apology was given. Just a stern "stop hacking" the next week when I got back.
I was later voted most likely to succeed by my class. Apparently in a class size of 1200+, I was well known for my exploits.
Open up "DEBUG" in a DOS prompt, and write a few-line assembly loop that writes increasing register numbers to port 70h (register select), and 0 to port 71h (value) -- to reset CMOS memory with all 0's.
Then you can just enter BIOS to set it all up from scratch.
"Fortunately", back in the days when I was at school, the BIOS tended to have backdoor passwords that were easily googleable. That stopped working eventually, but then I happened to procure for myself a second-hand school computer which turned out to have the BIOS password still set when I bought it. Short work to then run a tool to read the password directly from CMOS.
I've forgotten what it was, but for all I know they're still using the same password. Oh, the lengths I went to to run linux livecds...
Funny that you did it this way - I just wrote a single byte using 'o' directly from the prompt, which was enough to ruin the checksum and cause the bios to reset to defaults.
I've personally seen a BIOS implementation (on an HP computer, I think) that would let you in if you typed in an incorrect password three times. That was pretty hilarious, maybe the programmers thought that nobody would be that tenacious?
My internet forebears had already catalogued most of Fortres' flaws by the time I became familiar with it, but most of the holes had been closed upstream. The one obvious chink in the armor that still remained was their "Backdoor Password"
If you keyed Ctrl+Shift+Esc, an Unlock dialog would pop up and prompt you for the admin password. Alternately, there was a 6 digit integer in the titlebar that you could give to Fortres customer support and they would give you back a corresponding 6 digit unlock code. Some enterprising individual had figured out this algorithm and published the VB(6?) source for a keygen application.
My contribution to The Fight was a port of the keygen to the TI-83+ (it was a very prevalent platform at the time). No acclaim ever came to me for the port however; after I experienced the IT personnel rage when they discovered a classroom full of un-hobbled PCs, I decided to keep the authorship a secret.
Coincidentally I did some TI-83/84 hacking my self and went to go work for TI after school in the education/productivity group on that same calculator line.
I knew of the secret fortres screen but didn't know there was any keygens out there. Heh.
My High School had fortres installed, and I recall that one day, another student came to school with the latest issue of 2600 magazine, which contained the necessary code to crack the fortres backdoor from a TI-86 calculator. From that day forward, high school computer classes got a lot cooler.
Reminds me of my high school days, though I don't recall the software being named Fortress. I'm thinking it was something else, but same idea. Eventually the teachers gave a small group of us formal access to disable it as they realized we weren't out to be malicious, only wanting to make full use of the computers.
My school used one called "PC Lockout". It wasn't long before the necessary DEBUG.EXE commands to switch a strategically chosen JNZ to a JZ were being distributed.
I recall that Fortres had an admin password common to all installations, so that their support people could access and troubleshoot machines. The "quick and dirty" way to get past the app, I guess.
Our staff also didn't find "net send *" very amusing...
> I was later voted most likely to succeed by my class. Apparently in a class size of 1200+, I was well known for my exploits.
I know, off topic, but I'm really wondering. You guys have "who's the smartest kid" elections in high schools? Which country is that? What's the idea behind these things?
High school CS was my first exposure to what 'hacking' usually is. Grade 11, we were learning VB6 (don't ask). Our term project was to make a game, and three of us decided that we wanted to make a top-down shooter that had networked multiplayer. We soon figured out that only teacher accounts could see other computers on the network, so the obvious solution was to obtain the teacher password. Cue 48 hours straight of my poor 200Mhz Pentium Pro (with MMX!) trying to crack the SAM file, with no success. Frustrated, I was in the lab after school and went to grab a paperclip from the teacher's desk to reset the BIOS password. Open the drawer, and what do I see? The teacher's login and password written on a sticky note.
The game actually kicked ass, and the teacher never did figure out how we made the multiplayer work. We told him "it uses socks".
There's something amazing about programming in that regardless of whether you're a 100-year tree in the forest like Jeff Atwood or a hapless sapling stumbling about on Codeacademy you can still add value both as a developer and a community member.
I've been coding for 10 years now and have reached the point where I'm reasonably handy but I look at a post like this and the sedimentary layers upon layers of experience that Jeff has and feel like a total novice. And yet I can still build stuff that's useful. I can still help people on StackOverflow and I can still learn from the giants above me.
I had no idea when I got into it but in retrospect it's pretty awesome to have chosen a career with such an updraft for newcomers and where everyone at almost every level can meaningfully teach, learn and contribute.
Jonny looks around, confused, his train of thought disrupted. He collects himself and stares at the teacher with a steady eye.
"I want to develop business application enterprise solutions," he says, his words becoming stronger and more confident as he speaks.
"I want to write something that will add value to the community. I want them to walk away from the computer simply because it's 5PM and that's it for another day at the office. I want to write something that will reach out to end-users, and conforms to requirement specifications. I want to write something they are reluctant to upgrade, knowing that nothing they deploy that quarter will be quite as stable, as backwards-compatible, as good. I want to write enterprise data store solution software architectures."
Silence. The class and the teacher stare at Jonny, stunned. It is the teacher's turn to be confused. Jonny blushes, feeling that something more is required. "Either that or I want to be a fireman."
I was poking around on the school computers and I found a (world readable) script for joining the AD (these were macs, so there was some black magic going on), with an username and password in it. Turns out that username and password was the administrator account on almost every server in the school, which were all accessible through remote desktop.
The details are a bit fuzzy, but I remember a certain computer lab of mac classics on an applets network. We installed some extension that let you send messages to other computers, and even put it on the teachers computer, which was connected to a projector. In retrospect photoshopping his head onto a playboy centerfold and resediting it into the extension and removing the reply button, and then sending it to him during class on the projector, well that was probably a bit much.
They tried several types of lockdown software, nothing ever actually worked. You can't stop kids from playing games.
At college, we had AIX Unix terminals that ran in character mode. I wrote a program to simulate the login screen. It would record your user/password to a file and then throw an 'Invalid Login' error and then actually logoff and give you the real login screen. So no one suspected anything.
After I was done with a terminal, I'd run this program and leave (knowing full well, that someone could Ctrl-C to terminate the program and get access to my account though no one ever did)
I got more than a few passwords with this. But didn't actually do anything with them. I felt bad and deleted the program and passwords after some time.
That's more or less exactly it. Ctrl+Alt+Del causes a switch from the interactive desktop (WinSta0\Default) to the Winlogon desktop, which no other process has access to. Windows code also contains a special rule for interrupting the Ctrl+Alt+Del combination to prevent other applications from hooking into it and overriding the default functionality.
Technically it is possible to get other processes to run in the Winlogon window, but that requires messing around with security tokens, among other barriers.
I think either VirtualBox or VMware Workstation can detect Ctrl-Alt-Delete - it then asks you if you meant to send that to the guest VM. Any idea how that works if there's protection on Ctrl-Alt-Delete?
Ctrl-Alt-Del fires an IRQ. As such, it can't usually be fired remotely - although some utils work around it by making API calls at the client end to trigger the behavior, depending on context.
Some flavors of VMware hooked the IRQ on the host machine and responded to that (not sure about VirtualBox, never thought to check that.) They can send it to the virtual machine easily, as they are also providing the a virtual bios/hardware layer.
Vmware detects it, but doesn't stop it dumping you to the lock screen. The result is you hit control Ctrl-alt-del, lock screen pops upp, you get out of the lock screen, and there is a vmware popup saying "hey! You probably meant to use Ctrl-Alt-Insert instead!"
Back when my high school switched from Win 98 to one of the NTs, and Ctrl-Alt-Del started being used to log in, I thought about making an application that looked like the login UI itself, as if someone else had pressed Ctrl-Alt-Del but then got distracted before actually logging in. But I didn't have the skills to do it.
The best I got was finding out how to launch cmd.exe on NT, when the system had been locked down to disallow right clicks on the desktop, no desktop icons, and only approved programs in the start menu. I think it involved navigating the help system to a certain page that had a link to Explorer. Then I explored the network until I found an unused share somewhere, where I put gcc and started teaching myself C.
The command prompt also let me use the "net send" command to send messages to other computers, which was fun.
you could have trapped Ctrl-C. You could also check if password hashed matched what was in the password file. I use to hit ^C and enter a few wrong passwords everytime because of this. I wrote such a program too, but the most fun I had was doing it in Turbo C to get access to the mainframe of the school district while i was in high school. Unix shells were so easy back then.
My BASIC teacher saw me writing a login screen program and thought it was cool. I wasn't making any attempt to hide it, though.
But it did take a long time to write, because I had to make the IBM logo out of extended-ASCII by hand, and even then it was clearly running inside a BASIC interpreter really really slowly.
In college, the machines in the computer labs had no speakers, but I found out that by logging on the TTY you could make the PC speaker beep at an arbitrary frequency. You could only play one note at a time, though... except if you used several machines. So I wrote a daemon and a script that would take a MID file and dispatch the various voices to all machines in the room (the daemon used NTP to ensure that everyone started at the exact same time).
The sound quality was awful, but the spatial effect was pretty cool because the sound came from everywhere at the same time. I got cool results with Mario, Pokemon, Tetris, but also some of the Goldberg variations or the Art of Fugue... But this was December, so I dug out a few Christmas tune MIDs and set them to play at random intervals until Christmas. As it turns out, a song triggered during a class once: a lot of people thought the sound was coming from their machine and freaked out, and the teacher spent some time trying to figure out from which machine it came before he understood what was going on.
At some later time we found one computer with sound, so we set up a daemon to monitor logins on all the machines in the room and had a GLaDOS-like voice blurb out a personalized greeting to newcomers. Fun times :)
I did something similar in high school using the PC speakers of Win95 machines. The music was controlled from one machine that would send out broadcast UDP messages.
Oh, high school and the semi-malicious innocent things you do. If only the IT department was more competent and didn't leave everything open. Perhaps instead of playing Quake all day, some of us would have gotten into real hacking a lot earlier.
Then again, teaching the entire year how to use NET SEND to send direct messages to every computer on the network was fun. So simple, yet total chaos soon followed. Imagine hundreds of Windows popups with messages such as: "Hi i79, did you know that miss Lengstein is wearing a thong today?". Every single person behind a computer in the building had to click through all these messages individually when they booted up their machine.
We thought it was amusing, especially the invidivuals who could not figure out what the hell was going on. As was the moment when the horrible miss from the library shouted 'WHAT IS THIS, HELP! I'M BEING HACKED!!!'.
The resulting crackdown started out fairly scary at first but became outright hilarious when every single authority figure started their frowning speech with "I am sure you have been punished enough". (Never punished, parents did not even find out, IT department just told me 'whenever you figure someone else out, please do not tell the rest').
I took that advise to heart and told only a select few when I uploaded mugshots of every single person in the school to photobucket. Fairly sure no one every found out, even when we hung pictures of other kids with drawings on their faces around the school and got busted they did not even stop to think about where we got those pictures. To think this all played out in a top five high school makes me smile like I am up to no good again.
Haha I did pretty much the same thing back in school.
We also randomly had permissions to terminate running programs on other computers over the network for a year or two. That was fun times until the lab teachers learned to start looking for people with black console windows open. But then I just learned to change the console colors to black text on white to throw them off.
NET SEND is pretty fun, my project for my operating systems class in university was to write a firewall driver/accompanying program that would silently log all these messages to disk and flash the tray icon.
My high school had a security program like fortress, but on MacOS. The thing is, it had some sort NET SEND like facility that was exposed through AppleScript, and of course the AppleScript application wasn't disallowed. Good fun.
My first hack was in typing class in 6th grade (1990?). They had the PCs (running DOS) locked down so you could only run the designated typing programs, but one of the programs let you open a text file, and in the root of C: I found a file with the passwords for admins to go straight to the DOS prompt. Turned out there were all sorts of games installed as well, I was the class hero. Ironically, I got terrible grades in that typing class even though I type over 100wpm now...
This isn't really a hack (I wasn't that smart). My earliest memory of playing round with computers was at primary school when I was very young, it asked me to enter my name so I typed in 'poo'. I then showed my friend and he laughed and hit his fist onto the keyboard really hard and the computer froze with the word 'poo' frozen onto the screen.
I got into big trouble as the teachers thought I'd crashed the whole computer, they shouted at me pretty hard!
I still think it's quite funny to enter your name as 'poo'.
I remember when my parents (in Michigan) got a call from Norway after 14-year-old me owned a bunch of some large ISP's nameservers and proceeded to launch broadcast amplification attacks against a bunch of IRC servers.
I guess now that the Internet is for normal people, stories like this are news again.
Probably a lot of people do. Is a common attitude between hackers to take the world as a place to learn from, and to tinker with. I did a few things too, but then I got hired to design programs that would prevent people from doing what I was doing. And I became (for a while) a white hat hacker.
This attitude is a blessing... and a curse. And scare the shit out of the people that take safety in the use of brute force and the law. As a side bar, once I saw an episode of "The Twilight Zone" were the state would test kids at a young age (around 10) to calculate their IQ, and if it was high, then they would be deem a danger to society and be legally killed on the spot, and the ashes sent to the parents with a note on the death sentence of their unlawful son. Awful, I know, but I don't think we are that far.
I recommend http://www.bbsdocumentary.com/ to anyone who lived through that time. Not sure how interesting it is to people that weren't involved, but I loved it.
For some reason I never paid much attention to the phone bills. I was long distance from every BBS, but I had an after school job and mom made me pay every month. That is until the $1200 bill (this was 1987) arrived. My modem got put away until I could pay off the bill, and we never did tell dad about that. I blame it on the Hayes 1200bps modem, it made it sooo much easier to redial busy BBS's than the Atari 830 modem I started out with.
For a while there the first program I wrote for a new computer was a War Dialer. Just like everyone else who had seen War Games.
I remember hacking the Novell netware setup at my school, and being surprised to see how poor all of the teachers passwords were. Almost all were children's names or street names. And the system admins super password? The name of a well known department store :)
I was very stupid when I didn't know better, in the days script kiddies were empowered by Backorifice I would play with random folks, mess with their kayboard and mouse.
Other nonrespectable "hacks":
- "net send *" to importunate colleagues
- wrote mIRC scripts to win at the IRC trivia games (this was actually funny for a little while)
- would call collect to my dial-up provider, learned to dial on rotary phones by "switch-hooking" -
- would connect portable phones to disabled payphones just to see if it was a regular line what I could use (it was)
- would "paint" the backside of payphone cards with graphite to fool the machine into thinking I had more credits.
- wrote a little "ringer" program and passed to my colleagues so we all ran it together and made the teacher crazy (oh the regret).
My story: We used to learn Pascal in my high school programming classes. Each Pascal program ends with an “end” keyword followed by a full stop (“.”), at least if I remember correctly. I wrote a resident program that would monitor the keyboard and screen and when it detected a full stop inserted after the “end” keyword, an animated critter would appear (made of custom characters inserted into the ACII table) and eat the dot, thus making the listing impossible to compile. I didn’t write the viral code, so that it took some social engineering to run the program on my classmate’s account, but boy it was fun when he started complaining to the teacher that he can’t run the source code because of some creature eating his dots :-)
My indescretion was a boot sector virus that would randomly seize control of the computer long enough to beep the theme song to "Cheers". Oh and spread to the boot sector of any disk inseted. To be diabolical it randomly chose to play the song or simply silently reinfect others each time it spread.
They (at my highschool computer lab) were still battling to eradicate it years after I left. I am ashamed. Somewhat.
Hmm... I'm somewhat bothered by how the word hacker is used in the article, where it's used to describe criminal activities. Or am I misinterpreting it? I know in one part he uses the term 'cracker,' and in another part he says that perhaps his utility should have used 'preaking' instead of 'hacking,' but in general I think he's using the term hacker to describe breaking into a system.
I know the word in society has a double meaning. It could mean breaking into a system, or engineering an innovative piece of software. I personally wouldn't really care, except nowadays I'm finding myself promoting a hackerspace or a hackathon on the radio, and usually every time I start an interview I have to begin by saying "We're not criminals." It gets tiring after a while. Once we were trying to form a partnership with an organization, and the guy immediately threw us out of his office when he heard the word hacker. He wanted nothing to do with us.
> Hmm... I'm somewhat bothered by how the word hacker is used in the article, where it's used to describe criminal activities.
This culture war has been going on for like three decades.
I eventually settled on just calling "hackers" phreakers. Because the people who started the whole "break into computers" meme were phreakers, and called it such at the time.
Besides, actual whistle-into-the-phone phreaking isn't possible anymore, the community eventually morphed into computer "hacking".
In the 80s and 90s, the community toying with systems including gaining access to it referred to themselves as hackers. Those who broke ciphers and copyright protection were crackers, and those who hacked voice telecommunications systems were phreakers.
It's only outside of the community, in the media, that I first discovered that the term 'cracker' was used to refer to hackers gaining unauthorized access to computer systems instead of, well, crackers.
I think it was Eric Raymond's idea; he, like most hackers, was outraged at computer security enthusiasts calling themselves "hackers" and suggested calling them "crackers" instead. I think the fact that the computer-security folks already had a (different) meaning for "cracker" was sort of a coincidence.
126 comments
[ 7.6 ms ] story [ 139 ms ] threadThen I embedded the Game Maker installer in a Powerpoint presentation, since it was one of the few ways to be able to run a foreign exe (along with zip files, but they are more obvious targets and they're more likely to inspect them).
Then I exposed (didn't exploit) a serious XSS issue in the school's VLE, which of course they gave me a final warning for.
Edit: The School's IT policy, previously a single A5 page, became two-and-a-half A4 pages thanks to me.
Ah, those magic words.
For some reason I still don't understand today, 9 of us in my high school programming class had read permission on absolutely everything. It was only students numbered "01" through "09" in that particular class -- I checked the border conditions in a very OCD-style.
Explored a lot of that IBM set up.
Jokes aside, it was a funny story.
Figuring out when it's appropriate is what adult hackers do.
It usually takes a while to go from one to the other.
My first "hack" was just a boot disk that simply copied fortress.exe to another directory (a little choice.exe with autoexec.bat magic).
The second hack came later. The computers were upgraded to Windows 98 and my autoexec.bat trick stopped working because of a BIOS password. Thankfully the machines came with Word which had nice shinny feature called Visual Basic for Applications. Most of the shell was hacked to hide menues still in Fortres 2.0 but good old VBA was still accessible. Using VB I could call Win32 apis and it was just a few calls to enumerate and kill the startup entries for fortress in the registry.
The best part of this was that it was all sanctioned activities sort of. The IT department was in a central building downtown (30 minutes away from our school) and who was always a pain to work with for the teachers. Their gradebook apps failed under fortress and even their teacher passwords failed to disable all the shell hacks. Shutting off fortress was the only compatible way to get things to run correctly for the teachers.
At first when the local IT department found out, they laughed, but then later got upset when the disk of my magic word document spread. It was making it's way across the district via email lists.
At some point in the school year I got accused of spreading 'a virus' to other students that allowed them to download 'warez' on school computers. Apparently fortress was the only thing preventing kids from using WinPopUp and windows NT messenger to send broadcast messages to all desktops across the network.
I tried to fight it and explain exactly how the thing worked and the silliness of shell hack in the first place. It didn't work. The Principal said I was hacking regardless and suspended me. After getting the suspension (and after they called my parents who knew before I did and were very upset already), I quickly called the computer programming teacher (who knew knew C++ and VB and had previously been an assistant for in my sophomore year). He called the principle and super and explained that I was not hacking and that I was 'improving productivity' and that the IT department's policies were hindering teachers. I got out of the suspension by the super the next day but no apology was given. Just a stern "stop hacking" the next week when I got back.
I was later voted most likely to succeed by my class. Apparently in a class size of 1200+, I was well known for my exploits.
Open up "DEBUG" in a DOS prompt, and write a few-line assembly loop that writes increasing register numbers to port 70h (register select), and 0 to port 71h (value) -- to reset CMOS memory with all 0's.
Then you can just enter BIOS to set it all up from scratch.
I've forgotten what it was, but for all I know they're still using the same password. Oh, the lengths I went to to run linux livecds...
My internet forebears had already catalogued most of Fortres' flaws by the time I became familiar with it, but most of the holes had been closed upstream. The one obvious chink in the armor that still remained was their "Backdoor Password"
If you keyed Ctrl+Shift+Esc, an Unlock dialog would pop up and prompt you for the admin password. Alternately, there was a 6 digit integer in the titlebar that you could give to Fortres customer support and they would give you back a corresponding 6 digit unlock code. Some enterprising individual had figured out this algorithm and published the VB(6?) source for a keygen application.
My contribution to The Fight was a port of the keygen to the TI-83+ (it was a very prevalent platform at the time). No acclaim ever came to me for the port however; after I experienced the IT personnel rage when they discovered a classroom full of un-hobbled PCs, I decided to keep the authorship a secret.
I knew of the secret fortres screen but didn't know there was any keygens out there. Heh.
I recall that Fortres had an admin password common to all installations, so that their support people could access and troubleshoot machines. The "quick and dirty" way to get past the app, I guess.
Our staff also didn't find "net send *" very amusing...
I know, off topic, but I'm really wondering. You guys have "who's the smartest kid" elections in high schools? Which country is that? What's the idea behind these things?
The game actually kicked ass, and the teacher never did figure out how we made the multiplayer work. We told him "it uses socks".
I've been coding for 10 years now and have reached the point where I'm reasonably handy but I look at a post like this and the sedimentary layers upon layers of experience that Jeff has and feel like a total novice. And yet I can still build stuff that's useful. I can still help people on StackOverflow and I can still learn from the giants above me.
I had no idea when I got into it but in retrospect it's pretty awesome to have chosen a career with such an updraft for newcomers and where everyone at almost every level can meaningfully teach, learn and contribute.
"I want to develop business application enterprise solutions," he says, his words becoming stronger and more confident as he speaks.
"I want to write something that will add value to the community. I want them to walk away from the computer simply because it's 5PM and that's it for another day at the office. I want to write something that will reach out to end-users, and conforms to requirement specifications. I want to write something they are reluctant to upgrade, knowing that nothing they deploy that quarter will be quite as stable, as backwards-compatible, as good. I want to write enterprise data store solution software architectures."
Silence. The class and the teacher stare at Jonny, stunned. It is the teacher's turn to be confused. Jonny blushes, feeling that something more is required. "Either that or I want to be a fireman."
(w/apologies to Denthor^Asphyxia ... ^_^)
Yeah, that was a good time.
They tried several types of lockdown software, nothing ever actually worked. You can't stop kids from playing games.
After I was done with a terminal, I'd run this program and leave (knowing full well, that someone could Ctrl-C to terminate the program and get access to my account though no one ever did)
I got more than a few passwords with this. But didn't actually do anything with them. I felt bad and deleted the program and passwords after some time.
Technically it is possible to get other processes to run in the Winlogon window, but that requires messing around with security tokens, among other barriers.
Some flavors of VMware hooked the IRQ on the host machine and responded to that (not sure about VirtualBox, never thought to check that.) They can send it to the virtual machine easily, as they are also providing the a virtual bios/hardware layer.
The best I got was finding out how to launch cmd.exe on NT, when the system had been locked down to disallow right clicks on the desktop, no desktop icons, and only approved programs in the start menu. I think it involved navigating the help system to a certain page that had a link to Explorer. Then I explored the network until I found an unused share somewhere, where I put gcc and started teaching myself C.
The command prompt also let me use the "net send" command to send messages to other computers, which was fun.
But it did take a long time to write, because I had to make the IBM logo out of extended-ASCII by hand, and even then it was clearly running inside a BASIC interpreter really really slowly.
The sound quality was awful, but the spatial effect was pretty cool because the sound came from everywhere at the same time. I got cool results with Mario, Pokemon, Tetris, but also some of the Goldberg variations or the Art of Fugue... But this was December, so I dug out a few Christmas tune MIDs and set them to play at random intervals until Christmas. As it turns out, a song triggered during a class once: a lot of people thought the sound was coming from their machine and freaked out, and the teacher spent some time trying to figure out from which machine it came before he understood what was going on.
At some later time we found one computer with sound, so we set up a daemon to monitor logins on all the machines in the room and had a GLaDOS-like voice blurb out a personalized greeting to newcomers. Fun times :)
Reminds me of being in the computer lab at 3am when every Mac restarted and played the "buhhhhhhhh" boot sound.
Then again, teaching the entire year how to use NET SEND to send direct messages to every computer on the network was fun. So simple, yet total chaos soon followed. Imagine hundreds of Windows popups with messages such as: "Hi i79, did you know that miss Lengstein is wearing a thong today?". Every single person behind a computer in the building had to click through all these messages individually when they booted up their machine.
We thought it was amusing, especially the invidivuals who could not figure out what the hell was going on. As was the moment when the horrible miss from the library shouted 'WHAT IS THIS, HELP! I'M BEING HACKED!!!'. The resulting crackdown started out fairly scary at first but became outright hilarious when every single authority figure started their frowning speech with "I am sure you have been punished enough". (Never punished, parents did not even find out, IT department just told me 'whenever you figure someone else out, please do not tell the rest').
I took that advise to heart and told only a select few when I uploaded mugshots of every single person in the school to photobucket. Fairly sure no one every found out, even when we hung pictures of other kids with drawings on their faces around the school and got busted they did not even stop to think about where we got those pictures. To think this all played out in a top five high school makes me smile like I am up to no good again.
We also randomly had permissions to terminate running programs on other computers over the network for a year or two. That was fun times until the lab teachers learned to start looking for people with black console windows open. But then I just learned to change the console colors to black text on white to throw them off.
My high school had a security program like fortress, but on MacOS. The thing is, it had some sort NET SEND like facility that was exposed through AppleScript, and of course the AppleScript application wasn't disallowed. Good fun.
This quote is amazing. I see myself in it.
Results in an odd resume, sometimes.
I got into big trouble as the teachers thought I'd crashed the whole computer, they shouted at me pretty hard!
I still think it's quite funny to enter your name as 'poo'.
I remember when my parents (in Michigan) got a call from Norway after 14-year-old me owned a bunch of some large ISP's nameservers and proceeded to launch broadcast amplification attacks against a bunch of IRC servers.
I guess now that the Internet is for normal people, stories like this are news again.
This attitude is a blessing... and a curse. And scare the shit out of the people that take safety in the use of brute force and the law. As a side bar, once I saw an episode of "The Twilight Zone" were the state would test kids at a young age (around 10) to calculate their IQ, and if it was high, then they would be deem a danger to society and be legally killed on the spot, and the ashes sent to the parents with a note on the death sentence of their unlawful son. Awful, I know, but I don't think we are that far.
For a while there the first program I wrote for a new computer was a War Dialer. Just like everyone else who had seen War Games.
Sounds like the statute of limitations hasn't expired yet. Should be interesting when it does!
Other nonrespectable "hacks":
- "net send *" to importunate colleagues
- wrote mIRC scripts to win at the IRC trivia games (this was actually funny for a little while)
- would call collect to my dial-up provider, learned to dial on rotary phones by "switch-hooking" -
- would connect portable phones to disabled payphones just to see if it was a regular line what I could use (it was)
- would "paint" the backside of payphone cards with graphite to fool the machine into thinking I had more credits.
- wrote a little "ringer" program and passed to my colleagues so we all ran it together and made the teacher crazy (oh the regret).
- used IDKFA in Doom.
Those are my earliest, lamest memories.
They (at my highschool computer lab) were still battling to eradicate it years after I left. I am ashamed. Somewhat.
I know the word in society has a double meaning. It could mean breaking into a system, or engineering an innovative piece of software. I personally wouldn't really care, except nowadays I'm finding myself promoting a hackerspace or a hackathon on the radio, and usually every time I start an interview I have to begin by saying "We're not criminals." It gets tiring after a while. Once we were trying to form a partnership with an organization, and the guy immediately threw us out of his office when he heard the word hacker. He wanted nothing to do with us.
This culture war has been going on for like three decades.
I eventually settled on just calling "hackers" phreakers. Because the people who started the whole "break into computers" meme were phreakers, and called it such at the time.
Besides, actual whistle-into-the-phone phreaking isn't possible anymore, the community eventually morphed into computer "hacking".
It's only outside of the community, in the media, that I first discovered that the term 'cracker' was used to refer to hackers gaining unauthorized access to computer systems instead of, well, crackers.