Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Parzi88335yEVEN BETTER: I have to get info from him before I can submit the issue. I need like 3 or 4 keys before they'll let me send the bug report, and there's no other way to report this.
Can I make a CVE on this or does it qualify? -
Needs to be an exploitable flaw. And honestly, they deserve to be bit by their own laziness and stupidity. 0 day them.
-
@SortOfTested I wouldn't do that in his case. They already have a hint of who could be behind the attack: Him.
-
C'mon now. I'm in no way, shape or form excusing their retardation at all, but you have to have an idea of who's a good person to tell and who's not.
Ik which professors I'd go to and which one's I would not for that exact reason.
Also, you should ask around students wise. I've heard people in class talking about bugs they've reported.
But again before ppl bitch at me, the Prof is still a fucking moron. -
Parzi88335y@Stuxnet i'm the only student here who can define "computer" outside "a magic box that does a thing."
@sodaTab nope, he's literally head of their tech department. Makes sense why his head's this far up his ass, now that I think of it. It also requires HIS keys, no one else has his Cengage stuff.
@SortOfTested i'm not gonna sploit a company that they contract due to their actions. 'tis not fair to Cengage. -
@Parzi rip I thought you were in college already.
And if you are then legitimately what the fuck lol
Edit oh shit cengage? Ooof -
@Nanos
This. One of my current clients, the only way I can get anything done most of the time is taking root via one of their myriad security holes. Their *nix administration team are a bunch of windows admins pointing and clicking, so it's not really surprising. -
Had the same.
Was literally about to go ballistic on them because everyone with an ever so slight Idea about networking and stuff could fucking destroy their system.
I mean, just the UAC control level.. IT WAS ON FUCKING LOWEST.
Tried a couple exploits, fucking old ass gData didn't find shit cause they hadn't updated it in like millennia.
Fucking idiots.
Turns out I could use my collections on vulnerabilities to get myself out of sticky situations by selling out one at a time.
Still got like 6 in store.
Told the teachers about it, lowkey-"I'll look into it"-response.
Such a fucking idiot.
As a demo I literally raped the fuck out of one of their windows installations by using a simple batch script.
Literally just infinite loop that would spawn a new instance of a command prompt window.
Needless to say the poor thing died.
Windows wouldn't boot anymore.
I don't know why they even allowed an admin command prompt to be opened by a student but okay I guess. -
Parzi88335y@Ranchu that wouldnt've killed Windows but ok.
@Stuxnet i am in college yes, it's an intro to CIS class in a fuck-all nowhere college in a farmer's state, these students are all end-users pouring monsters into their keyboards cause it's gotta be thirsty from all that typing amirite
and yeh cengage's just "here's an EC2 server and free root"
@SortOfTested i feel so bad for you
@Nanos uh, permissions systems exist too... we're not back in 9x days when there were 2 permissions: "yes" and "probably" -
@Parzi Well it fucking did.
I genuinely cannot fathom why.
Fact is, it died and they had to reimage it. -
@Parzi me too actually.
From what I can remember, the bootloader couldn't find a boot device. -
cprn17485y"Report me on whatever bullshit you want, just get it fixed!" -- Security by Priority
On a more serious note you can fill a complaint about that guy. He said "hacking" so I assume it's a privacy hole and you're the user of that system. -
cprn17485yOh, oh, I've got a better one! Anonymously e-mail Cengage saying:
"You have a security hole and you should fix it because somebody might use it to /whatever the worst believable thing that can happen here/. Next Thursday. Around 6pm." -- Security by Anonymity -
@Parzi I mean I am too (until I moved) but the ppl aren't that fucking retarded lol
-
Parzi88335y@cprn infinite free AWS EC2 servers with a gigabit connection each, as root, which could easily be used to do whatever with. Not a privacy issue, but still possibly devastating. Also there's no email for that.
-
Parzi88335y@Nanos you just suddenly went off about old systems but we're not on about shit remotely related? and now... area 52.75.
fuck are you on? -
My first hack was on a Novell network. I was studying for their CNA cert back when things like that kinda meant something. I used VB to create a fake login dialogue and put that as the screen in a lab. Students would wander in and enter their creds and I’d log it to a txt file on the machine. They weren’t even tipped off by the fact that they had to log in twice. Later in the day I’d save the file to a floppy and then poke around in their accounts. Stupid simple but networking software was piss poor back then.
-
Parzi88335y@badcopnodonuts It's been like 2 weeks since their support desk has responded, and that was a generic "well we'll reply when we get more info"
does it start on submission or on case closure? -
@Parzi They sound wayyy too comfortable in their contractual position and don’t seem to have any fear
Me: *finds severe bug in school-contracted software, emails teacher about who to talk to to get it fixed*
Teacher: "should I report you on grounds of computer misuse and hacking or...?"
thanks fucker, school-contracted company it is.
rant