Tag Archive for: prank

Minneapolis students use ‘Rickroll’ prank to highlight district computer security flaws

/in


Updated 10 p.m.

Two Minneapolis Public Schools students used an email prank Friday to draw attention to what they say are more security flaws in the district’s computer systems.

The teens, who described themselves as members of Washburn High School’s class of 2025, sent a mass email from a district account to staff and students.

Couched as a Rickroll joke, in which a prankster tricks their target into listening to Rick Astley’s “Never Gonna Give You Up,” the email linked to a detailed report that the teens wrote detailing the problems that they found, including easily accessible student photos and usernames.

Ian Coldwater, a Minneapolis-based professional hacker who helps their clients find vulnerabilities in computer systems, said in a phone interview Friday that the students uncovered serious security flaws.

MPR News is Member supported public media. Show your support today, donate, and ensure access to local news and in-depth conversations for everyone.

“There are things that are accessible from within the network that shouldn’t be,” Coldwater said. “There should be extra layers of having to be authorized to see some of this stuff, even if you are connected to the school network.”

The teens wrote in their report that a March ransomware attack targeting the district inspired them to investigate other potential information technology problems.

Coldwater, who reviewed the report for MPR News, said that the students included suggested fixes and were careful not to publish private data.

“Their work is solid,” Coldwater said. “I hope that people see their talent, see their desire and commitment to act ethically and help them cultivate it, channel it in good directions, hire them to help fix this rather than punishing them.”

The teens wrote that they were not able to access their fellow students’ grades, but that potential security flaws with Chromebook laptops could enable “academic cheating and dishonesty” when the computers are used for standardized testing.

In an email to MPR News Friday afternoon, district spokesperson Crystina Lugo-Beach downplayed this latest incident.

“This was NOT a hack, but an internal email sent out by a group of students using…

Source…

Minneapolis students use “Rickroll” prank to highlight district computer security flaws

/in


Updated: 10:00 p.m.

Two Minneapolis Public Schools students used an email prank Friday to draw attention to what they say are more security flaws in the district’s computer systems.

The teens, who described themselves as members of Washburn High School’s class of 2025, sent a mass email from a district account to staff and students.

Couched as a Rickroll joke, in which a prankster tricks their target into listening to Rick Astley’s “Never Gonna Give You Up,” the email linked to a detailed report that the teens wrote detailing the problems that they found, including easily accessible student photos and usernames.

Ian Coldwater, a Minneapolis-based professional hacker who helps their clients find vulnerabilities in computer systems, said in a phone interview Friday that the students uncovered serious security flaws.

MPR News is Member supported public media. Show your support today, donate, and ensure access to local news and in-depth conversations for everyone.

“There are things that are accessible from within the network that shouldn’t be,” Coldwater said. “There should be extra layers of having to be authorized to see some of this stuff, even if you are connected to the school network.”

The teens wrote in their report that a March ransomware attack targeting the district inspired them to investigate other potential information technology problems.

Coldwater, who reviewed the report for MPR News, said that the students included suggested fixes and were careful not to publish private data.

“Their work is solid,” Coldwater said. “I hope that people see their talent, see their desire and commitment to act ethically and help them cultivate it, channel it in good directions, hire them to help fix this rather than punishing them.”

The teens wrote that they were not able to access their fellow students’ grades, but that potential security flaws with Chromebook laptops could enable “academic cheating and dishonesty” when the computers are used for standardized testing.

In an email to MPR News Friday afternoon, district spokesperson Crystina Lugo-Beach downplayed this latest incident.

“This was NOT a hack, but an internal email sent out by a group of students…

Source…

Uber Hack Was So Huge Employees Thought It Was a Prank

/in


“I think IT would appreciate less memes while they handle the breach.”

Not A Joke

When a hacker announced that they had breached Uber’s security, some of the ride-sharing company’s employees reportedly thought they were being pranked.

As screenshots provided to The Washington Post show that when the still-unknown hacker announced themselves via a company Slack channel, many employees responded with emoji reactions that suggest they thought someone was playing a joke.

As the WaPo noted, there were others who took the hack announcement a bit more seriously.

“Sorry to be a stick in the mud,” the person whose messages were reviewed by WaPo wrote, “but I think IT would appreciate less memes while they handle the breach.”

Trolling, Trolling, Trolling

Further details that have since been revealed about the Uber hack, which was initially confirmed by the New York Times, reveal that the person who took credit for the hack claimed they are 18 years old, and that they had an, er, interesting way of trolling the company.

An Uber employee who spoke to Fortune told the magazine that when they opened their work computer, the company’s internal website displayed an “erect penis” along with text that read “FUCK YOU WANKERS.”

This reporting seems to corroborate details provided to Yuga Labs security engineer Sam Curry, who tweeted yesterday that Uber employees said they found themselves redirected to web pages that featured “a pornographic image” and the same “wanker” epithet.

As Ars Technica and other outlets have reported, the hacker appears to have accessed Uber’s internals via a successful phishing attack they took out on an employee via WhatsApp.

The company told Reuters that it’s investigating the breach and claims no sensitive user data had been accessed. Until the company — or the hacker — provide more updates, we won’t really know what happened or why the hacker went after the ride-sharing giant. But it’s clear, at least, that it was not a joke.

READ MORE: Uber was breached to its core, purportedly by an 18-year-old. Here are the basics [Ars Technica]

More Uberism: The Disgraced Uber Guy Is Back With a Fun New Plan to Kill Restaurants

And more hack news: Parent-Teacher Messaging App Hacked…

Source…

Students pull off below-the-belt mailing list prank

/in

Students at Labelle Senior High School sent an email addressed to all faculty, staff, and students about a “Mandatory Penis Inspection”…

Graham Cluley