Silver Chips Online : Blair server hacked

April 21, 2003

Blair server hacked

Students locked out of accounts

by KC Costanzo, Page Editor

An unauthorized user temporarily gained access to Blair’s Internet server over Spring Break, forcing system operators to disable all BEN and binx accounts.

The server, known as binx, was undamaged, but the hacker may have collected personal information. “It looks like their main concern was trying to gather passwords," said binx system operator John McManigle.

All binx accounts have been locked until students have changed their passwords.

According to McManigle, all programs and configurations were “hand-checked" by the system operators and all insecure binx functions such as FTP (file transfer protocol) have been disabled.

McManigle says magnet computer science and research students as well as Silver Chips Online staff have been given the chance to change their passwords and user support specialist Peter Hammond is talking “one-on-one" with teachers about the problem. Other students can go to BEN help to change their passwords between 11 and 12 during the school day.

Discuss this Article

deep throat on April 22, 2003

there's more to this story than what you reported. dig deeper

Reply
John McManigle on April 22, 2003

For the record, only students with binx accounts had their accounts disabled. Most BEN accounts were unaffected.

Reply
Jake Summerlin on April 23, 2003

This is ridiculous. How could something like this happen, its just unthinkable. Ugghh.

Reply
Chris Mulligan (View Email) on April 23, 2003

Jake, this is unfortunatly a fact of running a server, particularly with 4000 accounts. When the problem was discovered steps were taken immedietly to secure the system, and for nearly 2 days everything was locked down until it was felt to be safe, and we still feel binx is safe and secure.

It appears that very little damage was done, and no personal information beyond usernames and passwords, names, student IDs and schedules are stored anywhere on binx, and we can't be positive how much information was taken.

Reply
Joy (View Email) on April 23, 2003

Actually, this isn't ridiculous at all. Security problems like this happen all the time, even at what may appear to be the safest sites, as the technology hackers used gets more and more advanced. Considering that whoever did this was unsuccessful in gaining any type of control of the server, our binx system operators should be praised for their security measures.

Reply
finger-pointer on April 23, 2003

a magnet senior probably did it.

Reply
meman on April 23, 2003

I believe that we should fix the problem quickerly!

Reply
marla buden on April 23, 2003

THis is ridiculous! you know what else is ridiculous? how much duke sucked this year! they were terrible, how can you support a team like that (cept' dahntay jones, he's a beast, with that huge dunk with the pushup at the end, that was like the dunk of the year man!) but yeah, this is ridiculous!

Reply
... on April 24, 2003

Hahahahahahahaha!

...

Ahahahahahahahahahaha!!!!!

Reply
Jennifer Collins (View Email) on April 24, 2003

o my gosh!!!!! at least nothing was hurt....

Reply
Question on April 24, 2003

How long will the binx file server be down? I can't access my files using Fetch or my FTP server, and it's much less convenient to use BEN for file storage (even though they're the same files)

Reply
Jeremy Hoffman (View Email) on April 25, 2003

KC, I thought you were going to update this story. Nullae morae!

Reply
2002 Graduate on April 25, 2003

Damn dude, I guess there are alot of people who really don't like the school, to the point where they hack...

Reply
Joy on April 25, 2003

The binx file server is actually up, but Fetch and other FTP utilities have been denied access. These are less secure than other file transfer options that can be used with binx (i.e.: SCP), and it is currently under review whether they will ever be re-enabled.

Reply
John McManigle (View Email) on April 25, 2003

FTP is *never* going to be reenabled on binx. It is a fundamentally insecure protocol. This attack was likely caused when the attacker stole a password from someone using FTP. Using FTP is like shouting your subway across the world.

If you are using windows, check out WinSCP (it's the first result for a google search of that name). If you're using Mac OS X, check out Fugu. Both of these use SCP or SFTP, secure file transfer protocols which binx fully supports.

Reply
Chris Mulligan (View Email) on April 26, 2003

FTP is down forever. Due to security holes we've decided that the ready availability of free secure file transfer programs allow us to close off the insecure FTP, and let everyone migrate to SFTP or SCP. If you log into binx with SSH you may view the sysnews on it, number 359 (360 also has some clients listed). If you have questions, feel free to contact sysop@mbhs.edu.

Reply
... on April 28, 2003

"Damn dude, I guess there are alot of people who really don't like the school, to the point where they hack..."

You got that right.

Reply
Jake Summerlin on May 6, 2003

Chris, don't make excuses for what can only be described as gross negligence and incompetence. And Joy, it is unthinkable. This is Montgomery Blair High School, not some third world country. And John, what the hell are you talking about? How can you "shout your subway across the world"? I think that is more evidence that the computer elite community looks down on the rest of us, who, like Michael Povtak [phone number deleted by editor] only know how to play the Sims. When you have a group of people that thinks they're that much better than the rest of us and that they are unerrant in their ways, you can only expect a MASSIVE failure as the kind that happened here.
God Bless America.

Reply

Jump to first comment

Options

Print This Article
Discuss This Article
Change Font Size

Blair server hacked

Discuss this Article

Most Viewed Print

Options

Share

Related Stories