Wednesday, December 06, 2006

Hacking the boat.

It has recently come to my attention that a certain university near me is lacking a bit of security on their public machines. All public machines use a single local admin account. Among other things, this means that for every student that doesn't clean up their mess, the next student on the computer can see everything they left behind.

What's interesting: no one seems to notice.

Having come from a university known for its school of computer science, I'm pretty aware of what can happen if an insecure system is left in the open. To combat some of the issues, my school forced all users to log into the public computers with their personal credentials. This meant that if you did something bad and didn't completely cover your tracks, they could easily see who it was who made the attack (unless you were smart enough to use someone else's account, but we'll ignore that scenario).

The insecure school in question isn't filled with geeks who get off on hacking into their buddies' computers. It's not filled with people who actively think about computers at all (unless you count mySpace, and facebook). So the question is this: do I bother bringing it up? They have some big vulnerabilities on the inside of their network, but there's no real threat.

The geek in me wants to do some grey-hat hacking and offer up the results to the administration, but the humanist in me doesn't want them to fix it if it isn't broken. Oh blogosphere, what should I do?