undefined | Better HN

0 pointssamsnelling11y ago0 comments

We had pretty strict guidelines to follow to be apart of the InfoSec class. We basically signed a waiver at the beginning saying that if we did exploit something, we would be subject to expulsion. It was a "theory" based class and all actual research had to be done within a certain IP range in a particular computer lab.

With that said, this was the final report that I made in the Winter of 2013. I presented it Spring 2014 to the University staff. And now, graduated, with over a full 12 months behind it, I felt comfortable to post it.

0 comments

4 comments · 1 top-level

grecy11y ago· 3 in thread

They were not upset you made a "blank" ID card and tried to borrow a Surface Pro with it then use it at a cafe?

I personally think you might have crossed the line on actually using it.

samsnellingOP11y ago

@greyc

Even though I made a blank card, it was still encoded with my student ID number. That was the only reason it was allowed. The point of trying it was to prove that the name or discretionary data did not affect the card working.

While I definitely toed the line, I tried to be careful not to break any of the rules of the class.

colinbartlett11y ago

These folks found a gaping security hole that can be exploited to gain physical access to secured areas as well as charge fraudulent financial transactions. I can't imagine the university getting upset with checking out a library book.

rwallace11y ago

You would be astonished at how crazy people can get. Honestly, the author of this study took a huge risk and got lucky. If you're thinking of doing anything like this in similar circumstances, DON'T carry out similar actions without first obtaining written permission for each specific action.

j / k navigate · click thread line to collapse