Previous by Date | Next by Date | Date Index
Previous by Thread | Next by Thread
| Thread Index
| LM_NET
Archive
| |
We have discovered that once anyone opens Internet Explorer (3.02 for Windows) they can type in the path and name of any file on the local computer in the address box, press "Enter" and run the file. Anyone else find that interesting? Jim The object of teaching a child is to enable the child to get along without the teacher. Jim Neal Library Media Specialist/District Grant Writer http://parkhill.k12.mo.us/hs/media/media_center.htm nealj@parkhill.k12.mo.us Park Hill High School 7701 NW Barry Rd Kansas City, MO 64153 http://www.primenet.com/~jwnlpsd Webmaster: LM_NET On the Web http://ericir.syr.edu/lm_net/ -----Original Message----- From: Susan Oates <oates@CYBERCOMM.NET> To: LM_NET@LISTSERV.SYR.EDU <LM_NET@LISTSERV.SYR.EDU> Date: Thursday, February 19, 1998 7:59 PM Subject: Re: browsing to the root? Breaching network security >I've spoken about this issue with my son, who is very >computer-knowledgeable and programmed our Internet login system. It turns >out that our Novell network isn't using any security because, until >Netscape, our software setup (CD-ROMs and the library catalog) didn't >really require it. The use of Netscape v. 3.01, which was designed for >home use not networks, has introduced the situations we face now. My son >reminded me that each of our workstations has its own username and pretty >much requires all privileges to perform the functions required by the >CD-ROMs. These workstations are logged in to the server every morning. >This explains why that student was able to access the server, all files >therein, and manipulate them. > >This week, a student reformatted the hard drive on one of our PC >workstations. My son has since figured out that this student was able to >do this using Netscape and its helper application option. > >>From Robert A. Nielsen <NielsenR@ten-nash.ten.k12.tn.us>: >>I tried the students steps again today at two other locations. Each time >>>I found the same result. It does give access to the DOS prompt, but the >>>only access allowed on the server was that which the student would >>have had anyway (I don't disable DOS access). They could see their home >>directory on the server, the public directory, the mail directory, and a >>couple of assorted shared directories. But, they couldn't access teacher >>directories, administrative information, or system files. >> >>So, it almost sounds like the original password that you are giving >>the machine (at startup) is associated with a username which has more >>privileges than a student should. We have generic usernames for the >>student which gets them on the server, but restricts access. > > >>From Murad Raheem <MRaheem@ecfs.org>: >>Your e-mail was forwarded to my by one of our Librarians. I have a >>question regarding the access violation. If you exit netscape and get >>to a normal dos prompt can students browse the network? -->>> Yes. >>I tried the method outlined and was unable to access locked folders. Any >>>info you have would be very helpful. -->>> See the first two paragraphs. > >Susan Oates <oates@cybercomm.net> > > Educational Media Specialist, Marlboro High School, New Jersey, USA > The Marlboro High School Home Page <http://www.cybercomm.net/~marlboro/> > >=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= >To quit LM_NET (or set NOMAIL or DIGEST), Send an email message to >listserv@listserv.syr.edu In the message write EITHER >1) SIGNOFF LM_NET 2) SET LM_NET NOMAIL or 3) SET LM_NET DIGEST > NOTE: Please allow time for confirmation from Listserv. >For more help see LM_NET On The Web: http://ericir.syr.edu/lm_net/ >=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= To quit LM_NET (or set NOMAIL or DIGEST), Send an email message to listserv@listserv.syr.edu In the message write EITHER 1) SIGNOFF LM_NET 2) SET LM_NET NOMAIL or 3) SET LM_NET DIGEST NOTE: Please allow time for confirmation from Listserv. For more help see LM_NET On The Web: http://ericir.syr.edu/lm_net/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=