General discussion

Locked

Person in dorm hall displaying personal information

By acracker ·
Ok so the other day I was browsing through shared folders on my university's network looking for music when I came to a shared .pdf document on someone's computer that showed all their personal information (Name, DOB, Social Security Number, residence ect...) I don't have any kind of superuser access to the network so this document is availiable to anyone to see and access. How do I tell this person that they are sharing files they shouldn't be? I don't want them to think that I hacked into their computer because I didn't and I would never exploit someone's personal information.
Thanks for any ideas,
Ac

This conversation is currently closed to new comments.

79 total posts (Page 5 of 8)   Prev   03 | 04 | 05 | 06 | 07   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -

Kudos- education is key

by marileev In reply to Told person

Terrrrriffic - your schools computing department might also want to do a seminar on ID theft too. This was just one person on the network. I went to the University of Washington & 15,000+ incoming freshmen each year green to the world of networking there are bound to be mulitple oopses like this.

Just some basic user education that students could benefit from.

Collapse -

Not Hacked?

by dogknees In reply to Person in dorm hall displ ...

While you seem not to be accessing his PC for malicious purposes, you have still hacked in. So, telling him you haven't isn't going to wash.

Collapse -

Excuse me?

by NickNielsen In reply to Not Hacked?

How does "browsing through shared folders on my university's network" constitute hacking in?

Is there a new definition of hacking?

Collapse -

It Is To Me

by dogknees In reply to Excuse me?

If I happen to leave a share open on a network it isn't an invitation to check it out.

If you happen to leave you house unlocked do you consider it appropriate for me to wander in abd grab what I like? Or would you think it more appropriate to call you and let you know I saw your door open?

When you browse folders, you can usually see that it's a share on a particular computer, if it isn't one you've been invited to use, you don't even look at it. If of course you consider yourself a computer professional.

As we're often reminded, this is a site for Computer Professionals, so obviously the writer is one.

Regards

Collapse -

Fair enough, but...

by TroyW In reply to It Is To Me

Not everyone who might have access to the network might be so ethical, I know if I was the one accidentally sharing information that was best not shared, I'd prefer someone let me know sooner rather then later, so I could do something about it. In this sort of case, it's better to access it, determine that the user might not know it's being shared and inform them, then having someone less ethical access it and abuse that information.

If it wasn't for the original person who started this thread finding the accidentally shared information, then someone else might have found it and abused it. I think they did the right thing, because no malice was involved.

Going by your logic, "hackers" who patch a system to make it more secure are bad, because they shouldn't have been accessing a system in the first place, and should have left it wide open to attack for someone else to abuse. I'd much rather there were people out there who didn't share that opinion.

Collapse -

Not an invitation?

by NickNielsen In reply to It Is To Me

Partial definition from the American Heritage Dictionary (my emphasis):

share, v. intr.

1. To have a share or part: shared in the profits.
2. To allow someone to use or enjoy something that one possesses: Being in daycare taught the child to share.
3. To use or enjoy something jointly or in turns: There is only one computer, so we will have to share.

Your analogy is defective. An unprotected file or PC is the equivalent of an unlocked house; it does not announce itself on the street, you must check the door. If you happen to leave a share open on the network, you have essentially posted an "Open House" sign. Computer professionals may not browse that share, but I can guarantee you that the majority of people using the network are NOT computer professionals.

As for your assertion that a computer professional would not browse a share he has not been invited to join, that, too, is partially in error. If I am on a public network, no, I will most likely not browse am open share. However, as the computer professional responsible for network security, I will want to know why files from an individual PC are shared when mapped shares already exist on the network server.

...this is a site for Computer Professionals, so obviously the writer is one.

I read from the sarcasm in this statement that you believe that the writer was wrong to browse a shared file he had not explicitly been invited to view. Was he then also wrong to take the steps to prevent a possible identity theft? I don't get it.

Edit: spelig

Collapse -

I Dsagree

by dogknees In reply to Not an invitation?

(However, as the computer professional responsible for network security, I will want to know why files from an individual PC are shared when mapped shares already exist on the network server.)

Which is fine. But, you don't need to look at the files or their content to do this. If you see a share where there shouldn't be one, you notify the owner. You don't need to look at the content to do this.

There's a difference between realising there is a share where one should not exist, and looking at the content.

If I notice that the payroll department has shared their documents folder, I'ding them and let them know. I would then offer to assist them in securing the data. Opening and reading the files would not be the appropriate thing to do, and isn't required in order to do my job.

Regards

Collapse -

notify them asap

by lamczyknic3000 In reply to Person in dorm hall displ ...

notify a network admin and tell them about the situation then inform the person of whom the information belongs to and tell them to get in contact with the networking IT department in order to solve the issue.

Collapse -

one possible response

by michael.tindall In reply to Person in dorm hall displ ...

email it to them, from an anonymous hotmail account (you have 3 of 4 of them, right?), with a brief explanation, signed "a concerned friend"

Collapse -

Shared hard drive...

by vtassone In reply to one possible response

I worked at a college IT dept. a number of years ago under contract. One of the students came in one day and said her computer wouldn't boot. I checked it out for her and found that the "windows " folder had been renamed "winblows". This was win98 and she had the whole drive shared.

Back to Security Forum
79 total posts (Page 5 of 8)   Prev   03 | 04 | 05 | 06 | 07   Next

Related Discussions

Related Forums