Open Secrets of OIT

It’s amazing what you can find out after browsing your schools IT manuals web page. For example you can find out that your schools LDAP server is open to a worldwide audience. Anyone with an email client, or any kind of LDAP client for that matter can query it and download the email address of every single student and faculty member in the university. I knew this for ages now. People always asked me how many addresses I have in my address book, and I just grinned and told them that I have all of them 🙂

But I just recently realized that there is an article showing you how to set up LDAP connection in the Faculty Resources section. Of course if I could figure it out, then an average Joe Spammer could do it too. But, spelling it all out in a indexable HTML document does not seem like a good idea.

I also found out that all students and faculty have Novell NetDrive accounts. Of course no one knows about it. Yet the OIT website has tutorials for NetDrive and NetStorage clients posted in plain view. But no one reads that page, and no one has ever figured out a way to use it for class related activity. Sigh…

The university also provided dialup internet access to all the students and faculty. Of course no one knows about this either.

Finally, I found an open SMTP server that seems to be relay anything from within the network. This is especially funny since they seem to be implementing a port 25 blocking. I cant use any of my usual SMTP servers when I’m on campus, but I can relay all my email through that one server which requires no authentication whatsoever. Does that make any sense? Nope…


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: