Talk about a modern day Big Brother

Originally posted by Ushgarak
It's garbage. The chances of this being a hacking job are just about zero. This is just one in a crowd of bullshit that gets exaggerated oin each telling.

But as far as them being able to view your profiles is concerned- they just have to be in the same network.

When you sign in, it is not "https" meaning there is not secure data stream...meaning the data can be captured and interpreted....meaning their usernames and passwords can be captured.

After I read Naz's post and made my post, I checked the logon screen out and at no point are you communicating with a secure connection. (TLS or SSL 3 are never employed...)

It may not have ended up being gossip exaggeration at all; it would seem that this is rather "easy" to hack...especially if the students are logging in on through the schools LAN.

Da Pittman may know a little bit more about this because he actually designs websites so I am sure he has setup a few to function securely...(digital certificates, etc.)

Originally posted by WrathfulDwarf
I don't have the slightest clue as to what "Facebook" is....(honestly)

Some sort of social site, like Myspace.

If you have to use a password to sign on to anything, then that right there is showing that it is private.
The principal should not be able to check your stuff, it's kind of like the myspace deal, you use comments because you dont care who see's what your talking about, but you use messages because you dont want anyone to read the conversation.
I think that is illegal what he is doing, and you should contact someone immediately, even if you have to contact facebook, just do it.
IMO that's wrong.

Originally posted by dadudemon
When you sign in, it is not "https" meaning there is not secure data stream...meaning the data can be captured and interpreted....meaning their usernames and passwords can be captured.

After I read Naz's post and made my post, I checked the logon screen out and at no point are you communicating with a secure connection. (TLS or SSL 3 are never employed...)

It may not have ended up being gossip exaggeration at all; it would seem that this is rather "easy" to hack...especially if the students are logging in on through the schools LAN.

Da Pittman may know a little bit more about this because he actually designs websites so I am sure he has setup a few to function securely...(digital certificates, etc.)

if kids are logging on from school, wouldn't the login data be on the network for the taking? Or would one need a keystroke recorder to get it?

Originally posted by dadudemon
When you sign in, it is not "https" meaning there is not secure data stream...meaning the data can be captured and interpreted....meaning their usernames and passwords can be captured.

After I read Naz's post and made my post, I checked the logon screen out and at no point are you communicating with a secure connection. (TLS or SSL 3 are never employed...)

It may not have ended up being gossip exaggeration at all; it would seem that this is rather "easy" to hack...especially if the students are logging in on through the schools LAN.

Da Pittman may know a little bit more about this because he actually designs websites so I am sure he has setup a few to function securely...(digital certificates, etc.)

Sorry, but no. I do not buy this for one tiny second. Sites like this are under constant hacking pressure and by overwhelming demand have become secure as a result. If there ever is a security hole in sites like this- as sometimes happens- it is based on typing in a certain URL. It is NEVER about the passwords being hackable.

If the students are letitng their passwords get keylogged on the school's LAN that MAY be different- and nothing at all to do with Facebook security- but frankly that would be information overload and I still don't buy it.

Garbage, all of it. and that being the case, quit trashing the principal.

I cannot believe how credulous people are about this sort of thing.

The only thing Naz has mentioned that cannot be done by simply looking at someone's profile is the viewing of the message inbox. It is far, FAR more likely that this part of the story has been exaggerated or misunderstood than it is to be the result of hacking.

Without proof this is all just empty nonsense. We only have a second hand report of a biased source saying this is so- why on Earth are people being so ready to accept it? This kind of uncritical approach to issues is what leads to things like the Conspiracy forum.

That people can face professional censure for ther Facebook profiles- as happens rather a lot, it was in the news about a gay policeman denied prmotion based on his profile just today- is a shame. But that's no reason to spread hacking scare stories without evidence.

Originally posted by Joe K
I think that is illegal what he is doing,

what law are they breaking?

Originally posted by Ushgarak
Sorry, but no. I do not buy this for one tiny second. Sites like this are under constant hacking pressure and by overwhelming demand have become secure as a result. If there ever is a security hole in sites like this- as sometimes happens- it is based on typing in a certain URL. It is NEVER about the passwords being hackable.

If the students are letitng their passwords get keylogged on the school's LAN that MAY be different- and nothing at all to do with Facebook security- but frankly that would be information overload and I still don't buy it.

Garbage, all of it. and that being the case, quit trashing the principal.

I cannot believe how credulous people are about this sort of thing.

The only thing Naz has mentioned that cannot be done by simply looking at someone's profile is the viewing of the message inbox. It is far, FAR more likely that this part of the story has been exaggerated or misunderstood than it is to be the result of hacking.

Without proof this is all just empty nonsense. We only have a second hand report of a biased source saying this is so- why on Earth are people being so ready to accept it? This kind of uncritical approach to issues is what leads to things like the Conspiracy forum.

That people can face professional censure for ther Facebook profiles- as happens rather a lot, it was in the news about a gay policeman denied prmotion based on his profile just today- is a shame. But that's no reason to spread hacking scare stories without evidence.

Yes, I agree.

Originally posted by Bardock42
Though I agree, I would still say that if that is a public school, the headmaster has no right to tell the teacher what to do with her personal life.

depends on how you are using "right"

If you mean that the teacher should have the "right" to do what they want with their own time, sure, I'm mostly in agreement (I'm sure we can all think of abuses of the system that easily should result in the headmaster being justified in taking some action).

If you mean that the principal doesn't have the legal right, that is incorrect (at least where I'm from). The higher the grade or academic institution, the more loose the guidelines, but certainly primary and high school teachers are required to maintain some type of decorum outside of the class (whether you agree with it or not). I can't think of anything off the top of my head, but, I couldn't imagine a school that knowingly allowed their teachers to do drugs.

Originally posted by inimalist
depends on how you are using "right"

If you mean that the teacher should have the "right" to do what they want with their own time, sure, I'm mostly in agreement (I'm sure we can all think of abuses of the system that easily should result in the headmaster being justified in taking some action).

If you mean that the principal doesn't have the legal right, that is incorrect (at least where I'm from). The higher the grade or academic institution, the more loose the guidelines, but certainly primary and high school teachers are required to maintain some type of decorum outside of the class (whether you agree with it or not). I can't think of anything off the top of my head, but, I couldn't imagine a school that knowingly allowed their teachers to do drugs.

The government should not have the right to dictate your life outside school by employment (including drugs). Obviously if something interferes with their performance on the job that's another thing.

Originally posted by Bardock42
I mean it in a moral sense.

The government should not have the right to dictate your life outside school by employment (including drugs). Obviously if something interferes with their performance on the job that's another thing.

I agree mostly, and obviously in this case

stuff like sexual relations with students, bribery, etc wouldn't be ok, but ya, that is probably covered under interfering with performance

Originally posted by Neo Darkhalen
Some sort of social site, like Myspace.

To socialize is a good thing.

Originally posted by inimalist
if kids are logging on from school, wouldn't the login data be on the network for the taking? Or would one need a keystroke recorder to get it?

Exactly...they call those things "keyloggers". Also, data on the school LAN targeted for outside of the school's LAN is all accessible as long as it isn't encrypted.(If it is encrypted, usually on the intended target can decrypt the data.) There is ridiculous amounts of data that can be captured because a lot of it will be clear text or can be interpreted to fit "monitoring" purposes.

Originally posted by Ushgarak
Sorry, but no. I do not buy this for one tiny second. Sites like this are under constant hacking pressure and by overwhelming demand have become secure as a result. If there ever is a security hole in sites like this- as sometimes happens- it is based on typing in a certain URL. It is NEVER about the passwords being hackable.

If the students are letitng their passwords get keylogged on the school's LAN that MAY be different- and nothing at all to do with Facebook security- but frankly that would be information overload and I still don't buy it.

Garbage, all of it. and that being the case, quit trashing the principal.

I cannot believe how credulous people are about this sort of thing.

The only thing Naz has mentioned that cannot be done by simply looking at someone's profile is the viewing of the message inbox. It is far, FAR more likely that this part of the story has been exaggerated or misunderstood than it is to be the result of hacking.

Without proof this is all just empty nonsense. We only have a second hand report of a biased source saying this is so- why on Earth are people being so ready to accept it? This kind of uncritical approach to issues is what leads to things like the Conspiracy forum.

That people can face professional censure for ther Facebook profiles- as happens rather a lot, it was in the news about a gay policeman denied prmotion based on his profile just today- is a shame. But that's no reason to spread hacking scare stories without evidence.

No, dude, you are misunderstanding me. I am not saying the people are hacking the Facebook profile servers, but rather, people can capture data en route to authenticate with Facebook....hence my saying:

"When you sign in, it is not "https" meaning there is not secure data stream...meaning the data can be captured and interpreted....meaning their usernames and passwords can be captured."

Dude, all of that data is "capture-able" on the School's LAN if the packet headers and payload are not encrypted. (Which is what IPSec does...)

Also, whenever you use a network that does not belong to you, you should be aware that the owner of that resource has the right to monitor your "activities". However, this principal should not be allowed to view data that is beyond his LAN.

Originally posted by dadudemon
Exactly...they call those things "keyloggers". Also, data on the school LAN targeted for outside of the school's LAN is all accessible as long as it isn't encrypted.(If it is encrypted, usually on the intended target can decrypt the data.) There is ridiculous amounts of data that can be captured because a lot of it will be clear text or can be interpreted to fit "monitoring" purposes.

I know its cliche, but I had always just assumed that anything I ever put on the internet, private or not, was accessible pretty much as if I were yelling it down the street.

I don't see why kids these days don't get that.

Originally posted by dadudemon
Exactly...they call those things "keyloggers". Also, data on the school LAN targeted for outside of the school's LAN is all accessible as long as it isn't encrypted.(If it is encrypted, usually on the intended target can decrypt the data.) There is ridiculous amounts of data that can be captured because a lot of it will be clear text or can be interpreted to fit "monitoring" purposes.

No, dude, you are misunderstanding me. I am not saying the people are hacking the Facebook profile servers, but rather, people can capture data en route to authenticate with Facebook....hence my saying:

"When you sign in, it is not "https" meaning there is not secure data stream...meaning the data can be captured and interpreted....meaning their usernames and passwords can be captured."

Dude, all of that data is "capture-able" on the School's LAN if the packet headers and payload are not encrypted. (Which is what IPSec does...)

Also, whenever you use a network that does not belong to you, you should be aware that the owner of that resource has the right to monitor your "activities". However, this principal should not be allowed to view data that is beyond his LAN.

It's still a huge amount of work to be done to get the correct data. And that's assuming the school allows Facebook access, which is not that common.

Fact of the matter still is- this appears to be uncorroborated nonsense. He's just been looking at profiles, is all.

Yeah, I'm kind of skeptical of this.

Probably far more likely that the teacher had her profile set on public and the principal found it thanks to google (seriously, you'd be surprised what you can find is public by googling your name). She probably freaked and assumed the principal had managed to hack facebook or something.

Originally posted by Ushgarak
It's still a huge amount of work to be done to get the correct data. And that's assuming the school allows Facebook access, which is not that common.

Fact of the matter still is- this appears to be uncorroborated nonsense. He's just been looking at profiles, is all.

I think I see what you were saying now. Naz did say that he hired some goons....but I highly doubt those goons would have been able to hack the Facebook servers. I think that is what you were talking about.

I was talking about "packet sniffers" and you addressed that in your first paragraph of your above post.

Even wading through all of the logs from the captured data from the packet sniffer you have employed would NOT be very difficult to do. If you are on the same LAN as I am, and you log into a server that is outside of a LAN and I am using a packet sniffer on the LAN, I could quickly capture your credentials and use them when ever I wanted...depending on how the LAN is put together. This is why encrypting items like that would be important.

Maybe I am taking too many liberties on how I am interpreting Naz's post, but I think that by "hacking their way into facebook" she means they are "hacking" profiles. And you are thinking that they hacked the servers. Not that Naz doesn't know what she's talking about, but people throw around the word "hack" a bit too much and in the wrong ways so that is what I assumed when I read her post. From what she was describing, it looks like she meant that the "goons" just simply captured their credentials. (Why do I feel like a broken record in these post? 🙁)

Originally posted by Lana
Yeah, I'm kind of skeptical of this.

Probably far more likely that the teacher had her profile set on public and the principal found it thanks to google (seriously, you'd be surprised what you can find is public by googling your name). She probably freaked and assumed the principal had managed to hack facebook or something.

I wonder what the whole story is? It could very well have been what you are describing.

Sounds like a load of shit to me. There's always stories going around like this in schools, and they're always utter bollocks. Carry on visiting Facebook in and out of school, it's their problem if they don't filter it.