[HN Gopher] Show HN: This website moves your mouse cursor
___________________________________________________________________
Show HN: This website moves your mouse cursor
Author : baobabKoodaa
Score : 139 points
Date : 2021-04-01 12:56 UTC (1 days ago)
(HTM) web link (www.attejuvonen.fi)
(TXT) w3m dump (www.attejuvonen.fi)
| superprofesh wrote:
| The display:none rick roll was a nice touch.
| skulk wrote:
| looked at your source code, I think
| `window.requestAnimationFrame`[1] may fit your use case better
| than `setTimeout`.
|
| [1]: https://developer.mozilla.org/en-
| US/docs/Web/API/window/requ...
| movedx wrote:
| The "How this works" button links to
| https://www.youtube.com/watch?v=dQw4w9WgXcQ for thus of us unable
| to click said button or they're too paranoid to :P
| tyingq wrote:
| Not mouse warping, but I find this demo much scarier:
| https://alteredqualia.com/xg/examples/gaze_dolores.html
| mseepgood wrote:
| It's basically just Xeyes.
| kjjjjjjjjjjjjjj wrote:
| saw a scary face in the background and nope nope nope nope
| mittermayr wrote:
| especially when you go all four corners and then dramatically
| put the cursor right in the middle. goosebumps.
| devit wrote:
| Of course it doesn't. It merely shows an image that resembles a
| mouse cursor.
| butz wrote:
| This demo has a similar vibe:
| https://codepen.io/bnhovde/full/OJLYGKx
| [deleted]
| m_a_g wrote:
| Damn, I just got Rickrolled in the most unexpected way.
| jugg1es wrote:
| youtube should make an exception for this video so that it
| doesn't show ads when you visit from an external referral. Ads
| really ruin a good rickroll.
| Ombudsman wrote:
| Yup, bravo, they got me too. I'm so angry.
|
| e: The JavaScript can be found on the <head> section of the
| page btw
| jl6 wrote:
| Oh man I was hoping this was an auto-mouse-jiggler, which might
| actually be useful.
| john-doe wrote:
| What about moving the website instead: http://bewe.me/
| broberts01 wrote:
| This is fantastic.
| superasn wrote:
| You may also enjoy this whole subreddit dedicated to such
| shenanigans:
|
| https://www.reddit.com/r/badUIbattles/top/?t=all
| TimTheTinker wrote:
| whoah, that's cool... and he built another demo here that's
| pretty amazing: http://schemasofuncertainty.com/
| zaczekadam wrote:
| I love the how it works section. Very clever!
| brundolf wrote:
| It's a fun trick, but to reassure anyone who's panicking right
| now, it's not actually moving your cursor
|
| It's hiding your cursor while it's over the site, rendering an
| <img> of a mouse cursor at its location, and then moving that
| around a) when you move your real cursor, and b) with random
| perturbations
|
| Note to the author: the illusion would be even better if you used
| the user-agent to render a system-accurate mouse cursor ;) (on
| macOS the real cursor is black and the fake one is white)
| minikites wrote:
| I used Mac OS for decades before switching, but I changed my
| Windows cursor to black because I'm used to it and I genuinely
| think it makes more sense with most backgrounds being light
| colors.
| noobermin wrote:
| I mean it was obvious by looking at the inspector if you have
| firefox. It's funny, I was able to "click" the how does it work
| button even though it makes it look like you can't mouseover
| it.
|
| Also, kind of obvious given I use a gtk+3 dark theme and the
| mouse they use is white.
| brundolf wrote:
| Not everyone here is a web dev who's familiar with the
| inspector :)
|
| With the genuine browser security concerns that do exist out
| there (and the often-exaggerated narrative around the degree
| of the problem), it's worth being explicit that this is not
| actually a real one
| throwaway_porn wrote:
| But you should still panic a little bit because this technique
| can be used for https://en.wikipedia.org/wiki/Clickjacking
| brundolf wrote:
| The most it could do is fool you into thinking your cursor is
| somewhere else _within the same web page_ , which the
| malicious dev in this case would already have total control
| over. If they wanted to fool you into clicking something,
| they'd have an easier time just mis-labeling the button
| vladvasiliu wrote:
| > Note to the author: the illusion would be even better if you
| used the user-agent to render a system-accurate mouse cursor ;)
| (on macOS the real cursor is black and the fake one is white)
|
| I've already seen sites that change the cursor's appearance, so
| I wasn't particularly "shocked" by that (I'm on a Mac).
|
| However, what should improve the illusion would be to not move
| the cursor outside of the view area.
| tyingq wrote:
| Pointer lock does that, though I'm not sure what all browsers
| support it. Chrome/Desktop does:
|
| https://mdn.github.io/dom-examples/pointer-lock/
|
| It's a bit odd to me that it doesn't ask for any kind of
| permission on Chrome, just that a user click initiates it. It
| does briefly pop a hint that "<esc>" will release the mouse.
| baobabKoodaa wrote:
| Thanks for the feedback! The behavior around the edges should
| be improved now.
| baobabKoodaa wrote:
| > Note to the author: the illusion would be even better if you
| used the user-agent to render a system-accurate mouse cursor ;)
| (on macOS the real cursor is black and the fake one is white)
|
| You're right, it would make the illusion better. I developed
| this on Ubuntu where the default cursor is black, and I did
| consider doing this. Eventually decided to just use the default
| white cursor from Windows because it has better contrast on the
| dark color scheme. I guess I could set up 3 different color
| schemes for 3 different cursors for Mac, Linux, Windows, but it
| may be a bit too much work. I think most people who notice the
| cursor is different will just think "oh, this website uses a
| custom cursor", they won't necessarily realize that it's just
| an image.
| Waterluvian wrote:
| I'm on 18.04 and my cursor is white (and much smaller than
| the one on the site). I never realised Ubuntu had a black
| cursor option.
|
| I think you could make these changes, but I think that's if
| you want to have fun doing it. The diminishing returns are
| tiny and the gag lands well.
| brundolf wrote:
| You're probably on a different desktop environment (Gnome,
| KDE, etc)
| modeless wrote:
| Even better would be to use the fullscreen api and mouse
| capture api to trap the mouse for real. Then you could render
| fake browser UI and do whatever you want when people try to
| click on it. If you really wanted to mess with people.
| baobabKoodaa wrote:
| If you use the fullscreen api or the pointer lock api,
| Chrome will render a popup that says "press ESC to..."
| Without that it would be sick!
| modeless wrote:
| Yeah but I bet at least half of people wouldn't notice,
| especially if you put something interesting on the other
| side of the screen for a second. Or you could render a
| bunch of overlapping fake warnings all over the screen,
| making it difficult to find the real one. Or you could
| put an exit fullscreen button and pretend to exit
| fullscreen when clicked, but you're actually still in
| fullscreen. Etc. I should probably stop giving the
| malware guys ideas...
| LinuxBender wrote:
| Does not work if I enable javascript, but probably because I have
| 3rd party scripts blocked in uBlock. no-
| scripting: * true * * 3p-frame block * * 3p-script
| block
| baobabKoodaa wrote:
| Hmmh, that's weird. The only 3rd party script on that page is
| Plausible Analytics, and blocking that doesn't affect the
| functionality on the page. It is loading one (first party) JS
| file, maybe your uBlock configuration is somehow blocking that?
| I'm also using uBlock with the default configuration, and it
| works on the 2 machines that I tested with.
| LinuxBender wrote:
| Could be. I will have to try turning things off one at a time
| and re-test.
|
| [edit] revised the rules above, the no-scripting: * true was
| blocking it. Disabling uBlock for the domain allowed it to
| work.
| NikxDa wrote:
| If you open the developer tools, there is a link to a video in
| the DOM tree that explains how it works.
| hammeiam wrote:
| I found that one as well, I appreciate them hiding it for only
| the curious to find :)
| vladvasiliu wrote:
| Is it me, or is this just some animation trick?
|
| I've tried on Safari 14.0.3 / Mac OS 11.2.3 and while the cursor
| does _appear_ to move, its actual position, as determined by what
| happens when I actually move it, doesn 't seem to change.
|
| For example, if I manually move the cursor almost to the top of
| the page, but not quite, it will move around. Sometimes it
| disappears "under" the fixed part of the browser. But if I
| attempt to move it manually, the cursor "teleports" to where I
| initially left it.
| baobabKoodaa wrote:
| > Sometimes it disappears "under" the fixed part of the
| browser.
|
| Thanks for reporting this. The behavior around the edges should
| be improved now.
| y7 wrote:
| This demo is also really cool: http://javier.xyz/control-user-
| cursor/
|
| Via: https://news.ycombinator.com/item?id=14124285 (2017)
| amelius wrote:
| Websites could use this trick (hide the cursor and show a fake
| one) to make visitors click ads instead of the links they want to
| click.
| dang wrote:
| https://www.attejuvonen.fi/website-moves-your-cursor/ is related
| (via https://news.ycombinator.com/item?id=26661784)
| AngelOfDeath wrote:
| I cant click the "How this works" button
| cmg wrote:
| Found a fun Firefox issue where after putting FF in the
| background I tried to command-click that button to trigger it.
| My mouse cursor disappeared across the entire OS even though
| Firefox wasn't the active application! Had to bring Firefox
| back to the front to see my cursor again.
| baobabKoodaa wrote:
| ;)
| mrcschwering wrote:
| I clicked it^^
| dash2 wrote:
| If you look at the source you'll find a link to a youtube video
| that tells you all you need to know. Don't give up :-)
| FeepingCreature wrote:
| Yeah, you can click it, but only if you already figured out how
| it works - move the fake mouse cursor to the point where it is
| almost over the button, blindly move it down a bit and click.
| Groxx wrote:
| "how this works" -> can't click it.
|
| oh that's a marvelous bit of trolling
| mittermayr wrote:
| Something exactly like this almost got me kicked out of school,
| first year.
|
| I had just picked up Delphi and being the nerd I was, I wanted to
| make use of it anywhere I could. At the time, the Windows API was
| essentially completely open to mess with, and I had discovered a
| bunch of weird things, like the fact that setting (!) the mouse
| cursor position was even possible, and I knew the CD ROM drive
| could be opened with code as well.
|
| I packed those things into a quick Delphi program, removed its
| main window (so like a daemon essentially) and then deployed it
| on our school computers (everything was open, I just put it into
| the Startup folder if I remember correctly).
|
| Well, I had the daemon deployed on most computers eventually and
| it had a timer that looked up a file on the shared network drive,
| and depending on what was in that file, it would do something, or
| stay quiet in the background.
|
| Since our IT classes were mostly just "doing stuff in Microsoft
| Word" (good old times), I couldn't hold off for too long and just
| added the magical "shakymouse" to the text file, a minute or two
| later, you would see everyone's mouse cursor start to wobble. It
| became next to impossible to hit a button or anything really, and
| I just had the time of my life as the teacher scrambled around to
| figure out what in the hell was going on.
|
| I then changed the text file to "cd" and everyone's CD drive
| opened (one after the other as they all slowly picked up the
| command). It was SO AMAZING (just the choreography of it all), I
| literally almost shit my pants out of excitement.
|
| Problem was, there was only one person in the entire school they
| felt was capable of such nonsense, so they had me at the
| principal's office an hour later. They made a big show out of it,
| and told me to go home as they'll come up with a punishment and
| they'll also need to talk to my parents.
|
| I thought I was in massive trouble, didn't sleep at all that
| night. Next morning, I'm back at school, principal wants to see
| me, tells me I am free from having to attend the IT classes, as I
| clearly don't need them, and this reduces the chance of me
| getting bored. So it worked out quite nicely after all. Lesson
| learned... CRIME PAYS!!!
| lhenk wrote:
| When I was 12, I found out about `shutdown /i`, which opens up
| a GUI where you can enter target IP addresses. Obviously I had
| to try it out in class. Each computer room in school had its
| own IP range, so it was easy to target all PCs in the current
| room. At the end of the class, I shut down all PCs - it worked!
|
| I told a friend how I did it - of course he had to tell the
| others in class.. so the war began and everybody shut down
| their neighbors PCs!
|
| We then invented "defense scripts" in batch, which basically
| ran `shutdown /a` in an infinite loop to cancel any shutdown
| requests.
|
| In the end, the administrator disabled the shutdown command -
| the official reason was potential harm we could do concerning
| A-levels.
|
| Good times.
| haddr wrote:
| did something similar, with delphi, using winapi but also used
| opportunity to learn network sockets so the daemon was
| controlled using telnet. and instead of deploying it to the lab
| I was just showing it to those who were interested, so didn't
| run into problems with teachers :)
|
| Ps. cd opening was there too :)
| mittermayr wrote:
| CD opening was the gateway drug to everything else.
| Everyone's mentioning that in the threads here. HA! Love it.
| vbezhenar wrote:
| I remember story about using program to open CD which
| pushed reset button of another computer. It was used as a
| watchdog to reboot it.
| DougN7 wrote:
| You lucky young folk! In MY day the Apple IIe didn't have CD,
| mouse or network! Pranks were pretty limited...
| jimnotgym wrote:
| We had Windows machines in around 94. They booted to some kind
| of menu where you could do various things I don't recall...and
| boot Windows. There was a problem with my friends machine one
| day and I saw the IT admin type a ludicrous single character
| username and password to get into this boot menu.
|
| So I used it to have a look around and change the startup
| message to insult a friend. Then I told him how...and he told
| everybody. Next day all of the machines had obscene messages,
| and someone was caught doing it, they said my friend told them,
| and he told them that I told him. Thanks buddy.
|
| I remember being terrified as I told the deputy head how I
| 'cracked the code', but I think I just got a detention.
| soylentgraham wrote:
| Similar thing for me in college, when it came to punishment
| they asked, "what sort of reprimand do you think you would
| get in the work place?" And i replied with "sent home with
| pay?". They weren't impressed.
| Causality1 wrote:
| I received a similar summons to the principal's office for
| using the "netmsg" DOS command to send a single character, the
| letter q. I had intended to only message my friend in the same
| room but it went to every computer in the school.
| klyrs wrote:
| Hah, I had a similar experience. Got kicked out of one class,
| changed to a keyboarding class because I could already type
| fast. Easy A, right? Well, the computers didn't work very well
| and I'd fix them, and leave a signature where I'd been. Teach
| was a little flabbergasted when I'd be sitting at a "broken"
| computer but no matter.
|
| Don't tell, but I knew how to pop into windows and play games,
| and the machines were networked so I had everybody's classwork
| sitting right there. They can't catch you cheating when the
| assignment is to copy the same damned text. Teach lost me on
| day 1 when I did 65wpm on the 5wpm test, all like "no, you
| can't skip ahead, you've demonstrated can type at 5wpm, now you
| need to take the 10wpm test"
|
| But then they taught us how to use macros in a word processor.
| I don't know how or why, but the computers had a shared
| namespace for these macros. We were only supposed to use them,
| but I figured out how to make and edit them. Told a friend
| about it. The friend promptly changed the macro the class was
| meant to use. With recursion. And that was Trouble. Who gets
| the blame? Kid with their name on all the autoexec.bat files,
| that's who.
|
| Shortly after I got back from suspension, I talked to the IT
| guy, and became his unofficial TA, and fixed computers during
| that class period.
| umvi wrote:
| Reminds me of the time I naively did "net send *" to send
| messages to a coworker such as "What's up dog?" at a US Air
| Force base hospital (I was summer hire working in the
| warehouse). My coworker got a kick out of it, but apparently
| every computer in the entire hospital was on the same domain
| and two frantic IT NCOs came bursting into the warehouse trying
| to figure out who was sending the messages. Apparently the
| group commander's computer was getting them too...
| jhamilton wrote:
| This sounds super similar to a prank I pulled in high school.
|
| At school, it was sort of a cat-and-mouse game between the
| students and the sysadmin. Kids would find new ways of evading
| the school blocks (different proxies, someone getting a bypass
| login, etc so they could access myspace) that the admin would
| then catch a couple weeks later and close. A lot of these
| proxies were distributed on the fileserver that was shared
| between students.
|
| One day, I wrote a small piece of software in my programming
| class (in VB6!!) that would wait a random length of time, and
| then open and close the CD tray. I wrote a short batch script
| that would copy that file to startup and then open the current
| popular proxy software. I then changed the icon on that script
| and placed it where people expected to find the proxy software,
| giving them reason to run my script.
|
| Students then unknowingly disseminated my software all over the
| school, and the next day (after PCs were rebooted overnight)
| the software would take effect and randomly open/close the CD
| trays of computers all over the school.
|
| They ended up tracing it back to me (windows user
| permissions/ownership, probably) and I was promptly banned from
| computers at school through the end of the year and for most of
| the next.
| surfsvammel wrote:
| We had a battle with the sysadmins, we trying to do pranks
| and the sysadmins trying to find us. This was around 1996 or
| so (I remember this because Quake had just come out). Anyway.
| I remember us communicating with the sysadmins by writing
| small messages in files we where not supposed to be able to
| access.
| mittermayr wrote:
| VB6 was the worst and best kind of software. You were NEVER
| (even as a professional) sure if it ran on the other/target
| machine, so you just hoped for the best.
|
| Also, I quite like the cat-and-mouse analogy you mention,
| because I feel it was (mostly) a harmless way to hone skills,
| to level up knowledge essentially, with a (at the time)
| reasonable amount of risk involved, which kept it exciting
| enough to learn more. It would be cool to see schools have a
| bug-bounty type of environment here or there, just for those
| few kids who actually want to spend their time on getting
| better at networking.
| jhamilton wrote:
| Luckily the school was rather new so all of the PCs across
| the entire school were identical, whether they were for a
| teacher's use, the programming class, or the graphic design
| and yearbook clubs so I was luckily able to avoid any of
| those shortcomings.
|
| Cant say my school had anything of the sort (they'd prefer
| to punish and force you back in line with other students)
| and while I like the idea, I know that in HS it'd feel too
| akin to snitching on my classmates to participate in that.
| o-__-o wrote:
| > Problem was, there was only one person in the entire school
| they felt was capable of such nonsense
|
| I found myself sitting in the vice principals office, as a kid,
| all alone with his password under his keyboard. I thought long
| and hard about going to the local library, dialing up to the
| school network (modem days) and changing a bunch of grades of
| students to improve my GPA. That reason you called out is the
| only reason I did not. All eyes would be on me.
|
| So I resorted to just mild pranks
|
| - took a virus from my library and submitted it with homework
|
| - found someone trying to install sub seven on my girlfriends
| computer. I reverse subseven'd him and socially engineered him
| to give me his address. Used mapquest and showed up at his
| house
|
| - made a fake virus that pretended to run format c: on my moms
| computer. My mom had the principals office call me out of class
| in 6th grade. I remember laughing my ass off that I got called
| out of class for that prank
|
| - in college I wrote a program that would split up audio files
| into variable lengths up to 1 second and send them to a list of
| servers (sun ultra 60s) then run auplay to play the audio of
| the files out of the speaker. The controller would keep track
| of which system had which part and would plAy the audio in
| sequence across the various systems. The sun servers were lab
| computers with users on the console. Imagine their surprise
| when Mega TeamFortress sounds start playing in surround sound
| out of all of the systems around them.
|
| - scotch tape over the very end of Ethernet cables on desktops
| (fun!)
|
| - vb or c# program that "jiggles" the mouse pointer. I made a
| coworker throw out three mice because of it
|
| - redirecting a coworkers network drop to a spare Linux
| computer in my office running tc introducing random latency
|
| - control-alt-down on windows computers
|
| - random times in cronjobs that runs shutdown or randomly kill
| shell process on unix boxes/accounts that were left unlocked
|
| There's probably more, but whew I haven't pulled a prank in
| over a decade!
| mittermayr wrote:
| My two favorites on that list clearly are: scotch tape on
| ethernet cables (what a horrible, horrible ...yet so
| fantastically effective idea), and cronjob shutdowns (why did
| I never think of that).
| imwillofficial wrote:
| This story made my day
| dragontamer wrote:
| Floppy drive bootloader.
|
| If you left the floppy disk in, I took over the boot-process
| and displayed "Uploading Virus" in a loop. Which of course,
| didn't do anything.
|
| A few weeks later, all the floppy-drives were removed from the
| library's computers, lol
| evanreichard wrote:
| This is hilarious. I have another somewhat related story.
|
| Back in 7th grade I stumbled upon the "net send" command. So,
| bored in the back of class one day, I sent a few messages and
| saw them pop up simultaneously on all the computers. I thought
| it was pretty funny. I didn't sent anything vulgar. Just
| something like, "yo", and "it's Evan" (yes, I put my name).
|
| Well, turns out I sent those messages to every computer in the
| district. Three elementary schools, one middle school, one high
| school, and the administration building.
|
| Maybe 10m later someone from the IT team came and asked who had
| computer #XX. Obviously was me. Principal claimed I hacked into
| all the computers and said he'd call me back in for an
| appropriate punishment.
|
| Nothing ever amounted to it. Never got called back in so I had
| no repercussions.
| kbelder wrote:
| Back when I managed a call center, we were just integrating
| some new messaging software. This was very old-school, IBM
| 3270 dumb terminals hooked up to the mainframe.
|
| One of the team leads was trying to figure it out, and sent a
| message to her group saying, 'if you can read this, please
| raise your hand.'
|
| Of course, she got it wrong, and sent the message out to the
| whole corporation. No safeguards against that, at the time.
|
| Nothing bad happened, other than severe embarrassment. But I
| still smile at the thought of the marketing department
| setting in their offices, hands raised, wondering if it was
| safe to lower them yet...
| slaughtr wrote:
| Dang I got suspended for 2 weeks and wasn't allowed to touch
| a computer for the remainder of the year when I did this.
|
| And I had even managed to figure out how to target it at
| specific logged-in users!
| mittermayr wrote:
| Hah :) That moment of ... did I just do something
| extraordinary cool... or did I just mess up big time? Or...
| wait a minute... I JUST DID BOTH!
| xaduha wrote:
| Basically same thing happened to me, except it was my teacher
| and some angry IT guy that gave me a ribbing, principal
| called him.
|
| > "it's Evan" (yes, I put my name)
|
| I just sent 'test' and I think it shows IP or computer name,
| but it didn't really matter, I had to confess when they asked
| the class who did it.
|
| 'net' has so much stuff crammed into it though, it's
| unbelievable. Feels like a skeleton key that just barely
| follows rules.
| staticfloat wrote:
| Hah! I did the exact same thing when I discovered the "net
| send" command. Only me and my friend were playing around so
| we sent eachother messages like "I know where you live".....
| the school tech was cool with me so I didn't get punished,
| but quite a few admins were freaked out by these strange
| messages appearing on their computers.
| CodesInChaos wrote:
| On Windows 95/98 there was an API call that hid your process
| from the taskmanager (intended for services, IIRC). Used that
| trick on my "fun" Delphi programs.
| entropie wrote:
| I got only suspended for two weeks because I pressed E in the
| grub menu and booted linux with a root shell. I told my teacher
| that their installations are basicially not secured at all and
| he didnt understand anything what I tried to explain and send
| me to the school manager which accused me of hacking the school
| network.
| Aeolun wrote:
| I cannot imagine this taking place in this day and age. The
| principal would have you marched out of the school escorted by
| police and charged you with a federal crime or something.
| wdfx wrote:
| This sounds very familiar. In my final year at school I was
| given privileges to 'monitor' the school's computer lab over
| lunchtimes. What that amounted to was really just reminding the
| other students to save and leave before the afternoon lessons
| started.
|
| I thought better and that I could automate this task by writing
| a small background task in VB (4 or 6, I can't remember which
| year/version) which would listen for commands on UDP.
|
| One such command would initiate an immediate shutdown. Without
| prompting the user to save open documents.
|
| Only once I issued that command to the entire lab.
|
| I didn't take long for everyone to find out who did it since my
| own machine was still logged in and working.
|
| The next day I removed the process from the machines lest I get
| myself in any real trouble.
| mittermayr wrote:
| Automating things was quite a thrilling thing to do at the
| time (before one was paid to do so). And UDP in VB, holy
| moly, some seriously advanced stuff (at the time).
| [deleted]
| tshaddox wrote:
| That's a good story. In middle school I got similarly called to
| the principal's office and threatened, but literally all I did
| was send messages (and nothing particularly menacing or
| inappropriate) to other computers using the Novell client
| software that was installed on every PC at school. You had a
| lot more fun!
| mittermayr wrote:
| Whatever happened to Novell? It was everywhere at the time,
| and then never seen again.
| westmeal wrote:
| It was extremely popular but I think people started to
| realize how useless it was after Windows Server 2012.
| donjoe wrote:
| Haha, this sounds almost exactly like my Delphi story - just I
| didn't target the mouse.
|
| Instead, I did target each keyboard's keys which - when being
| pressed - would play a sound using internal speakers. Deployed
| it on all devices in the room and once class started, we had a
| lovely concert going on.
|
| Got kicked out of the room immediately.
|
| Ah, and netsend was fun also :D
| brundolf wrote:
| Wow. One time in highschool I ran Rainmeter (a harmless HUD
| program: https://www.rainmeter.net/) from my flash drive on a
| school computer to show a friend. The next day I got called up
| to IT because they apparently had software listening for any
| foreign executables (but not actually blocking them?), and
| policy was to suspend me from school computers for two weeks. I
| was taking a CS course at the time, so for two weeks I just had
| to sit there in class doing nothing.
|
| When the IT guy talked to me, he even said he'd seen Rainmeter
| in a magazine and tried it out at home and thought it was
| pretty cool. But the admins had watched Hackers too many times,
| it seems, and thought it appropriate to treat me like a
| delinquent :P
|
| Edit: Looks like Rainmeter is still alive and kicking! Maybe
| I'll give it a revisit
| mittermayr wrote:
| Oh yeah, the school admins were always (probably all around
| the world) a special bunch of people. From complete
| bureaucratic permission junkies, to those who opened the
| doors for curious students to hack around, experiment and in
| general just talk shop with a grown-up (of sorts). At the
| time, I felt it was so hard to find people to learn from,
| everyone was just playing games or hating computers. So those
| people could (sometimes) be a beacon of light in a not-so-
| nerdy world.
|
| In another school (where IT was much more advanced, likely a
| lot like you've encountered), I put a file called
| DukeNukem.exe on the school-wide network share, and it didn't
| take long for people to discover it. It just showed an error,
| game needs some extra permission, and asked you to enter the
| password to try again. Well, people did that of course and
| the game didn't work. But another file on the network drive
| collected EVERYONE's password, one after the other, it took a
| few weeks until they caught me. They were able to use some
| Novell admin ninja something something to figure out who
| placed the file there and again, I was kicked out of IT
| classes, no other harm.
| don-code wrote:
| This was close to the way my high school chose to deal with
| process gaps. Luckily, the two IT guys were more than happy
| to help me out - I could get off scot-free if I just showed
| them how I'd done it.
|
| They blocked executables on floppies, but if you copied
| something to a floppy as a .txt file to My Documents and
| renamed it, it was runnable.
|
| They then blocked executables in My Documents, but if you put
| in a batch file, that'd still run.
|
| They then blocked batch files, but if you created a shortcut
| to "cmd.exe" and ran that off a floppy, you got a shell
| prompt, from which you could run whatever you want.
|
| They then blocked executing "cmd.exe", but the initial
| response didn't also include "command.com"...
|
| _Unfortunately_, at that time, I'd already discussed the
| "cmd.exe" loophole with them, and the "command.com" loophole
| was basically the same thing that I'd already been told not
| to do... so I got detention for this one, and promptly
| stopped.
| Aeolun wrote:
| That's a bit dissapointing. If you want someone to bring
| you vulnerabilities you have to allow them to experiment.
| hypermachine wrote:
| Setting the cursor position is still available in the Windows
| API, it is the basis of how most RPA tools work.
| mittermayr wrote:
| Oh that's interesting to hear! I assumed that most things
| have probably been shielded off behind UAC and similar things
| (like the Mac keeps asking to allow certain apps to even read
| the screen or access the Desktop now).
| don-code wrote:
| The network space on my university campus was flat and
| unfirewalled - one big /16 on which every device had more or
| less unfettered access to every other device.
|
| Sometime in my senior year, I read that there was a PJL command
| that could set the ready message on networked HP printers.
|
| Naturally, I wrote a script that walked the entire /16 and
| would attempt to set the ready text to "Low Toner". My
| girlfriend convinced me not to run it, so I changed it to "Low
| Mayonnaise" and ran that instead.
|
| For the next few weeks, seeing "Low Mayonnaise" on printers was
| a pretty common sight. It disappeared on its own as printers
| were reset, or error conditions triggered, but it did feel
| pretty satisfying.
| Sidetalker wrote:
| My high school claim to fame was a VB.NET application I wrote
| during class that would connect directly to my server to
| download flash games since online flash games were constant cat
| and mouse. I had hotkeys so you could hide the whole thing from
| screen and taskbar on a whim. My flash repository was still
| getting hits for years after I graduated, though that tapered
| off a little while ago.
| NicoJuicy wrote:
| - pushed in my USB drive with autorun to copy files ( it was
| related to a dare)
|
| - someone was a bully. He talked about nfs 2. Sub7 him and
| deleted his saved games of it( a website catched his IP in
| logs, also msn could see the ip connected during a file
| transfer at the time - unrelated). I laughed silently, when he
| complained at school.
|
| - distributed the twilight and crazy bytes CD/dvds at school.
| They compression was amazing! ( I know it deleted assets too)
|
| My desktop contained 3 cd writers to burn things. Later on 3
| dvd-writers.
|
| - Didn't fiddle with hardware too much. But i remember doing
| modem bonding for double speed. I quickly stopped because my
| parents found out ( 2 phone lines occupied) and because of the
| high price... 5,6 kb. * 2 felt insane. It was a normal model
| though and seems a bit weird, telling it. Did anyone do this
| too? ( Don't remember it very well)
|
| - chat logs of msn were amazingly simple and nice at the time!
| Xml with dtd. I still use it for a lot of things for templating
| client data and even generating html from it. Most useful thing
| from then, that i still use.
___________________________________________________________________
(page generated 2021-04-02 23:00 UTC)