Teacher knows when Ubuntu is booted
 

Today I booted ubuntu from a flash drive at school, just to play around with it. Unfortunately, the computer teacher somehow found out after the fact, first pulling in a classmate and questioning him, then pulling me in. It soon became apparent that booting another operating system went against the school's electronics policy.

While I had no knowledge of this, I am curious as to how she knew that somebody had booted Linux. Students have to log into provided user accounts to access the computers, but to be honest I don't know much about this sort of thing.

Could explain to me how she was able to find out that somebody had used Linux?

maybe the web-browser user-agent id string was logged somewhere ?

I'm assuming this is a High-School. Most school systems have proxy filters set up, so your user-agent string from the browser, which will specify windows/mac/linux, was logged. Schools don't like booting from a usb because it takes the PC outside the controlled school ecosystem.

Sounds like a good school. They ought to stop you from using the public's hardware to play with.

The new Core i3-7 chips have backdoors into the computer even when turned off. They do not rely on ANYthing on the HD to "come alive". He could have something monitoring each computer and you cannot stop him easily.

Any links on that?

Google is your friend...........

“Secret” 3G Intel Chip Gives Snoops Backdoor PC Access

Intel Core vPro processors contain a “secret” 3G chip that allows remote disabling and backdoor access to any computer even when it is turned off.

*

The promo also highlights the ability for an administrator to shut down PCs remotely “even if the PC is not connected to the network,” as well as the ability to bypass hard drive encryption.

*

“Core vPro processors contain a second physical processor embedded within the main processor which has it’s own operating system embedded on the chip itself,” writes Jim Stone. “As long as the power supply is available and in working condition, it can be woken up by the Core vPro processor, which runs on the system’s phantom power and is able to quietly turn individual hardware components on and access anything on them.”

Although the technology is being promoted as a convenient way for IT experts to troubleshoot PC issues remotely, it also allows hackers or NSA snoops to view the entire contents of somebody’s hard drive, even when the power is off and the computer is not connected to a wi-fi network.

It also allows third parties to remotely disable any computer via the “secret” 3G chip that is built into Intel’s Sandy Bridge processors. Webcams could also be remotely accessed.

*

The ability for third parties to have remote 3G access to PCs would also allow unwanted content to be placed on somebody’s hard drive, making it easier for intelligence agencies and corrupt law enforcement bodies to frame people.

“The bottom line? The Core vPro processor is the end of any pretend privacy,” writes Stone. “If you think encryption, Norton, or anything else is going to ensure your privacy, including never hooking up to the web at all, think again. There is now more than just a ghost in the machine.”

Sounds like IPMI to me, and all of the rumors also appear to stem from the ONE undocumented source, which is full of crap.

I mean c'mon, do you really think intel has slapped in a separate processor, flash, RAM, 3G modem, AND a 3G antenna capable of making it through the heatsink, through the CPU case, through your house, and to the 3G network, all without increasing the size or power requirements of the processor, with included data fees, for free?

See the comments section from the original Jim Stone "article", that ALL of the others reference:
http://www.popularresistance.org/new...ntly-hackable/

The sub-processor can USE your peripherals, including a 3G modem if you have one, but it doesn't have its own. That article is nothing more than sensationalist BS...just look at the site that it's on for god's sake.

As for the OP's question, I'm going with a proxy server and user-agent.

The Intel vPro technology is a feature of certain Intel chipsets (and yes, it is their version of IPMI). It has nothing at all to do with the Core i-CPUs.

Honestly, I think that the most likely explanation is that the teacher knew because someone told her.

Hi,
Perhaps I missed something, but why do state that it is "the public's hardware"?

Evo2.

He's assuming (wrongly, perhaps) that it's a public school, which would mean that the computers are paid for with public (i.e. government) funds.

Another reason the teacher may know is because often in a computer lab environment, the mentor monitors each station in order to view progress etc. So they have remote desktop capabilities that puts all the clients online in their view, they can then simply click and view what the student is doing.

If the client does appear or does not connect like it usually does, it is normally pretty easy to understand the computer is not behaving. If the student seems busy working on the machine, then that could be cause for alarm as well.

If the school has a policy, does it matter? It is still wrong.

I suppose I could get past it. I am unwilling to assist in hacking. The simple discussion of the issue is in effect teaching the kid how to get past the rules.

In Australia the Federal Government supplied laptops and they had a light on the lid. Windows light on, others light off. Teacher sits at the front of the room counts the lights, 30 laptops 29 lights the options are
1. someone has not started their machine (a requirement at the start of the lesson).
2. the laptop has a broken light and needs to be sent in for repair (student is required to let school know as soon as there is a problem).
3. someone is using a different OS to the one that was pre-installed (student gets into trouble).

nmap -O will let you know what OS is running on a given machine.

To my knowledge all the laptops supplied to students are just Thinkpad netbooks. All thinkpads have the battery and sleep lights on them, and they work perfectly under Gnu/Linux.

Op, i'm guessing that they knew someone accesed the computers from a live USB via what others have said above, they figured it was you by the process of elimination.

There are actually a few different types now. In NSW it started with Lenovo IdeaPad then 3 different Lenovo ThinkPad models were rolled out one of which was allegedly specifically designed for the purpose. Each state was given the responsibility of organising the contracts so what was purchased in NSW may not be what WA purchased.

today i learned there was a united states of austrailia (i always thought it was 1 country/1 government). how many states are there in austrailia (i probably sound like an ignorant united statian).

6 states, 2 internal territories, multiple off shore territories. We aren't a "United States" we are a Commonwealth ;) Each state has its own constitution and laws, the Federal Government is only supposed to have limited powers (defence, imports-exports, immigration, there are more but it is actually quite limited) but the states have over time given up their constitutional responsibilities to the Federal Government.

Now back to our regular topic.

As stated in the original post, I had no idea that it was against school policy. I have only recently been introduced to Linux, and would like to learn a bit more about how it works.

Thanks for all the answers! I had not heard that you could identify which operating system was being used based on the browser, or that 3g was being integrated into processors. I think that the former of the two is the more likely answer, as the machines are several years old (floppy drives!)

I think that dolphin Oracle's answer fits the closest to what happened. Let me add additional information. If the computer connects to the local network in any way, then it makes itself visible. Most "live" booting systems use DHCP to register on the network. If the local network is based on static IP addresses, then this will distinguish the machine in any server logs. Even if the local network is using DHCP, it is possible that "Legal" operating systems have some sort of client that registers with a central server, i.e. when "virtual machines" are used. If the client does not register with the central server, but the machine is shown to have connected with the network, this is another "red flag" circumstance that can be noted.

Ideally if you want to play anonymously with a school computer, then you will need to ensure that no network connections are made. This will not of course protect you if the teacher is looking at you over your shoulder, or through a one way mirror.

No password on the BIOS? Or did you have to hack your way to it? Or did you yank the CMOS battery for a few m inutes (hard to do in a classroom...)?