Student allerts school to a security problem and gets arrested for it

[Razor512]

http://timesunion.com/AspStories/story.asp?storyID=732745

while the student could have explained the security problem better to make him sound less malicious, he would have been better off not saying anything at all to the school

the law being quick to punish people trying to help has really made networking and the world a less safe place

when crimes happen on the street, people are less likely to report it as the government and the laws has gotten to be in such a way that reporting a crime automatically makes you a suspect and can land you in a lot of hot water.

or in the case of network security, people with good intentions are less likely to offer help because they will get punished with a number of felonies

so now a days the often scenario is that a non malicious user will discover a security problem but will remain silent as reporting it to the company will just land that user in jail. so they remain silent and after some time the company finds out about the security hole by noticing that someone stole a lot of confidential information

no good deed goes unpunished so just keep quiet if your not good friends with IT

[darkjoker]

That's messed up. your so right, that's why a lot of people dont tell someone that they have a problem with there computers or network, they are worried that they will get blamed.

[lazaruswws]

People always look for someone to blame to cover up their mistakes.

[gcninja]

my school (300 k-12) IT people and are good friends and the teachers know me well, so each month we had tech meetings, and on the last one, i just pointed out all the internet flaws, portable firefox, proxies, etc all i could think of, they wrote it down, and looked at me like i knew too much, but still they were kool about it. this however pisses me off, especially this

Officials said anyone with a district password — thousands of people including students, faculty and other employees — could have gotten access to the faulty file.

and that it would require exploration, WTF?! who said he knew what he was into? who said he wasnt just trying to see whats open to tell them...this is BS, the superintendent should be bitch slapped and fired, as well as the principal.

re-read and found this, now im pissed

Robinson refused to place blame for the blunder.

thats the superintendent, how about IT people?! or the people upgrading computers?!

[mavrck]

I bet the tech guy is a 60's something that hasn't changed the system since 1990. It's common in small environments to not change what is functioning and create more work for yourself. I've seen it a couple of times myself.

[will-wtf]

man that is so unlucky...

[deleted]

Thats just wrong. It seems he was just trying to help, but used the wrong words (seems like something id do).

There should be an organisation were you can report security flaws and then they will then contact the place in question, so the discovorer is never know, that way more people would report flaws.

[stanni]

This really makes me mad, the problem is that the police 99% of the time, have no idea what there on about or have any intemediate knowledge of computers.

Also I think DarkBlueBox' idea is good.

[RogueHart]

this is why grey hat is dying lol.

[DingleBerries]

Im not sure if i read the article correctly but this is what i got.

Kid logs on to school computer

School computer is networked with the entire city and their databases

Kid gets bored and instead of trying to find proxies he starts to look around the OS and the folders, he is logged into his account mind you

Kid finds unsecured information that anyone in the city at that time could have seen

Kid get scared and later emails the school saying what has happened

School/City gets upset and needs to find a scapegoat before this goes public

Kid is now in trouble for trying to learn

Am i reading this right? I really hope the EFF gets involved.