Jump to content

Student allerts school to a security problem and gets arrested for it


Razor512

Recommended Posts

http://timesunion.com/AspStories/story.asp?storyID=732745

while the student could have explained the security problem better to make him sound less malicious, he would have been better off not saying anything at all to the school

the law being quick to punish people trying to help has really made networking and the world a less safe place

when crimes happen on the street, people are less likely to report it as the government and the laws has gotten to be in such a way that reporting a crime automatically makes you a suspect and can land you in a lot of hot water.

or in the case of network security, people with good intentions are less likely to offer help because they will get punished with a number of felonies

so now a days the often scenario is that a non malicious user will discover a security problem but will remain silent as reporting it to the company will just land that user in jail. so they remain silent and after some time the company finds out about the security hole by noticing that someone stole a lot of confidential information

no good deed goes unpunished so just keep quiet if your not good friends with IT

Link to comment
Share on other sites

my school (300 k-12) IT people and are good friends and the teachers know me well, so each month we had tech meetings, and on the last one, i just pointed out all the internet flaws, portable firefox, proxies, etc all i could think of, they wrote it down, and looked at me like i knew too much, but still they were kool about it. this however pisses me off, especially this

Officials said anyone with a district password — thousands of people including students, faculty and other employees — could have gotten access to the faulty file.

and that it would require exploration, WTF?! who said he knew what he was into? who said he wasnt just trying to see whats open to tell them...this is BS, the superintendent should be bitch slapped and fired, as well as the principal.

re-read and found this, now im pissed

Robinson refused to place blame for the blunder.

thats the superintendent, how about IT people?! or the people upgrading computers?!

Link to comment
Share on other sites

I bet the tech guy is a 60's something that hasn't changed the system since 1990. It's common in small environments to not change what is functioning and create more work for yourself. I've seen it a couple of times myself.

Link to comment
Share on other sites

Thats just wrong. It seems he was just trying to help, but used the wrong words (seems like something id do).

There should be an organisation were you can report security flaws and then they will then contact the place in question, so the discovorer is never know, that way more people would report flaws.

Link to comment
Share on other sites

Im not sure if i read the article correctly but this is what i got.

Kid logs on to school computer

School computer is networked with the entire city and their databases

Kid gets bored and instead of trying to find proxies he starts to look around the OS and the folders, he is logged into his account mind you

Kid finds unsecured information that anyone in the city at that time could have seen

Kid get scared and later emails the school saying what has happened

School/City gets upset and needs to find a scapegoat before this goes public

Kid is now in trouble for trying to learn

Am i reading this right? I really hope the EFF gets involved.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...