Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
In 2005, I attended a public gifted school. The school's computer admin decided we needed an update in the software used to select our classes, so he created a simple program where you type in your Social Security number as the password, then select the classes.
Well, some friends and I got curious one day and decided to look into the folder where the software was, and voila - we found the Public folder. It didn't contain much, but we located a simple .txt file that contained an alphabetical list of names and Social Security numbers. We decided to take this file, so we could have some fun with some of our more paranoid friends by walking up and greeting them as "Number ...."
Word quickly got out. Rumors spread that we had obtained a bar-code scanner and had used it to scan student IDs when the students weren't looking. Some even suggested we hacked the server. Eventually, school administrators found out who had copies of the file and started to threaten expulsion.
We all came clean. We even showed them how we did it. Some people were amused but others weren't. Some students demanded we be sent to the local court for a "hearing," which was actually more of a scare tactic than anything else. In this hearing, the judge told us, "With great power comes great responsibility." Having seen "Spider-Man" plenty of times, we could barely hold back a chuckle, which I'm sure did not help our case.
Nobody seemed to care that a simple fix could have kept the file hidden. The program was designed to match a name with a number, and we happened to find the list of answers. We were punished for exploiting a vulnerability that shouldn't have existed in the first place.
There was no punishment for the IT guy, though. He just made sure to put the information in a secure admin-accessible-only folder. (We went back to double-check to make sure he hid them.) Parents and outsiders never found out, and it was never released in the school news that there was any fumble at all. After the commotion died down, people just forgot. The couple of students involved demanded tighter security to one of the other admins (the guy who manages hardware).
To this day, a modified list of Social Security numbers is still floating around (my friends' numbers removed). I doubt any real harm will result, but there's no question that the situation is not ideal. Future students who decide to play with this information may not be as harmless as we were.
(In the state of Louisiana, where the school is, all of our college financial aid information -- SSN, address, name, and so forth -- is kept on computers in various universities. With Katrina, a lot of schools got hit hard, and some information was at risk of being lost. A company was recently hired to store the information as a backup just in case of another major hurricane. Last year, that company lost the information -- the encrypted drives went missing while being transported, I believe. We are not a state known for safeguarding sensitive information for students!)
Computerworld Member Login
Prioritizing Services with IT Service Management (ITSM)
Computerworld Live Webinar
Wednesday 20th, August 2008
11:00am EST (Sydney, Australia)
To be repeated on:
Thursday 4th, September 2008
11:00am EST (Sydney Australia)
Sign up and receive a free copy of The Forrester WaveTM Service Desk Management Tools, Q2 2008 at the conclusion of the Webinar.
Attend and discover:
- How to deliver value to your business through ITSM
- Best practice ITSM implementation
- Why emphasis is changing from optimizing IT management processes to better servicing customers and demonstrating real dollar value
- If service-oriented ITSM is best for your business
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Viva la Verticals! Key to Vendor Growth is Through Vertical Market Opportunities, Says IDC 2008-09-05 11:05:00+10
F-Secure delivers fastest protection in the online world 2008-09-04 16:50:00+10
NETGEAR expands ProSafe team as business-class products take off in SME market 2008-09-04 16:27:00+10
Rogue security apps dominate Fortinet's Aug 2008 IT threat report 2008-09-04 16:00:00+10
Adaptec Intelligent Power Management Reduces Storage Power Consumption Up to 70 Percent 2008-09-04 11:28:00+10
Realizing the Value of Unified Communications
Discover how the integration of disparate technologies in your company can lead to greater user productivity, improved management, lower costs, higher efficiency, and easier risk mitigation.
