Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
In 2005, I attended a public gifted school. The school's computer admin decided we needed an update in the software used to select our classes, so he created a simple program where you type in your Social Security number as the password, then select the classes.
Well, some friends and I got curious one day and decided to look into the folder where the software was, and voila - we found the Public folder. It didn't contain much, but we located a simple .txt file that contained an alphabetical list of names and Social Security numbers. We decided to take this file, so we could have some fun with some of our more paranoid friends by walking up and greeting them as "Number ...."
Word quickly got out. Rumors spread that we had obtained a bar-code scanner and had used it to scan student IDs when the students weren't looking. Some even suggested we hacked the server. Eventually, school administrators found out who had copies of the file and started to threaten expulsion.
We all came clean. We even showed them how we did it. Some people were amused but others weren't. Some students demanded we be sent to the local court for a "hearing," which was actually more of a scare tactic than anything else. In this hearing, the judge told us, "With great power comes great responsibility." Having seen "Spider-Man" plenty of times, we could barely hold back a chuckle, which I'm sure did not help our case.
Nobody seemed to care that a simple fix could have kept the file hidden. The program was designed to match a name with a number, and we happened to find the list of answers. We were punished for exploiting a vulnerability that shouldn't have existed in the first place.
There was no punishment for the IT guy, though. He just made sure to put the information in a secure admin-accessible-only folder. (We went back to double-check to make sure he hid them.) Parents and outsiders never found out, and it was never released in the school news that there was any fumble at all. After the commotion died down, people just forgot. The couple of students involved demanded tighter security to one of the other admins (the guy who manages hardware).
To this day, a modified list of Social Security numbers is still floating around (my friends' numbers removed). I doubt any real harm will result, but there's no question that the situation is not ideal. Future students who decide to play with this information may not be as harmless as we were.
(In the state of Louisiana, where the school is, all of our college financial aid information -- SSN, address, name, and so forth -- is kept on computers in various universities. With Katrina, a lot of schools got hit hard, and some information was at risk of being lost. A company was recently hired to store the information as a backup just in case of another major hurricane. Last year, that company lost the information -- the encrypted drives went missing while being transported, I believe. We are not a state known for safeguarding sensitive information for students!)
Computerworld Member Login
Prioritizing Services with IT Service Management (ITSM)
Computerworld Live Webinar
Wednesday 20th, August 2008
11:00am EST (Sydney, Australia)
To be repeated on:
Thursday 4th, September 2008
11:00am EST (Sydney Australia)
Sign up and receive a free copy of The Forrester WaveTM Service Desk Management Tools, Q2 2008 at the conclusion of the Webinar.
Attend and discover:
- How to deliver value to your business through ITSM
- Best practice ITSM implementation
- Why emphasis is changing from optimizing IT management processes to better servicing customers and demonstrating real dollar value
- If service-oriented ITSM is best for your business
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Tumbleweed appoints O2 Networks to its Australian Channel Partner Program 2008-08-29 12:31:00+10
HP ProCurve Brings Big Business Gigabit Switching Features to Small Businesses 2008-08-29 12:00:00+10
Nortel and LG Electronics are First in World to Demonstrate Mobile LTE Handover 2008-08-29 11:30:00+10
GlobalConnect Provides Treatment for Healthcare Provider’s Contact Support Requirements 2008-08-29 09:59:00+10
Sybase and Logica Partner To Mobilise The Supply Chain 2008-08-29 09:47:00+10
Market Trends: Multienterprise/B2B Infrastructure Market | Worldwide | 2008
Garner says global 2000 companies will double their multi-enterprise traffic in the next 5 years. Discover the key technology and business drivers that will enable this.
