In 2005, I attended a public gifted school. The school's computer admin decided we needed an update in the software used to select our classes, so he created a simple program where you type in your Social Security number as the password, then select the classes.
Well, some friends and I got curious one day and decided to look into the folder where the software was, and voila - we found the Public folder. It didn't contain much, but we located a simple .txt file that contained an alphabetical list of names and Social Security numbers. We decided to take this file, so we could have some fun with some of our more paranoid friends by walking up and greeting them as "Number ...."
Word quickly got out. Rumors spread that we had obtained a bar-code scanner and had used it to scan student IDs when the students weren't looking. Some even suggested we hacked the server. Eventually, school administrators found out who had copies of the file and started to threaten expulsion.
We all came clean. We even showed them how we did it. Some people were amused but others weren't. Some students demanded we be sent to the local court for a "hearing," which was actually more of a scare tactic than anything else. In this hearing, the judge told us, "With great power comes great responsibility." Having seen "Spider-Man" plenty of times, we could barely hold back a chuckle, which I'm sure did not help our case.
Nobody seemed to care that a simple fix could have kept the file hidden. The program was designed to match a name with a number, and we happened to find the list of answers. We were punished for exploiting a vulnerability that shouldn't have existed in the first place.
There was no punishment for the IT guy, though. He just made sure to put the information in a secure admin-accessible-only folder. (We went back to double-check to make sure he hid them.) Parents and outsiders never found out, and it was never released in the school news that there was any fumble at all. After the commotion died down, people just forgot. The couple of students involved demanded tighter security to one of the other admins (the guy who manages hardware).
To this day, a modified list of Social Security numbers is still floating around (my friends' numbers removed). I doubt any real harm will result, but there's no question that the situation is not ideal. Future students who decide to play with this information may not be as harmless as we were.
(In the state of Louisiana, where the school is, all of our college financial aid information -- SSN, address, name, and so forth -- is kept on computers in various universities. With Katrina, a lot of schools got hit hard, and some information was at risk of being lost. A company was recently hired to store the information as a backup just in case of another major hurricane. Last year, that company lost the information -- the encrypted drives went missing while being transported, I believe. We are not a state known for safeguarding sensitive information for students!)
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Controlling storage costs with Oracle database 11g
IT Service Management Needs and Adoption Trends: An Analysis of a Global Survey of IT Executives
How to improve employee productivity in small and medium businesses
Look before you leap | Key considerations for moving to 802.11n
The state of Middleware
Making the Business Case for IT Consolidation
The Case for an Untethered Enterprise
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
FrontRange Solutions launches HEAT Plus Mobile to reduce help desk costs and improve service management productivity 2008-12-02 15:15:00+11
AARNet Helps to Advance Indigenous Health 2008-12-02 12:44:00+11
Orbis selects Telstra International as its data centre partner for the UK, Europe and Middle East Region 2008-12-02 11:23:00+11
ComOps Deploys Corporate Performance Reporting Solution For Healthcare Test Manufacturer 2008-12-02 10:09:00+11
Mornington Peninsula Shire implements Objective to manage knowledge and deliver service excellence 2008-12-02 09:56:00+11
Business Intelligence and Enterprise Performance Management: Trends for Emerging Businesses
Hyperion surveyed 163 companies to understand BI and EPM requirements, evaluation processes, and extent of adoption. Top areas of current and future investment for emerging businesses include budgeting and planning as well as management reporting solutions. Read on to discover more.
Buying Guides
Latest Products
