WiFi Exposes Sensitive Student Data
cfarivar writes "'Like leaving a vault open, the Palo Alto Unified School District failed to place a number of highly sensitive computer files containing student information in a locked location on its network. Using a laptop with a wireless card outside the district's main office, the Palo Alto Weekly gained access to such data as grades, home phone numbers and addresses, emergency medical information complete with full-color photos of students and a psychological evaluation."
I guess Match.com and Yahoo Personals will have plenty of photos of young nubile girls to fill the fake ads on their service with.
The district has known about some aspects of this vulnerability for nearly nine months, but failed to take action until the Weekly informed officials of the situation late last week -- a somewhat ironic development given the school board's recent adoption of a technology-use policy.
Well when it comes to information security on Palo Alto networks, they get a big F. Fortunately, a low-level net admin was able to change the grade to an A.
--"The perfect example of the man of action is the suicide." - William Carlos Williams
I wish my old high school would've had something like that happen to them. I WANT TO SEE MY PSYCHOLOGICAL EVALUATION!
Trent Polack
www.polycat.net
What do you mean fake? I met my Thai love slave on Yahoo Personals. How much more real could you get?
Those who can set up networks, do.
Those who can't, do it anyway.
It takes 3 seconds to set up an access point and about 2 minutes to set it up and secure it. Even my neighbor (who apparently has wi-fi going on I see) was smart enough to secure their network (so much for the extra bandwidth for those huge game demo downloads, while I play online with no latency or packetloss!)
I'm your Thai love slave.
I'm a 46 year old white dude. I weigh in at 332 lbs, and I sell pig manure to soy bean farmers for a living.
The REAL jabber has the user id: 13196
What you do today will cost you a day of your life
The theory is that WEP, although a fairly weak cypher, provides the same level of privacy as unencrypted wired Ethernet. That is, breaking WEP is judged to be approximately as difficult as finding somewhere to jack into a wired Ethernet (i.e. not very).
Yeah, I'm sure they made it weak on purpose... They were all set to publish a stronger algorithm, but then someone said "Hey! This isn't wired *equivalent*, this superior to unencrypted Ethernet."
Unfortunately by that point they were already set on the name. [It was already in all the marketing materials and WEP just has a better ring to it than BWP (Better than Wired Privacy).] So the only solution was to introduce an arcane security flaw.
Yeah, that's so much more plausible than "They fucked up!"
-a