WiFi Exposes Sensitive Student Data

cfarivar writes "'Like leaving a vault open, the Palo Alto Unified School District failed to place a number of highly sensitive computer files containing student information in a locked location on its network. Using a laptop with a wireless card outside the district's main office, the Palo Alto Weekly gained access to such data as grades, home phone numbers and addresses, emergency medical information complete with full-color photos of students and a psychological evaluation."

California's new notification provisions: July 1

[NumberField]

They just squeaked by on the calendar. Under the new California Law that goes into effect on July 1, they would have to notify each of the potentially-affected students after a breach like this.

Should be fascinating to see how people react as they start to find out how often security problems actually occur...

Re:Security is still sub-par with wifi

[bobthemonkey13]

The key to understanding WEP is the phrase "Wired Equivalency". The theory is that WEP, although a fairly weak cypher, provides the same level of privacy as unencrypted wired Ethernet. That is, breaking WEP is judged to be approximately as difficult as finding somewhere to jack into a wired Ethernet (i.e. not very). WEP never was intended to take the place of encryption systems such as SSL and IPSec that are conventionally used to secure connections over wired networks. Rather, it brings WiFi security to the level of security inherent in wired Ethernet. Thus, WiFi using WEP is insecure only because of the way it is marketed: users see it as a catch-all encryption system, rather than a replacement for the (fairly weak) security inherent to wired Ethernet's physical-access requirement.