Slashdot Mirror

← Back to Stories (view on slashdot.org)

WiFi Exposes Sensitive Student Data

Posted by simoniker on from the a-great-thing-if-implemented-carefully dept.

cfarivar writes "'Like leaving a vault open, the Palo Alto Unified School District failed to place a number of highly sensitive computer files containing student information in a locked location on its network. Using a laptop with a wireless card outside the district's main office, the Palo Alto Weekly gained access to such data as grades, home phone numbers and addresses, emergency medical information complete with full-color photos of students and a psychological evaluation."

3 of 350 comments (clear)

  1. Excellent felony! by Geminus · · Score: 5, Interesting

    Hmmm... according to FCC article 15, this newspaper just openly and admittingly committed a felony. Just getting an IP address constitutes committing this felony, but to access files without the network owner's permission is a strict offense. If I'm not mistaken, didn't a San Diego security company get raided by the FBI for doing the same thing?

  2. Re:California's new notification provisions: July by mcdrewski42 · · Score: 5, Interesting

    Did the newspaper bypass security and illegally access copyrighted material?

    If so, didn't they violate the DMCA - no matter what their intent?

    After all, if the US constitutional right to 'fair use' is not a loophole, why would journalistic investigation be?

    --
    /* affect != effect */ void affect(int *thing,int effect) { *thing += effect; }
  3. Re:Security is still sub-par with wifi by willtsmith · · Score: 5, Interesting

    This is BS. Most organization don't have public ethernet jacks sitting curbside like a phone booth.

    The guys who designed WEP just plain fucked up. It was SUPPOSED to be an arduous task to break WEP keys. Instead it's an afternoon of number crunching.

    Beyond that, even if you DID jack in to an ethernet in a school system, you SHOULD NOT be able to access private information like grades and student records. The schools I've subbed at (unemployed programmer) have been pretty lax about securing their workstations but their GRADES etc... are secured on Novell servers.

    There is NO excuse for the failure of this school district. They are required by law to secure this information. They're lucky a hacker didn't get the info, they would have ended up with a SERIOUS law suit.

    PS. I'd bet you money that the paper was tipped off by a teacher who warned the school district ... BUT went unheeded. School districts don't listen to teachers. School administrators are mostly in a world of their own which mainly consists of saving their own asses by kissing the asses of parents (mainly the parents of noisy, disruptive, sociapathic kids (where do you think they get it from)).

    --
    -------- -------- Support Wesley Clark for president!!!