Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security and School - How Should One Speak Up?

Posted by Cliff on from the making-your-concerns-known dept.

AJ asks: "Well, in the midst of writing 1 of my 3 papers tonight, I realized how insecure my school's network is. It all started because I was upset about them changing from using my SSN to a proprietary number scheme for identifying students. I didn't think that was a bad thing, but I was wondering if they really were securing things. So, I needed a password to access a school resource from the internet. After a little of dabbling around, I found the place where I needed to enter my propriety school ID and password. As it turns out, the login form uses HTTP instead of HTTPS! Also, my school runs a wide-open wireless network that I always had considered a convenience, but now I am changing my passwords over that network! Oh, and that proprietary ID along with a password, lead right to a student summary page where my DOB, age, address and SSN are located. So Slashdot, what is a concerned student to do?" "I have made suggestions before with little results. Should I send an e-mail with an ultimatum. What should my after-ultimatum actions be. I was thinking that I could simply start to sniff passwords (18,000 students and quite a few use wireless) and then place them on my webpage at school. I wouldn't be so concerned, but this wireless problem, combined with a poor web design, has me freaked out. Has anyone dealt with this before?"

2 of 137 comments (clear)

  1. Re:failure by eizan · · Score: 1, Troll

    This has nothing to do with the above posting.

    I post here because of the importance of my message:

    DO NOT break security to prove its inefffectiveness. it is ILLEGAL and you will get into major trouble for it.

    Find ways to speak with the local sysadmin, show them how vulnerable they are-- most responsible ones will listen no matter who comes and tries to speak with them.

    But remember this: when dealing with somebody who might consider themselves an "adult" compared to you, approach with an air of maturity and try to reason with them, if anything, for the sole purpose of responsibility. If you believe in your ideals, don't give up, but NEVER resort to irresponsible behavior-- you will be doing more harm than good for both you and your classmates.

  2. Re:UM... by NateTech · · Score: 0, Troll

    A bubble sort in VB is a rite of passage to become a sysadmin? Holy shit... I never knew!

    Someone better take my admin privs on my machines away now.

    The last guy I knew who knew how to program a bubble sort in VB also had zero idea how his e-mail got to his machine or his network file systems worked.

    I guess he won't be vying for the prized sysadmin position (ha! Riiiight...) anytime soon...

    Oh yeah, I think he knew one Cisco IOS command too -- "help".

    --
    +++OK ATH