Slashdot Mirror

← Back to Stories (view on slashdot.org)

Generic Passwords Expose Student Data

Posted by ryuzaki0 on from the truly-a-learning-experience dept.

Makarand writes "The personal information of thousands of California children and their teachers was open to public view when the school districts issued a generic password to teachers using the system. Until the teacher used the system and changed the generic password to a unique password, anyone was able to type in a teacher's user name and generic password to gain access. Administrators shut down access to the service after a reporter phoned in to let them know that she had been able to access student information for all the children in two middle-school classes where the teachers had not yet changed their passwords." From the article: "'I'm fuming mad,' said Sarah Gadye, the San Francisco middle school teacher who discovered the problem Thursday -- three years after the district purchased the service for elementary and middle school teachers. 'My own child could go into this, figure it out and get all this data on all these students. It's mind-boggling.'"

13 of 251 comments (clear)

  1. Sigh by GoodOmens · · Score: 5, Funny

    I missed out on having the ability to hack my middle teachers computer's. All we had were apple IIe's and Oregon Trail (Which still rocks btw) :-(.

  2. My college did a similar thing by Idimmu+Xul · · Score: 3, Funny

    Only all the teachers passwords were blank, and they had superuser privaledges. I got in so much trouble for pointing that out :/

    --
    The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
  3. Re:1234 by Gr33nNight · · Score: 5, Funny

    Thats the same combination on my luggage!!

  4. Re:Don't Do It! Think Of The Fscking Children! by baryon351 · · Score: 2, Funny

    > Don't you believe for one MINUTE that we won't prosecute either.
    > Hell, we could just bypass the criminal justice system and sue
    > your precious little girl.

    could never happen!

  5. Integrity by Saeed+al-Sahaf · · Score: 2, Funny

    WHat you should be teaching your child is that when they get cought, they should simply tell whoever that they are doing "security testing". According to what I read at Slashdot, that makes it "OK".

    --
    "Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
  6. Re:That headline ticks me off by roman_mir · · Score: 2, Funny

    Pffft! You and your facts - how passe.

    --
    You can't handle the truth.
  7. Re:Not new to me... teachers discovered! by meringuoid · · Score: 3, Funny
    The irony is, we found out about a log file that logs every visited web page, +username. One of the unpopular teachers even revisited pages students had visited minutes ago just to look at what they were looking at, effectively spying on "our" privacy.

    You don't like them spying on you? Fine: throw some sand in their eyes.

    Doctor that file! Replace every occurrence of BoringEducationalSite.com with KinkyBondageSlutz.net and watch the fun begin!

    --
    Real Daleks don't climb stairs - they level the building.
  8. In other news... by artemis67 · · Score: 2, Funny

    The city of San Francisco is looking for a new IT Manager. Must be able to come up with more than one password. Passwords with numbers a plus. Job to be filled immediately.

  9. My company is just the opposite by Quiet_Desperation · · Score: 4, Funny
    My company requires new users to navigate the Labyrinth Of Despair, swing on burning ropes across the Chasms Of Molten Hate, do battle with a dozen skeleton warriors and all the while collecting obscure Myst-like clues in order to figure out the initial login password.

    And if you forget your password, you have to do it again.

    Blindfolded.

    A new college hire involved in a password change request.

    Some have suggested our IT folks have gone a bit too far. They claim not, but it's hard to argue with new account setup metrics of 14 dead, 39 severely wounded and 21 missing (presumed logged in).

  10. Old teachers... by vertinox · · Score: 2, Funny

    From the article: "'I'm fuming mad,' said Sarah Gadye, the San Francisco middle school teacher who discovered the problem Thursday -- three years after the district purchased the service for elementary and middle school teachers. 'My own child could go into this, figure it out and get all this data on all these students. It's mind-boggling.'"

    Just because you couldn't figure it out and your child could doens't mean you have to get pissy about it.

    --
    "I am the king of the Romans, and am superior to rules of grammar!"
    -Sigismund, Holy Roman Emperor (1368-1437)
  11. CPE-1704-TKS by RoverDaddy · · Score: 2, Funny

    was the launch code WOPR was searching for to fire off the nukes. Do I win the geek-of-the-year award now?

    --
    RETURN without GOSUB in line 1050
  12. Re:My university did similar. by Anonymous Coward · · Score: 1, Funny
    ...the modem pool, and the uni did nothing about it for the five years I was involved with them, from 1991 to 1995

    Must have been a great university. Especially if they managed to squeeze 5 years into 4!

  13. Re:1234 by qray · · Score: 2, Funny

    I was using that for the parental controls on my TiVo, till my six year old son figured it out.
    Fortunately he wasn't smart enough to keep quiet about it
    --
    Q