Slashdot Mirror

← Back to Stories (view on slashdot.org)

Generic Passwords Expose Student Data

Posted by ryuzaki0 on from the truly-a-learning-experience dept.

Makarand writes "The personal information of thousands of California children and their teachers was open to public view when the school districts issued a generic password to teachers using the system. Until the teacher used the system and changed the generic password to a unique password, anyone was able to type in a teacher's user name and generic password to gain access. Administrators shut down access to the service after a reporter phoned in to let them know that she had been able to access student information for all the children in two middle-school classes where the teachers had not yet changed their passwords." From the article: "'I'm fuming mad,' said Sarah Gadye, the San Francisco middle school teacher who discovered the problem Thursday -- three years after the district purchased the service for elementary and middle school teachers. 'My own child could go into this, figure it out and get all this data on all these students. It's mind-boggling.'"

5 of 251 comments (clear)

  1. Sigh by GoodOmens · · Score: 5, Funny

    I missed out on having the ability to hack my middle teachers computer's. All we had were apple IIe's and Oregon Trail (Which still rocks btw) :-(.

  2. My college did a similar thing by Idimmu+Xul · · Score: 3, Funny

    Only all the teachers passwords were blank, and they had superuser privaledges. I got in so much trouble for pointing that out :/

    --
    The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
  3. Re:1234 by Gr33nNight · · Score: 5, Funny

    Thats the same combination on my luggage!!

  4. Re:Not new to me... teachers discovered! by meringuoid · · Score: 3, Funny
    The irony is, we found out about a log file that logs every visited web page, +username. One of the unpopular teachers even revisited pages students had visited minutes ago just to look at what they were looking at, effectively spying on "our" privacy.

    You don't like them spying on you? Fine: throw some sand in their eyes.

    Doctor that file! Replace every occurrence of BoringEducationalSite.com with KinkyBondageSlutz.net and watch the fun begin!

    --
    Real Daleks don't climb stairs - they level the building.
  5. My company is just the opposite by Quiet_Desperation · · Score: 4, Funny
    My company requires new users to navigate the Labyrinth Of Despair, swing on burning ropes across the Chasms Of Molten Hate, do battle with a dozen skeleton warriors and all the while collecting obscure Myst-like clues in order to figure out the initial login password.

    And if you forget your password, you have to do it again.

    Blindfolded.

    A new college hire involved in a password change request.

    Some have suggested our IT folks have gone a bit too far. They claim not, but it's hard to argue with new account setup metrics of 14 dead, 39 severely wounded and 21 missing (presumed logged in).