Slashdot Mirror

← Back to Stories (view on slashdot.org)

Generic Passwords Expose Student Data

Posted by ryuzaki0 on from the truly-a-learning-experience dept.

Makarand writes "The personal information of thousands of California children and their teachers was open to public view when the school districts issued a generic password to teachers using the system. Until the teacher used the system and changed the generic password to a unique password, anyone was able to type in a teacher's user name and generic password to gain access. Administrators shut down access to the service after a reporter phoned in to let them know that she had been able to access student information for all the children in two middle-school classes where the teachers had not yet changed their passwords." From the article: "'I'm fuming mad,' said Sarah Gadye, the San Francisco middle school teacher who discovered the problem Thursday -- three years after the district purchased the service for elementary and middle school teachers. 'My own child could go into this, figure it out and get all this data on all these students. It's mind-boggling.'"

5 of 251 comments (clear)

  1. That headline ticks me off by DeadVulcan · · Score: 5, Insightful

    I have a bit of a bone to pick with that headline... it's not a "software glitch." The software was probably working exactly as it was intended to.

    The problem was the process by which passwords were being assigned.

    --
    Accountability on the heads of the powerful.
    Power in the hands of the accountable.
  2. Integrity by lorcha · · Score: 4, Insightful
    'My own child could go into this, figure it out and get all this data on all these students. It's mind-boggling.'
    That's why you teach your child this thing called "integrity". Never mind that your child could do. There are lots of things your child could do, but should not do. One of your jobs as a parent is teach your child the difference.
    --
    "Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
  3. With the clueless mentality of today's schools... by RoadWarriorX · · Score: 4, Insightful

    I am suprised that the reporter was not arrested for "hacking" the system. If it was a student who did this, I think that he or she would have been expelled from school, arrested, and hauled off to jail.

    You'll never know, that still might happen...

    --

    Coderz 4 Life
  4. Re:My college did a similar thing by ScrewMaster · · Score: 4, Insightful

    Yes ... human history is chock full of headless Good Samaritans.

    Sometimes it pays to simply keep your mouth shut and let the people who are paid to deal with it do their jobs. Or not, but the U.S. is not a particularly friendly place for unauthorized people that report security problems.

    If I noticed a serious security breach on a system or server somewhere, no way I'd point it out unless I happened to know the administrator personally, and knew that that person wouldn't immediately turn around and report me as an "evil hacker" to the FBI. I've read of too many cases where someone who was only trying to help got reamed.

    It's funny, some States have Good Samaritan laws where you can be held liable for refusing to help someone in dire circumstances (car accident victim, etc.) but the law works pretty much the other way when it comes to computer security.

    So forget it. Let everybody secure their own networks. Or not. But in either case it's not my problem.

    --
    The higher the technology, the sharper that two-edged sword.
  5. Re:Not new to me... teachers discovered! by Anonymous Coward · · Score: 3, Insightful
    It is not as if I had ever visited pornographic content. It just makes me feel uncomfortable knowing that "they" know what I surfed at.

    It's "their" system, why shouldn't "they" know?