Church Elder/'Jeopardy' Champion Charged With Computer Crimes

Stephanie Jass, a record-setting, seven-time winner on Jeopardy, has been charged with two felonies for accessing the email accounts of two executives at the college where she worked as an assistant professor. An anonymous reader quotes MLive: Jass was able to access the accounts because of an April 24 issue with the college email system, hosted by Google. Frank Hribar, vice president for enrollment and student affairs, said there was network outage caused by loss of power. On April 25, users received a text message with a generic, standard passcode: "Please attempt to login to Gmail using this password. You should be prompted to change password after login..." Not everyone, however, was prompted to do so. Some did make the change using a tutorial. Some received an error and were unable to create a new password, the timeline states. Others did not alter the password at all. The method "worked just fine, had there not been manipulation of the system," said Hribar...

Jass, 47, of Tecumseh was charged in December with unauthorized access to a computer, program or network, and using a computer to commit a crime, both felonies... On May 5, the college deactivated Jass' email account and access to all other college software. The locks to her office door were changed and her desktop computer was confiscated, according to the timeline.
The police report "indicates Jass accessed emails while using an internet network at First Presbyterian Church of Tecumseh, where she served as an elder."

Clickbait headline

[mark-t]

The fact that this person was a former Jeopardy champion, or the fact that she may have been recognized as an elder of some church is entirely irrelevant except insomuch as it might make some people who wouldn't otherwise give two shits about what this person did to instead click on the link to read about it.

Re:Clickbait headline

"School employee accesses colleagues' emails without permission" doesn't sound as good.

Re:Clickbait headline

[arth1]

Christianity is still incredibly popular, so most people know what a church elder is and does.

And, as they all know, church elders are chosen by their community, in part, because of their solid moral values.

Um, no, I bet most people do not know this. Most christian varieties don't have elders, and while they may have heard the word, would have no way of knowing whether they were elected, appointed, graduated to being one, or just got old.

Don't presume that everybody else lives in your tiny world.

Re:power loss = reset passwords ????

Well look at the statement made after filling in the implied subject nouns left out:

The method to prevent manipulation of the system worked just fine, had there not been manipulation of the system, said Hribar...

With such logic, it doesn't surprise me a bit that a power loss results in reset passwords.
They probably print out all the students SSNs on papers that are put up on the walls for all to see every time it rains too, because why not?

Re:power loss = reset passwords ????

[Antique+Geekmeister]

I've encountered this in environments claiming PCI, HIPAA, and FIRPAA compliance. The IT person asked to clear up lost passwords, en masse, is specifically told by their manager to send clear text one-time passwords, and may be told not to expire them, and is even told by their manager to use the same password for all one-time users. Objections are overridden as "wasting people'e time" and "interfering with the business". The result is that there may be dozens of accounts in even a small business where low-use email accounts are accessible for forged access for indefinite periods.

Worked fine?!?

[SecurityGuy]

They set ALL the passwords to the same thing, then told EVERYBODY the password, and that meets their definition of "working fine"? That meets my definition of fundamentally broken.