Wednesday, June 29, 2005

Berks-Mont Newspapers - Kutztown Area Patriot - 06/23/2005 - 13 teens face felonies: "06/23/2005
13 teens face felonies
By: Dan Roman

Thirteen Kutztown Area High School students are facing felony charges for tampering with district-issued laptop computers.

According to parent testimony and confirmed by an otherwise vaguely-worded letter from the Kutztown Police Department, students got hold of the system's secret administrative password and reconfigured their computers to achieve greater Internet and network access.

Some students used the newfound freedom to download music and inappropriate images from the Internet.

(Via BoingBoing .)

Okay once again people are getting out of control with punishing for security violations.

I would like to first point out that "50Trexler" is a horrid password. No special characters and it is more than likely someone's last name. So the school administration's is already weak before we look at the student's poor behavior. The student's took advantage of their administration falling down on the job - no one was obviously looking at access logs, auditing the computers, or even tracking administration access over the whole year. I notice if someone new has attempted access on my network daily. Handing a tool to someone and then not teaching or monitoring the usage of the tool gurantees that the user will figure out other ways to "play" with the tool.

I am not defending the student's behavior. Was the student behavior right? No! Is it a felony? Well let RIAA decide that one - they like to prosecute old ladies and children. It's like having a substitute teacher in the classroom - you know to a certain degree things are going to fall apart - we all look for human weakness and try to use it to our advantage - high school students do this on a daily basis.

As a security auditor I notice regulary that even if you hand someone a written policy you are never guranteed compliance. However, if you demostrate to the user that there are reasons for the policy and that you are going to monitor their usage regulary - you have a smaller percentage of people abusing the policy. In my eyes the school dropped the ball - the students picked it up and played a game or two. The administration should have stopped the behavior at the first instance and enforced the violation with a solid slap on the wrist - jail might be a bit extreme. Even RIAA just tries to make you pay for violations - helps float the music companies that were robbed at gun point.


Ponce DeLeon said...

How about "honkysmack" as a password? There are no special characters, but it does have more than one meaning. Does that count as a complex password?

Justin said...

Hi. Great site you've got here. I'm always on the look out for fly fishing info and sites to use and recommend and I have to say that yours is one of the better ones. Out of time, I'll post again soon.