wtfwasithinking.org

its supposed to be ATTACHED to the snowblower…

this morning i was happy to discover that alphababy is still in development. as of this writing the latest release was in june ’08.

if you’ve got a mac and got kids or know someone who has a mac and has kids this program can be invaluable.

personally it has been a great app to keep my ittybittypretty from my apps or worse, crashing my powerbook when i had something important that i was in the middle of. (document, download, image edit, blog post, etc…) i highly recommend checking it out.

Pelter Station has produce a port style wine that i imagine will be do die for. the novelty sake of the bottle alone is worth the $25 price per bottle.

first i want a bottle. if i like it, which i’m thinking i will, i want two cases. (so it’ll last a good long time)

School breach left personnel files exposed

By DENNIS YUSKO, Staff writer
First published in print: Saturday, October 25, 2008

CLIFTON PARK — A Shenendehowa student who alerted his principal that he could steal private employee information now is facing felony charges.

The 15-year-old sophomore allegedly breached the district’s system while in computer simulation class and gained access to 250 names of past and present Shen transportation employees. He used his student password to view their Social Security numbers, driver’s license numbers and more, Shenendehowa officials said.

Then he allegedly sent an e-mail at 1 p.m. Tuesday to High School Principal Donald Flynt, saying he had the database.

Flynt contacted police, who arrested the young man Thursday and charged him with computer trespass, unlawful possession of personal identification information and identity theft, all felonies. He will appear before Saratoga County Family Court at a later date, State Police said Friday.

The incident occurred as the district upgraded its computer system with the help of outside vendors and others, Superintendent L. Oliver Robinson said.

Officials said anyone with a district password — thousands of people including students, faculty and other employees — could have gotten access to the faulty file. But, Robinson said, getting to it would have required exploration and some computer savvy.

“His genius was used in the wrong way,” Robinson said.

The transportation employee file was the only one compromised, according to the district. It remained open for “a week or two” and was fixed this week, school spokeswoman Kelly DeFeciani said.

Robinson refused to place blame for the blunder.

“It’s more what keystroke was missed, not who missed the keystroke,” Robinson said. “One slipped through the cracks.”

It left the school trying to calm hundreds of jittery employees who allegedly had their identities and private information exposed. The district held a meeting Wednesday with all of its bus drivers and transportation workers to detail what happened and to provide information on how to protect their identity and credit information, she said. It also is sending similar information in letters to anyone put at risk.

The Civil Service Employee Union, which represents transportation employees in the district, said it was concerned.

“I think it’s fair to say that protection of employees’ personal information will be a topic at an upcoming labor-management meeting,” said Therese Assalian, spokeswoman for the union’s local chapter.

The student charged has a history of computer mischief but likely was not interested in stealing personal information, DeFeciani said, citing what investigators told her.

“It was more like ‘Look at what I can do,’” she said.

Investigators originally believed two students were involved in the alleged intrusion, but police determined the student arrested used two passwords, State Trooper Maureen Tuffey said.

The student has been suspended for five days and could face further punishment pending a superintendent hearing. His juvenile status likely would prevent him from serving time in jail if convicted, Tuffey said.

Dennis Yusko can be reached at 454-5353 or by e-mail at dyusko@timesunion.com.

My E-Mail to Mr. Yusko:

Dear Mr. Yusko,

Has anyone bothered to check with the server admins? Someone other than the school staff? According to your article the students used their own student login/password to access the sensitive information. This would be a bigger indication that the shares permissions were set up wrong.

The 15-year-old sophomore allegedly breached the district’s system while in computer simulation class and gained access to 250 names of past and present Shen transportation employees. He used his student password to view their Social Security numbers, driver’s license numbers and more, Shenendehowa officials said.

There are several Very Important factors that need to be looked at before this kid is thrown into jail.

What was the Operating System used for sharing out the files over the network?

If it was Windows Server, then the file permissions structure is capable of applying ‘groups’ to share data in order to keep people from accessing it who are not supposed to. IF these permissions were applied correctly, the student would NOT have been able to access the sensitive data.

What access limits are placed on students vs. teachers?

Simply put someone with a security clearance of ‘Secret’ should not be able to access data marked as ‘Top Secret’, but a person with ‘Top Secret’ clearance should be able to see all data marked as ‘Secret’. In the education realm, Students should not be able to access Staff data but Staff should be able to see Student data.

Did he go to the principal first? or keep any of the information?

If he found the share, didn’t keep/copy any of the data and told the principal, then the principal is guilty of computer neglegence and has wrongly accoused the student. (which happens all TOO often)

If the student copied the sensitive data for his own nefarious needs (identity theft, credit card fraud, whatever…) then fine, try him and convict him.

I realize that taking out my frustration in this e-mail would be shooting the messenger. You are a reporter and are doing your job. If you could though, suggest the points that I listed above to the students defense attorney. Unfortunately with the amount of computer ignorance still being as high as it is, the student is going to have a rough time with this.

Anyone who takes their anger on this issue out on you has directed it at the wrong person, of which I’m sure you’ll get at least a couple as that’s how people seem to work now a days. If there is a follow up to this story, if you could please e-mail the link it would be greatly appreciated.

My IT experience: I’m on the Account Admin and Share Access admin team for GE Schenectady.

Original Link: http://timesunion.com/AspStories/story.asp?storyID=732745