Kutztown Students get Felony Charges 825
gone6713 writes "The 13 students from Pennsylvania who were accused of hacking the iBooks provided to them by the school (Slashdot had a previous story on them back in June) have offically been charged. It seems that the admin passwords were taped to the back of the iBooks!"
Human error (Score:5, Insightful)
You know, I'm really not surprised to hear this. Despite all the precautions companies/ institutions take, it's typically human negligence or social engineering that leads to many compromises. While doing a spot check of security at work, I was surprised to find many employees had taped their passwords to the bottom of their keyboard or mouse.
Rule#1 make sure your users (employees, admins, etc) understand the importance of confidentiality.
Re:Human error (Score:5, Insightful)
Forcing people to have different passwords for different systems that change on different timetables is just asking for them to break Rule #1.
Re:Human error (Score:4, Insightful)
I have to change my passwprd once a month and I always write down a password hint
So if my password was 'omg_this_is_hard_password!' i would write down 'you will never guess this months password, it's hard!' and that would be enough for me to remember
Re:Human error (Score:3, Informative)
But what would you write down if it were "k%XFl3n]" or something equally impossible to remember? Sometimes they're machine-generated and you don't get a choice...
Re:Human error (Score:4, Interesting)
Things like that make it just as hard for someone to crack, but easier (for me at least) to remember
Re:Human error (Score:3, Informative)
There were times I had not accessed a system for over 30 days and then when I need to get in the account was locked.
If you have only one account, no big deal but it is overwhelming when you a number of accounts and you cannot keep up.
Re:Human error (Score:3, Interesting)
Computers are much better at remembering stuff like passwords than most of us. Let the computer remember all your passwords in an encrypted password file. Then all you have to remember the ONE very good password that unlocks that file. Macs come with a nifty thing called keychain, where all password are stored. Many Internet sites and other servers get the password from the keychain automatically if it is already unlocked. The default i
Re:Human error (Score:5, Interesting)
Because no one ever suggested otherwise!
Seriously, the biggest part of "having a sane password police" is to TEACH THE USERS BEST PRACTICES.
Everywhere I've worked, and I've worked at a lot of places since I've been contracting since the early days of the internet bubble, there has been zero user education about passwords.
Typically the IT department comes up with some rules and they think their responsibility stops there. Since they never bother to teach their users the best way to follow the password rules, it is no surprise that the users come up with all kinds of cockamamie schemes.
These people aren't computer security experts, they are just regular schmoes who want to get their work done wit h the last amount of hassle. They've never had to think deeply about password security, so of course most of them never will on their own. They will take the path of least resistance to getting their work done and writing their password down in an easy to find place is very low resistance.
Teaching them smart and effective password techniques is one of the surest ways to improve security that there is.
Re:Human error (Score:3, Funny)
You think you have it bad?!
I have to piss into a cup and pour it into a biometric reader next to my thin-client to get access in the morning. Sometimes if I splash too much, I end up spreading pee germs all over the keyboard - and all the other hardware in the office. I think it's all just a scam by my employer to gather plentiful urine for operating the urine batteries they're sure to start including in their bulky laptops.
Too bad they didn't use sperm biometric tes
Additionally (Score:2)
This policy stipulated that passwords were only to be changed by the MIS department, and that all password requests must go through them. I have no idea what the writer (probably a second-rate lawyer) was thinking here
Re:Additionally (Score:3, Informative)
Under most circumstances that is actually a very wise policy. Many products, MS Windows Terminal Services among others, do not allow the admin to access the user account without his password. That is you can get at the files but not actually log-in as that user to diagnose problems. Some other products require out-of warranty service depot excercise to reset their passwor
Re:Additionally (Score:3, Insightful)
If software requires that the admin knows the user's password to do basic administration, then you need to consider alternative technologies.
Re:Additionally (Score:3, Interesting)
I can see both sides of this issue.
The reason Windows doesn't allow superusers to su to other accounts without their password is for accountability. It's a lot harder to notice a rogue admin reading and modifying files of execs when he/she can do it without knowing their password.
There are ways around the restriction in terms of necessary administration. If someone is
Re:Additionally (Score:3, Insightful)
The only thing it achieves is to make pointy-haired cretin bosses warm and fuzzy and the admin's life miserable. Keyloggers, fancy stealth rootkits etc etc. If a competent admin goes "rouge" watch out. Windows is a system by idiots for idiots
Re:Additionally (Score:3, Interesting)
Re:Additionally (Score:3, Insightful)
Not the mention, the more inconvenient it is for a user to change his/her password, the less likely it is that s/he will do it.
Re:Human error (Score:5, Informative)
The kids are protesting and even selling T-shirts.
A *felony* for something that, for any non-police-state-oriented mind, should result in reduced computer privileges? Outrageous.
Re:Human error (Score:5, Interesting)
Re:Human error (Score:5, Interesting)
Something nearly the same happened when I was contracting for high schools. The DOS machines they used (this was a few years ago) could have been configured to start students into a menu system that was uninterruptable (i.e. turn machine on, get menu of available applications, no alternatives, no way to break out of the menu structure).
Instead, they wanted me to use the AUTOEXEC.BAT batch file to launch the menu system rather than a menuing application started directly on bootup. Why? So that they could watch and see who hit CTRL-C at boot to exit the batch file. Those students were then expelled for "hacking" (even though these machines weren't on a network at all, this was ca. 1992) and they lost their computer priveleges at the high school for the rest of their high school career.
Why? That's a question that was never satisfactorily answered to me. I can tell you that the answer was something along the lines of what I mentioned in my previous post: such students were basically believed to be "too big for their own britches" and it was thus basically one more way to find a few more kids with "no respect for authority" and push them out of the system.
While I was still contracting there, I saw two kids expelled for hitting CTRL-C to dump to DOS and explore the C: drive. Both ended up enrolling at a local private high school, to my knowledge.
Re:Human error (Score:5, Insightful)
When I was 11 or 12, in public school, we got computers (TRS-80 CoCo's, which dates me I guess). The first day we had them, the teacher told us to turn them on, then don't touch anything until she told us to...
Well, I turned mine on, and the monitor just showed a black picture. So I turned up the brightness (it was down all the way), and fixed it. It never occurred to me that "don't touch anything" included the brightness control; I'd had one of those on my TV for as long as I could remember. I thought she meant "don't type anything"...
So I got suspended from school for a week. For turning up the brightness. Looking back on it now, I can see that I deserved *something* for disobeying a direct order... detention perhaps, or losing computer privileges for a week...
Of course, back then I thought of being suspended as a great vacation. I got to stay home and play with my computer (Atari 400, which I liked better than the CoCo anyway).
The thing was, when the teacher saw me tweak that knob, the expression on her face was one of *terror*. Not surprise, or anger... Utter, abject fear. I can only assume it was the machines she was afraid of, not me (I was big for my age, but not known for beating people up, especially not teachers).
Then and now, the teachers and administrators probably resent having to have the computers at all. They don't understand computers (well, OK, most people don't), but they *do* understand that the kids know more about computers than they ever will, which makes the adults feel like they're not in control. The type of person who becomes a school administrator is the type who hates being out of control, so they use (or abuse) their authority to make sure the kids are too terrified to step out of line.
Not too long ago, I did a contract job for a school system, setting up routers and proxy (censoring) software. One day the boss (former English teacher who was put in charge of the school's IT dept) asked me what I was doing, so I told her. I don't remember exactly what I said, but it was probably something like "I'm installing Apache so you can use this CGI script to configure your whitelist and blacklist for the squid proxy". Her response was, "Don't use all those technical terms with me! How would you like it if I used educational jargon when talking to you?"
It almost made me crack up laughing... but she was dead serious. So I calmed myself, and I told her (and not in a smart-assed way either): "Well, if you used words I didn't understand, I'd ask you to explain them. You're a teacher, so you're probably pretty good at that. I was trying to communicate with you, not confuse you, so tell me what I said that you didn't understand, and I'll try to explain it."
She got *pissed*. I mean red-faced, white-knuckled, and shaking. She stormed off...
A week later my company was officially fired from that contract (possibly *only* because of that incident, but probably not: we were behind schedule, partly because we kept having explain basic networking concepts to the school's IT employees, who were supposed to be supervising us). Since then, I've avoided public schools like the plague, and been happier for it. If I ever have kids, there's no way I'd send them to a school where people like that English teacher have authority over them.
If these "hackers" were my kids, I wouldn't punish them, but I would take them aside and explain that the mundanes are terrified of them, and ask them to hide their brains when in such company. I'd tell 'em not to worry, the cream always rises to the top... I'd also send 'em to a good private school, even if it meant a second or third mortgage on the house.
Re:Human error (Score:4, Insightful)
She obviously had some sort of control issue.
Re: (Score:3, Insightful)
Looking back on it....I can see that I deserved... (Score:5, Insightful)
Looking back on it now, I can see that I deserved *something* for disobeying a direct order... detention perhaps, or losing computer privileges for a week...
No. You deserved no punishment whatsoever for turning up the brightness on a monitor that had the brightness all the way down. Making that sort of adjustment is common sense.
In fact, anyone who would suggest that displaying common sense is a crime, or that military-type jargon such as "disobeying a direct order" is something that we should be using to educate school children, is not thinking correctly.
In fact, the whole idea that public schools should be run like a semi boot-camp type environment, with "direct orders" and "zero tolerance policies" and a complete and utter disdain for individual creative thinking, is just plain wrong.
I was in the military for many years, and I know exactly what military-style training can and can't achieve. It's excellent for turning out people who will do things EXACTLY as ordered, and PRECISELY according to a pre-determined plan. It's really not that great at teaching creative thinking, or instilling a system of personal ethics that aren't imposed by an outside authority. It's great for cranking out infantrymen, and pretty darn awfull for instilling any sort of American democratic and egalitarian ideals.
Heck, if the teacher in charge of that class had bothered to do her jo, and pre-check each machine and each monitor before class to ensure that the basic settings were correct, then the problem wouldn't have arisen in the first place. Oh, but wait, that would require people in positions of petty authority to take RESPONSIBILITY for their own actions.... definatelly a part of the military tradition that school authorities would want to run from like the plague ;) I mean, making KIDS be responsible for their actions is cool, but actually holding teachers and administrators to the same standard? Heh.. it'll never happen.
Re:Human error (Score:3, Insightful)
But of course if a bunch of your son's friends wants, as a game, to find out if any cars in the lot are unlocked, your son, being smart, will find an excuse to stay away from that activity.
Re:Human error (Score:3, Insightful)
"testing" for troublemakers.... (Score:3, Interesting)
If there really is a "hidden agenda" of fishing for "troublemakers", that's a very poor way to accomplish anything. I mean, hey, why not issue knives to every incoming student too and just sit back and wait to see who starts stabbing people?
And anyway, historically speaking, the tinkerers/experime
Re:Human error (Score:3, Insightful)
Um, so, issuing a kid free computer hardware as part of their education, telling them not to screw it up (and not to risk infecting the network that that their fellow students and staff rely upon), and then, when the kids explicitly do exactly the thing they know they're not supposed to, getting them in trouble for that... that's "pushing them around?"
How is that different than the kid taking high school driver's ed deciding he's
Re:Human error (Score:3, Insightful)
Re:Human error (Score:3, Insightful)
Re:Human error (Score:3, Informative)
They were iBooks, presumably running OS X (the link is slashdotted). Good luck getting an infection that screws up the network. If they were running 9 then the risk is even lower.
I work in a mixed facilty (PCs, macs, linux, suns) with thousands of people and computers. Most users can pick their own. When there's a new P
Re:Human error (Score:5, Interesting)
http://www.cutusabreak.org/Pages/policeletter.htm
Hmmmm can just see the police switchboard getting slashdotted now!
Re:Human error (Score:5, Informative)
"In addition, they're accused of using hacking tools to find the new admin password when it was changed from the password that was taped on the back of the machines."
That's quite a 'hack'.... (Score:5, Funny)
Re:That's quite a 'hack'.... (Score:5, Funny)
Stimpy: "What does it do?"
Ren: "That's just it. No one knows! Maaaaaaaaaybe something good. Maaaaaaaaybe something bad. But we'll never know. Cuz you're going to guard it. You won't let anyone touch it, will you?!"
Re:the button... (Score:5, Funny)
Can he resist the temptation to push the button that, even now, beckons him even closer? Will he succumb to the maddening urge to eradicate history? At the MERE...PUSH...of a SINGLE...BUTTON! The beeyootiful SHINY button! The jolly CANDY-LIKE button! Will he hold out, folks? CAN he hold out?
Taped? (Score:5, Insightful)
Re:Taped? (Score:3, Insightful)
Re:Taped? (Score:4, Interesting)
Re:Taped? (Score:4, Insightful)
In civilised countries kids who use a password TAPED to the computer have their computer privleges revoked, a lecture, and a meeting with their parents and the administration. They are NOT turned over to the police. In civilised countries the authorities know that children, even older teenagers, sometimes do stupid things and need more help and guidance than adults. When children screw up treating them as criminials just makes it more likely that they will become criminials.
Many countries have (even some states in the USA) have programs for first time offenders that diverts them from the normal criminal law courts. The diversion usually involves an apology, restitution, and community work. 90% of first time offenders that are diverted this way never commit another crime.
USA highschools, as reported in the media, are the most screwed up institutions on the planet. Scholastic achievment is punished, sports achievement is lauded, minor incidents are harshly punished. It is like some twisted Kaffkaesque prision.
Re:Taped? (Score:3, Insightful)
Not sure if it would be making better criminals, but someone needs to explain to these kids about booting in target disc mode. Get a firewire HD shell, preferably a laptop size, a HD, and a copy of Panther of ebay for $30. Then, when they want to do their evil and nefarious iChatting, they can simply reboot off the external HD. Circumvents everything, lets the kids explore (while not at school), and the school should be none the wiser for it.
For about free, they could use an ubuntu live cd. Either way
Re:Taped? (Score:5, Interesting)
Do the student's bear some of the responsability. Yes. It would assinine to say that they didn't. However, the school system should have taken the computer's security more seriously, and should have used stronger passwords, and should not have put them on the computers. When the problem was discovered, the school should have taken steps to provide new passwords, which are stronger and not publicly known. For students that had been disciplined for misbehaving on the computers, a more proactive steps should have been taken to make sure that future violations would be adverted.
The other question that I have, is what education about the use of computers was implemented? Was there an AUP? And did the students understand what the implications of using the computers in that manner would mean. Second question, did the student's parents know that they were being interrogated under the threat of prosecution? If the parents of the children were not present or given the opportunity to be present and if the children were not given their rights, then any evidence collected would be inadmissable in court. The third question, is what point would prosecuting these children accomplish?
Re:Taped? (Score:5, Interesting)
attractive nuisance doctrine
There is normally no particular care required of property owners to safeguard trespassers from harm, but an attractive nuisance is an exception. An attractive nuisance is any inherently hazardous object or condition of property that can be expected to attract children to investigate or play (for example, construction sites and discarded large appliances). The doctrine imposes upon the property owner either the duty to take precautions that are reasonable in light of the normal behavior of young children--a much higher degree of care than required toward adults--or the same care as that owed to "invitees"--a higher standard than required toward uninvited, casual visitors (licensees).
http://insurance.cch.com/rupps/attractive-nuisanc
By taping the passwords to the backs of the machines, the school system had created an attractive nuisance, especially considering the "behaviour of normal children". This was like installing a pool, placing a sign saying "Don't Swim", REFUSING to put up a fence, and then disclaiming all responsibility when someone drowns (violates policy).
The school administration in this case is a fucking waste of oxygen.
--
BMO
Re:Taped? (Score:2, Insightful)
Re:Taped? (Score:2)
retardville (Score:2, Insightful)
Re:retardville (Score:3, Interesting)
No, but if you leave the keys to your car in the ignition and it gets stolen. Its no longer Grand Theft Auto. Its just Theft. Amazingly the legal system is smart enough to realise that you are partly at fault for your car being stolen since you left the keys in it. What a conecpt. Accountability.
This is the same thing as writing the admin password on the bottom of the laptop.
The school officials should
Password security (Score:5, Funny)
Re:Password security (Score:5, Interesting)
Our IT department just implemented this 30 day policy on all of the IT services. Unfortunately they don't have a shared password system so each of the 10 applications I need to do my job have different passwords. And of course these passwords all expire at different times.
I never used to have to write down my passwords. I had one that worked for all my work-related services. But now I'm writing them all down. If someone happens to find it, it's not my problem.
Foist this stupid scheme on people and of course they're going to write them down. Better that than forgetting a password and have yourself locked out of the system you need to do your job. Next you waste 20 minutes of the day waiting for the arrogant IT guy to reset it all the while listening to him complain about all the password resets they've done that day.
So frustrating. What's the point when a little social engineering can get a password without too much trouble?
What happened to the Administrators? (Score:5, Interesting)
Re:What happened to the Administrators? (Score:5, Interesting)
Re:What happened to the Administrators? (Score:3, Interesting)
Indeed. From here, it's hard to distinguish between what happened and outright entrapment. The only defense to it would seem to be, "I didn't know the tape-dispenser was loaded..."
Surely the best route of action... (Score:5, Insightful)
Make sure to slap the hungry monkey's wrist that sees a stick next to an ant hill. Does wonders for intellectual development on a macro- and microscale.
Funny, isn't this the American Way (Score:5, Interesting)
Especially in highschools. Or maybe just PA (I live 20 minutes from Kutztown). I remember a girl getting treated like a drug dealer because she a)bought aspirin to the school and didn't hand it over to the school nurse (so that she could subsequently go back to the school nurse when it's time to take them - talk about being treated like a 5 year old) and b)giving one to her friends that had a headache.
IIRC, she was kicked out of the district.
Variations of this heavy-handedness happens so often everywhere that I'm surprised it makes the news anymore. I think Columbine made it worse because now the administrators are going apeshit over every little thing - turning the schools into a sort of police state.
What would be news would be the punishment fitting the crime. But then the school administrators would have to admit that they are mostly at fault in this case (really: taping the passwords to the back of the computers?!)
Re:Funny, isn't this the American Way (Score:3, Interesting)
A bit over ten years ago when I was in high school yet, I was kicked out for a short time (it was later reversed because of how stupid it was) because I brought in a pair of heavy scis
Re:Funny, isn't this the American Way (Score:5, Interesting)
It's horrible because the kids that come from shitty neighborhoods do this to the kids that come from the good neighborhoods all the time because the shitty neighborhood kids get a week long break from school (their parents don't care, they have other things to worry about) and the good neighborhood kids get screwed by their parents.
A friend of mine was recently expelled for a conversation that went something like this:
Friend 1: "oh you won't believe what john did at lunch - he told everyone about your crush on cindy!!"
Friend 2: "ugh he did? *in a joking playful tone* i could just kill him sometimes!"
Teacher heard this whole conversation, told the dean, next day kid gets pulled out of class and is never seen again. And I was there for all of this - there is NO WAY that anyone could mistake him for being serious when he said that.
Also recently at my school I witnessed a gross exercise of power by the principal. Food and Drink are not allowed in any buildings (except cafeteria) including water (yeah, i know, its florida. they do this to "reduce bathroom breaks." i'm not kidding either.) So, a kid runs 7 miles in the morning (cross country team) and buys a gatorade from one of the machines on campus. He's heading towards his locker and the principal is outside the building his locker is in. The principal tells him that he can't go inside with the drink. He tells the principal in a calm non-condescending tone "I don't agree with this rule, but I respect you enough to obey it and not bring this drink inside." and calmly waits outside periodically drinking his gatorade and talking to friends (keep in mind that this was like 20 mins before school starts, so he wasn't going to be late to class or anything.) With the principal still there, a teacher comes over and tells my friend to move out of the way because he is blocking traffic. Now, he is standing about 5 feet to the left of the door, and is clearley not blocking traffic, but he does as he is told and moves about 5 steps off the wall. About 10 seconds later, the principal begins yelling at him for moving from the spot. My friend tries to explain himself calmly and without attitude, but the principal will not have it. He then tells him to go to guidance and wait there. My friend went to guidance, waited an hour and no one showed up so he went to class.
You would be suprised what goes on in public schools. Yesterday my history teacher who was giving a lesson on religions around the world did not know if Budda was fat in real life and when I asked about it I was told that it was of no significance anyway. I told him that in fact it could be rather important, as he had just taught us that Buddhism promotes freeing yourself from useless indulgences and possesions and that if Budda was actually fat then it would be contradictory to what he taught (as fat people are usually observed to be grossly indulgent.)
I was then yelled at for "interuppting class" despite the fact that I had raised my hand and been called on as per procedure specified by him. Basically he tried to blame me instead of just saying something like "Actually, I'm not sure. If we have time at the end of class we can look it up on the internet."
Anyway those are just some of my observations spending 12 years in the public school system.
Hack? (Score:5, Insightful)
Sure, they may have used the computers in way which they shouldn't but, they didn't have to hack them.
I know, I know... the average Joe couldn't tell the difference between anything remotely technical but the media shouldn't be encourage it.
I think I'll go let Windows Hack into my neighbor's unsecured wireless access point.
Get me that school's phone number. (Score:2)
Sorry, this is publicly federally-funded property. The 1st Amendment protects their freedom of expressing themselves on any federally-funded property.
Let's get that phone number, I've got time to remind them that they're responsible to me, the taxpayer.
Re:Get me that school's phone number. (Score:5, Informative)
Even more fun would be if the article had given a link [kasd.org] to the school website. That would learn 'em.
Re:Get me that school's phone number. (Score:3, Funny)
Yes and no (Score:4, Insightful)
But the fact that the passwords were on the back of the iBooks does not mean everyone was free to use them at will.
I can tape the key to my house on to the front door of my house, and while that is extreme stupidity on my part, that does not give you permission to unlock the door and come inside.
More than just using the taped password (Score:4, Insightful)
Now that's not the only thing that the kids are accused of doing, they also turned off the monitoring software (Apple Remote Desktop?) and even used it to monitor the admins. In addition, they're accused of using hacking tools to find the new admin password when it was changed from the password that was taped on the back of the machines.
Also, if you click on the little update link at the bottom of the story, you'll see that the kids were also found to be downloading pornography. Might sound innocent to some of you, but adults / the school can get in trouble for "allowing" them access to X-rated material.
Now, a third degree felony sounds harsh, but they still need some punishment. If they had stopped at using the password taped onto the back of the computers I'd feel sorry for them, but they were spying on admins and using other means to get the password once it was changed.
Re:More than just using the taped password (Score:4, Insightful)
Doesn't that qualify for breaking and entering?????
These kids aren't angels...and whoops - there was consequences for their illegal actions..oh and to make sure everyone here gets that. These kids committed a crime. They KNOWNINGLY violated the machines by using the admin password they weren't suppose to have. Look - if I leave my house unlocked, does that make it any more wrong for someone to enter and start taking my things?
The other issue is that these are still kids, and if they're under 18.... it isn't on their permanent record. If you guys are constantly going to make excuses though about oh- it wasn't that bad, then the rest of the rules of society might as well fly out the window as well.
Re:More than just using the taped password (Score:5, Insightful)
You're right. Hardened felons, all of them. Criminals. Malcontents. Society can't possbily function with these kinds of challenges to authority... much less the status quo. Fly out the window, indeed! Thankfully, this kind of spirit has been identified early and, we can only hope, properly quashed. The last thing we need is any of the kind of insanity that lead to the shennanigans in Silicon Valley.
Re:More than just using the taped password (Score:3, Insightful)
You want to wake up (Score:5, Insightful)
You want to wake up, son. Lets put this in context, shall we? We are talking about a felony, that is entering children into the criminal justice system because the school admins didn't have clue one about how to secure their own systems from... children. The mini emporers in academia need a taste of their own medicine. Honestly speaking, a previous poster pointed out that taping the password to the backs of the computers was tantamount to incitement and solicitation of a minor. I wouldn't just use it as a threat though, I'd go afer the little hitlers until every man jack of them had spent a few months trying out the local prison facilites. Such irresponsible and knee jerk reactionists should under no circumstances be educating children.
Don't get me wrong, I know some kids are wretched creatures that shouldn't be in general education, but in this case I think an example does need to be made. Of the so called teachers.
Re:More than just using the taped password (Score:4, Insightful)
A computer is NOT a house. A computer can essentially be restored to its original (software) state with minimal effort. I highly doubt all six hundred laptops were individually configured, and instead had some sort of imaging or automated network install, so any broken installations could be restored easily. From what I have been told about Mac OS X, there is an option to reinstall the system without deleting user profiles, so students wouldn't even have to lose files (if they weren't stored or backed up on a network.)
But if I walk into someone's (unlocked) house, and steal their TV, jewelry, and other items of value, they've lost them. They can't go restore the backup. They can't put in a few CDs and reinstall their stolen TV and jewelry. Their only hope is to have the items recovered somehow.
This is my Hometown...let me tell you something... (Score:5, Interesting)
L8tr all.
Re:This is my Hometown...let me tell you something (Score:2)
Your class was just about 10 times larger than my class.
Regardless... (Score:2, Interesting)
Regardless
The law is not about hacking, it is about Unauthorized Entry. You don't have to pick the lock to be somewhere you shouldn't, and you don't have to cut through any fences to be prosecuted.
This is only the beginning... (Score:5, Insightful)
Re:STFU, liberal (Score:5, Funny)
You have been found guilty of swearing, which is a verifiable gateway activity to criminal activity, and a negative influence on children. Your sentence is 10 years in prison. Identify yourself, or have another 10 years attached to your sentence for evading authority.
Re:STFU, neocon (Score:3, Insightful)
I firmly believe criminals must face justice but I also believe the punishment should fit the crime (and "crime" doesn't really fit in this case). Felonies used to be for the worst crimes... murder, rape, or gunpoint robberies. Now they are about some small town school principal trying to prove that he is still in control.
Disclaimer: I don't know for a fact it'
Re:STFU, neocon (Score:3, Insightful)
I'm far from conservative, though some friends and family are. I've observed three paths that lead to conservatism: one is through respect for tradition; another is through reasoning based on certain principles; and another is due to a psychological deficit that leads to anger, scapegoating, the desire for punishment, and the need to identify with abusive authority
At what point does "Hacking" begin (Score:5, Insightful)
I'd assume they'd WANT me to know the admin password if it was taped to the back of the laptop.
and with this news.. (Score:2)
More to this story (Score:4, Informative)
This story is short and doesn't give the fully story of what happened.
*At first* the passwords were on the laptops (not exactly tapped; they were apart of some tapped data. It didn't say "Password:" if that's what you're thinking).
After the admin changed them all, the kids then used a brute force cracker to break the passwords which they found on the local machines (password file?) and proceeded to install unauthorized software.
They were punished multiple times and they still continued to do it. Calling the cops on them was a last resort the schools were forced to do.
You can read more of the full story here: http://www.cnn.com/2005/TECH/internet/08/09/kutzto wn.hackers.ap/index.html [cnn.com]
And still extreme overreaction (Score:5, Insightful)
So a rational adult would simply take the laptop away from them. Either play by the rules or take it away.
To me, this is the equivalent of sending your kid to reform school because he talked back one too many times. Its overreaction and really, its an admission of failure by the school authorities.
Everybody in Kutztown should be ashamed of themselves.
No, they need to learn there are consequences (Score:3, Insightful)
I mean look, if someone has physical access to a machine, they can get root, period. Any barriers you put in the way are only superficial and will only slow them down, if anything. We always operate under that assumption at work. We don't try and pretend we have an unhackable system because there's no such then when someone is physically at the computer. Rather
Re:More to this story (Score:3, Interesting)
Call or mail the Kutztown PD (Score:5, Informative)
45 Railroad St.
Kutztown, PA 19530
(610) 683-3545
Borough of Kutztown [kutztownboro.org]:
45 Railroad St.
Kutztown, PA 19530
(610) 683-6131
fax (610) 683-6729
Kutztown Area School District [kasd.org]: District Administration
50 Trexler Ave.
Kutztown, PA 19530
(610) 683-7361
fax (610) 683-7230
more addresses and phone numbers for the District [kasd.org]
I find the quote "We are a country awakened to danger and called to defend freedom." at the bottom of the Borough's webpage inappropriate for this town.
This is obviously what the parents want (Score:5, Insightful)
Whoever taped those passwords to the back of the computers needs to be fired. Whoever gave that person a job needs to be fired. Whoever has the authority to demand that the people above must be fired immediately but hasn't needs to be fired.
But this isn't happening. Rather than start demanding even a fleeting glimpse of intelligence within the public schools the parents simply get together and whine that the people they voted for have their heads so far up their rectum that you can't distinguish a fart from a whistle don't engage in sphincter-yoga.
Yes, there is the possibility that these parents didn't vote this particular schoolboard (and mayor , who allowed this particular police chief and DA to make such stupid decisions), but I'll hedge my bets and say that either they voted for them or didn't vote at all.
Are they demanding the resignation of the board? No.
Are they demanding the resignation of the DA? No.
Are they even promising to vote for somebody else in the next election? No.
So if they don't care enough to actually DO something about the situation, why should anybody else?
abusing admin account was only the beginning (Score:5, Insightful)
Afterward, they went on to monitoring the admin.
This is their defiance of authority and that's the message here.
On one hand, I think it's "harsh" what is being done to the kids -- I really do. But there's a larger picture here that should be acknowledged.
How many times have you been completely and utterly insulted by children who know there's nothing you can do about it. That is, in essence, what has happened here. When it was realized that the kids were breakign rules, they were essentially given the chance to straighten up when they were discovered and their admin passwords changed. The kids responded by being even mroe defiant and even aggressive about it.
We have a cultural mess on our hands. I'm just sick enough of defiant children to endorse the reaction we are seeing here. You can't spank children any more. Somehow it became a crime. You can't even talk "mean" to them -- it's somehow psychological abuse as well. As a culture, we cannot control the children. And it's clear that most parents will not regulate their offspring as well... (at least without fear of criminal problems much of the time)
I have two sons of my own and at the moment, my biggest problem is getting them to tell the truth. I haven't seen evidence of anything worse... not yet anyway. Respect for authority is a critical lesson in life that needs to be learned. If we have to make 13 examples of these kids, then so be it. It could help in changing the path for millions of other kids out there... kids that will one day grow up and lead this world. And if you think I'm over-reacting myself, look around you at the many "adults" out there who are early evidence of the things to come... people who never actually grew up and took responsibility for themselves. Examples are not hard to find.
Respect, in general, should be restored as a key value in our culture and at the core of respect is fear of what might happen if you don't.
Re:abusing admin account was only the beginning (Score:5, Insightful)
However, I disagree with your assessment of how to respond to the issue. Over and over again you are talking about "controlling" children - about "respecting authority". You bemoan the demise of spanking and complain that you can't "talk mean" to kids.
Now, I am not a psychologist nor have I studied child rearing - as I said, I'm only 18 myself. But what I would like to suggest, for whatever it is worth, is that respect isn't something that is instilled by control. It's something earned and taught. My parents never tried to control me and my siblings. We were never spanked, punished, or yelled at for things we did "wrong". Rather, they gently explained our error and, if necessary, had us make amends. Our parents raised us with respect for *us* - and helped us learn to respect others as well, by being living examples. I am not saying this approach necessarily works with all children (or all adults - some of y'all need to to think about the example of respect you're setting!). But I was dismayed by your advocacy of what is essentially parental authoritarianism, and I felt that a counter-example might be worth writing.
I would also dispute your statement that Respect for authority is a critical lesson in life that needs to be learned. Why? I agree with you that respect is an important lesson, but I would argue that respect should simply be for people and for property in general. Why should we respect authority? Teach kids to think for themselves, and educate them in moral principles so that they can make responsible decisions in their own right.
In closing, your post states:
Respect, in general, should be restored as a key value in our culture and at the core of respect is fear of what might happen if you don't.
I cannot say loudly enough how much I disagree with that. Respect isn't about fear at all. It's about doing what is right. It's about holding others in high enough esteem to want to treat them well. Heck, the good old "golden rule" is a simplistic but reasonable enough definition of respect - treat others the way you'd want to be treated, set their rights equal to your own. But fear of retribution? Where is the moral strength in that?
My 47.5 cents.
Re:abusing admin account was only the beginning (Score:5, Insightful)
If the kids won't follow the rules then take away the toys. If they are flounting the school rules then use one of the normal school punishments to deal with it. Even after repeat offensives of this type the school and parents should be able to deal with it without resorting to trumped up charges of "hacking". This is the school being vindictive.
Re:abusing admin account was only the beginning (Score:3, Insightful)
As a parent (Score:3, Insightful)
I think you're presented a false set of choice here. The choice isn't "accept lack of respect" or "send them to jail"
Generally, if the administration is in a position where it feels that it can't control the children properly, it's the adults fault. Lets face it; Kutztown isn't exactly "The Blackboard Jungle". These are basically middle class kids who will do either the right thing or
Re:abusing admin account was only the beginning (Score:3, Insightful)
These kids repeatedly violated the rules of use of the machines. So take the machines away from them! The only unbreakable security strategy is to prevent access to the system.
Each time the machines were returned to these kids
Re:abusing admin account was only the beginning (Score:3, Insightful)
-
Really illustrates the problems with this law (Score:4, Insightful)
Then again it really shouldnt surprise me that incompetent people in the I.T. field wind up blaming everyone around them for their faults. In this case it seems they managed to get a sympathetic ear out of their local PD. Its sad that, you can have people harbor a child molestor and not be charged with so much as obstruction of justice, but here you have children being charged with unauthorized use of devices placed in their possesion.
IANAL but the fact that the schools handed the PC's to the students, said use them to do their work will probably knock down any charges concerning them. It will be really hard to prove unauthorized access when they were handed the quipment and given access to the network. Taping the password the back of the machine should also throw out any claims that the systems were meant to be secure.
This case shows what happens when legislators make law without understanding what they are trying to legislate or considering the consequences. If this application of the law is held valid it will allow any corporation, organization or group to take revenge on any employee or member that uses its computers and is disliked. To do so, all that would have to be done is change an employee manual or circulate a policy memo in a way that it would either not be read or misunderstood, and then call the police when someone keeps on doing what they had been doing.
Whats wrong with kids today? (Score:4, Interesting)
Kids, by their very nature are curious and, a bit rebelious. That hasn't changed in generations, kids have always been tempted by things that they know they should not do and kids have always been known to defy authority. I know I did, and I'll bet you did too!
I was very fortunate to have had several teachers who were actually able to harness my curiosity and my desire to "push the boundaries." To this day, I think they were the best teachers I had.
I also had the other kind of teacher; I remember specifically one English teacher who told us to read a specfic chapter. I got in trouble for reading beyond the chapter! I loved reading and simply got caught up in the story. Why he got upset is still beyond me.
Many teachers no longer teach kids, they teach cirruclium. They expect kids to march in lock-step to their plans. Kids going though this feel like they are prisoners and that their teachers are little more than glorified babysitters! They get bored, they don't understand why they are being limited and, they naturally fight this by defying the silly rules established by the people in authority. In short, the kids will be kids (just like they always have been).
Yeah, the kids hacked the computers and used them for things that maybe they shouldn't have. I have to say that the administrators of the school should have expected this.
It seems to me there were probably a number of other things that could have been done - including a policy of "if you hack this, we will take it away from you and you will fail the class". The way that it has happend smells like the administration has chosen, intentionally, to make examples out of these kids. I suspect that this was done to send a message to future students "Don't mess with us" - but this kind of thing against kids seldom works and can easily backfire (especially if nothing comes of the charges).
I feel for the kids, I really do. Not because they hacked the computers but because the administration and staff of the school have obviously made some poor choices along the way. This problem is a symptom of something wrong much deeper in the system. The teachers should realize they are teaching kids who are naturally curious, naturally push the limits, and naturally defy authority. If these kids were challenged, rather than restricted, they would learn a hell of a lot more.
Teachers, please go back to teaching kids, not cirriculum!
This is why you don't get into power struggles (Score:4, Interesting)
You will lose. Any sane parent knows this. The educators, with their specialized training totally should know this. As a father I know this.
The policy should reflect the reality of computing today; namely, that any access control methods can and will be circumvented by those willing to do so. Period, end of story. There is very little the school could do to prevent this kind of thing, so why bother?
Either the kids play ball, or they don't get their own computer. Have a lab room setup for those not willing to agree to the terms of use and those that think they are willing, but end up on the wrong side of the rules.
Charging these kids with a felony crime is just wrong. It's going to affect their future far more than it helps the school keep control. I've a feeling this school is one of these zero tolerance, power tripping schools that does more actual harm than good.
So, they could have just taken the computers, booted the kids, put them on an alternative learning track, etc.... But, continuing to escalate the issue the way they did invited trouble, was counter productive, and could easily be considered rather draconian. --> "Lets make examples of a few of them to keep the others in line". Yeah, like I want my teen going to a school like that.
In the schools defense, the law has taken away a lot of their power these days. The school staff is sharply limited in what they can actually do without going to the courts. (Which makes a keen understanding of the whole power struggle thing all the more important!) When I went to HS, in the 80's, principles could still actually make kids *do* things. Breaking up fights, for example, often meant the principle stepping in there, grabbing some kids, and sorting things out. He was never in the office, walked around the school and kept order.
Things are far different today where even touching kids can get educators in trouble.
There is a fine line being crossed with the whole kids rights thing. In terms of things like expression, we should be yielding to the kids. However, in terms of behavior, we should let the schools do a bit more than they currently are, if we are to avoid the courts for teen struggles.
Also, where the fuck are the parents in this whole thing? If this were my kid, I would quite honestly start working that school and legal system over until the problem was corrected. I'm all for kids towing the line, but it's a two way street. If the school creates an environment for failure, (which they clearly have), the punishment for that failure needs to serve some greater end. (Which it clearly doesn't.)
This whole mess is a crock. Anyone, who has parented teens, who possesses just a bit of common sense would have been able to defuse this issue and move on. My gut says this whole small town is fucked up.
How do you "hack" a laptop given to you? (Score:3, Insightful)
A letter from a Mom (Score:5, Informative)
May 3, 2005
I am writing this letter in response to recent events at the Kutztown
High School concerning the manner in which my son was questioned about
his use of the school laptop computer. My son was removed from an important chemistry review class and taken to an office where he was interrogated for more than thirty minutes by the school principle, assistant principle and laptop program director. During this questioning my son was accused of being involved in criminal activities and told that the Kutztown School District intended to press misdemeanor and/or felony charges against him in court. He was told that if he gave up the names of other students that they (meaning the school employees) would take that information into consideration when they filed the charges. I do not send my son to school to be intimidated, threatened, cajoled or bribed by school administrators under any circumstances. My son was told that he had destroyed school property and was in the same league as the kid who spray paints the exterior of the school buildings. I never heard such total rubbish. How dare any of you equate the abilities of my son with a group of mindless misfits who have nothing better to do than make graffiti? At the time of this meeting on May 2, 2005, none of the accusations being made against my son had any actual evidence to back them up because his laptop had not yet been checked for any current violations. My son was put in that intensely disturbing situation because some other students, who were probably terrified of what would happen to them, said my son had done something wrong.
I, personally, do not know exactly what my son does or does not do on his school computer, but what I do know is that at no time in the past four months was I ever contacted, by phone or by letter, about any problems that would justify the way school officials behaved towards my son during that meeting. If, at any time, I had been contacted by the school concerning inappropriate behavior by my son I would have put a stop to it immediately. Apparently, the administrators at the Kutztown High School seem to adhere to a policy that undermines parental authority. The only evidence I was ever privy to was a paper that was mailed to my home saying he had been given a one hour detention for the installation of something called Acquisition. A one hour detention would not indicate to any parent that there was a serious problem. The irony in that was that his acquisition wound up putting him through an inquisition.
I no longer trust the Kutztown High School administration to behave in a way that is professionally reliable or in the best interests of my child. Therefore I am stating, unequivocally, that there are to be no more meetings of any kind for any reason between my son and any Kutztown High administrator without my consent and/or physical presence at the meeting. If there is any problem at all with my sons conduct while at school I am to be notified immediately before any other action is taken.
I will no longer honor the contract that was signed concerning the use of the school lap top last September. Had I any indication at that time how inefficiently the program would be administered, I would never have agreed to it in the first place. I will not sign any other contract for the use of school computers unless there is an amendment clearly stating that any violations concerning the use of the equipment will be dealt with by the district a
Re:Moan ... (Score:5, Interesting)
I sympathize to some extent actually. Read the district press release:
"Unfortunately, after repeated warnings and disciplinary actions, a few students continued to misuse the school-issued laptops to varying degrees. The disciplinary actions included detentions, in-school suspensions, loss of Internet access, and loss of computer privileges. After each disciplinary action, parents received either written notification or telephone calls. Some parents felt that the disciplinary actions were ridiculous and even expressed the feeling that their son/daughter should be able to do non-school activities and use the laptop without restrictions. Some students acknowledged that they used their school-issued laptop inappropriately at home rather than their home computer for fear their parent would catch them."
There is a simple way to fix this problem. If you don't want them to use the laptop at home, don't let them take it home.
My concern about the trend towards computerization in our schools is that students will not have the oportunity to opt-out of restrictions (say, by providing their own laptops). This is not that different from a world where everybody would be unable to opt-out of a trusted computing world, or even a Microsoft Windows world.
A second thought (IANAL) is that such heavy-handed punishment as a felony charge in this case might very well seem like cruel and unusual punishment and it might be possible to challenge the constitutionality of the law as applied to this case. Charging minors with felonies for using passwords taped to the back of the computers they were issued seems both cruel and unusual to me. However, where exactly one draws this line in this case might be fairly difficult to answer.
Finally, students have some privacy rights even regarding school lockers. It seems to me that constant monitoring might infringe upon those legitimate rights. IANAL, again though....
Saner policy that would have prevented this: (Score:3, Insightful)
Exactly.
"Listen up, kids. You will be given a laptop to use on school premises only. The laptops will be handed to you in Homeroom and must be turned in every day at the end of the last period of classes. If you go off campus for lunch, you must either turn your laptop in for safekeeping at the office or keep it securely locked away in your locker.
"Abuse of your laptop will be grounds for
Re:Moan ... (Score:3, Informative)
IANAL, but every case I have read ind
Re:honesty (Score:3, Insightful)
Ok, so punish them, sure, but felonies? Do you also favor beheading as punishment for jaywalkers? Their punishment is so ridiculously disproportionate to the "crime" it's galling.
Re:Please Understand the Context (Score:4, Insightful)
This is the equivalent of writing in a library book, except that re-imaging the hard disk on a laptop is actually easier than removing writing from a library book.
Anyone recall the scene in "Ender's Game" where the kids are virtually encouraged to mess around with their computers, in part so that the school can keep an eye on who's got creativity and daring and who's just a boring by-the-rules follower?
We won't be raising the kind of smart kids we need to be defeating aliens and saving humanity with the Kutztown school district's attitude.
Re:Somebody remind me.... (Score:4, Insightful)
I don't see any sense in limiting children to Microsoft products though which is what most school boards are doing. KDE/Gnome and Open Office contain 95% of the same functionality as MS Office but with easier administration and better security. Eliminating the license fees for MS Windows, MS Office, Windows Server, Visual Studio, MS Backoffice, and all the client access licenses to connect to MS server products would allow the district to purchase many more bare-metal commodity PC's within the same capital budget.
And for teaching programming before college, Linux is a dream. There are a plethora of programming tools and compilers for every language under the sun, and most of them are free. Linux has taken the server market by storm and is also becoming the standard for small devices. School administrators should look 5-10 years down the road at when these kids will be college graduates and prepare them now for the Open Source future they will be living and working in.
Re:Somebody remind me.... (Score:3, Insightful)