Become a fan of Slashdot on Facebook


Forgot your password?
The Courts Government Portables (Apple) Security News

Kutztown Students get Felony Charges 825

gone6713 writes "The 13 students from Pennsylvania who were accused of hacking the iBooks provided to them by the school (Slashdot had a previous story on them back in June) have offically been charged. It seems that the admin passwords were taped to the back of the iBooks!"
This discussion has been archived. No new comments can be posted.

Kutztown Students get Felony Charges

Comments Filter:
  • by dubiousx99 ( 857639 ) on Saturday August 20, 2005 @11:36AM (#13361845)
    If your going to charge the kids with felonies, then you should charge the IT administrators with aiding and abetting for leaving the password there.
  • by rolfwind ( 528248 ) on Saturday August 20, 2005 @11:36AM (#13361851)
    Isn't it? To make example of certain people to buy the compliance of the rest of us (sheep)?

    Especially in highschools. Or maybe just PA (I live 20 minutes from Kutztown). I remember a girl getting treated like a drug dealer because she a)bought aspirin to the school and didn't hand it over to the school nurse (so that she could subsequently go back to the school nurse when it's time to take them - talk about being treated like a 5 year old) and b)giving one to her friends that had a headache.

    IIRC, she was kicked out of the district.

    Variations of this heavy-handedness happens so often everywhere that I'm surprised it makes the news anymore. I think Columbine made it worse because now the administrators are going apeshit over every little thing - turning the schools into a sort of police state.

    What would be news would be the punishment fitting the crime. But then the school administrators would have to admit that they are mostly at fault in this case (really: taping the passwords to the back of the computers?!)
  • by BiO_FeNiX ( 908968 ) on Saturday August 20, 2005 @11:40AM (#13361874)
    I went to this high school and grew up in this town. Let me tell you this...The system administrators never had a firm grip on the students, I assure you...and they had been outdone several times before this. Suffice to say, the school tends to overreact about things that they don't understand...and Computers is one of those topics. I work in IT now and now that I understand security and such, I realized how much my high school sucked about security...they never really thought about it. Anyways...its kind of amusing to find my hometown on Slashdot...its little more then a farming town with a college in it. My graduating class was 140 people.

    L8tr all.
  • Regardless... (Score:2, Interesting)

    by sexyrexy ( 793497 ) on Saturday August 20, 2005 @11:40AM (#13361876)
    Only the sensationalist news media has called the teens "hackers". Believe it or not, most judges understand the difference, and their defense lawyers will at least argue the point enough to inform any jury that gaining access is not the same as hacking.


    The law is not about hacking, it is about Unauthorized Entry. You don't have to pick the lock to be somewhere you shouldn't, and you don't have to cut through any fences to be prosecuted.
  • by Daniel Dvorkin ( 106857 ) * on Saturday August 20, 2005 @11:40AM (#13361878) Homepage Journal
    And the charges could be a lot more serious -- IIRC, there are some very serious laws about adults who solicit children for criminal activity. The kids need an aggressive lawyer who will threaten to "go nuclear" if the school doesn't back down.
  • Re:Human error (Score:5, Interesting)

    by aussersterne ( 212916 ) on Saturday August 20, 2005 @11:46AM (#13361915) Homepage
    Having attended and later worked in an American high school where the mentality was definitely one of suspicion and enforcement (ala prison) rather than education, I'd suspect that these passwords were taped there on purpose to try to catch and then be able to endict nonconforming students, who, the thread of thought would go, are the same ones likely to create disciplinary problems through the introduction of unrest and disobedience.
  • Re:Moan ... (Score:5, Interesting)

    by einhverfr ( 238914 ) <> on Saturday August 20, 2005 @11:49AM (#13361927) Homepage Journal
    It's shit like this that makes me want to leave the country.

    I sympathize to some extent actually. Read the district press release:

    "Unfortunately, after repeated warnings and disciplinary actions, a few students continued to misuse the school-issued laptops to varying degrees. The disciplinary actions included detentions, in-school suspensions, loss of Internet access, and loss of computer privileges. After each disciplinary action, parents received either written notification or telephone calls. Some parents felt that the disciplinary actions were ridiculous and even expressed the feeling that their son/daughter should be able to do non-school activities and use the laptop without restrictions. Some students acknowledged that they used their school-issued laptop inappropriately at home rather than their home computer for fear their parent would catch them."

    There is a simple way to fix this problem. If you don't want them to use the laptop at home, don't let them take it home.

    My concern about the trend towards computerization in our schools is that students will not have the oportunity to opt-out of restrictions (say, by providing their own laptops). This is not that different from a world where everybody would be unable to opt-out of a trusted computing world, or even a Microsoft Windows world.

    A second thought (IANAL) is that such heavy-handed punishment as a felony charge in this case might very well seem like cruel and unusual punishment and it might be possible to challenge the constitutionality of the law as applied to this case. Charging minors with felonies for using passwords taped to the back of the computers they were issued seems both cruel and unusual to me. However, where exactly one draws this line in this case might be fairly difficult to answer.

    Finally, students have some privacy rights even regarding school lockers. It seems to me that constant monitoring might infringe upon those legitimate rights. IANAL, again though....
  • by dlZ ( 798734 ) on Saturday August 20, 2005 @11:53AM (#13361961) Journal
    I remember a girl getting treated like a drug dealer because she a)bought aspirin to the school and didn't hand it over to the school nurse (so that she could subsequently go back to the school nurse when it's time to take them - talk about being treated like a 5 year old) and b)giving one to her friends that had a headache.

    A bit over ten years ago when I was in high school yet, I was kicked out for a short time (it was later reversed because of how stupid it was) because I brought in a pair of heavy scissors and had them in my bag. OH, these scissors were required for a class I was taking, and we weren't allowed to leave them in the class. But I was charged with bringing a dangerous weapon into the school. It all happened because an x-gf was mad at me and told someone in the administration I had a weapon, when in reality all I had was the scissors, books, and some pens/pencils and paper. (I don't believe she knew I even had the scissors, she just thought me getting hassled by the school cop would be funny. I hadn't talked to her in months at this point, I have no idea why she decided to do this out of no where, besides the fact we were stupid high schoolers.) Talk about sane policies, though. Can't let kids have the proper supplies for class! I'm surprised I didn't get 5-10 for every pen or pencil, I mean, I could stab someone with them, right?
  • Re:Yes and no (Score:1, Interesting)

    by Anonymous Coward on Saturday August 20, 2005 @11:54AM (#13361968)
    I can tape the key to my house on to the front door of my house, and while that is extreme stupidity on my part, that does not give you permission to unlock the door and come inside.

    However, your insurance company won't pay out.
  • Re:Taped? (Score:4, Interesting)

    by AdamReyher ( 862525 ) <adam.pylonhosting@com> on Saturday August 20, 2005 @11:56AM (#13361980) Homepage
    And that's why I agree they should face consequences for their actions. Let's say someone goes to downtown Miami at 2 AM in the morning with their brand new BMW. They park it, walk away leaving the doors unlocked, and the car gets stolen 10 minutes later. Who actually did the stealing? The theives, of course. Should they be punished? Absolutly. But the person who owned the car easily enabled that to happen when he should have known that 1) He was in Miami, one of the highest crimerate cities in the nation, 2) at 2 AM in the morning, 3) With a $30k+ vehicle. His stupidity opened the door for the car to be stolen. Serves him right, in my opinion. Does that make the these kids guilty, though? Absolutly.
  • Re:retardville (Score:3, Interesting)

    by Lucidwray ( 300955 ) on Saturday August 20, 2005 @11:59AM (#13361997)
    Leaving the ignition in the keys of your car does not justify someone stealing it (and its still illegal).

    No, but if you leave the keys to your car in the ignition and it gets stolen. Its no longer Grand Theft Auto. Its just Theft. Amazingly the legal system is smart enough to realise that you are partly at fault for your car being stolen since you left the keys in it. What a conecpt. Accountability.

    This is the same thing as writing the admin password on the bottom of the laptop.

    The school officials should be charged for not properly securing public property.

    Could you imagine if some highschool principal put the key to every door in a highschool under the door matt in front of each door. Once the school got robbed the general public would go ballistic when they learned the keys were everywhere. The principal would probably be brought up on charges for loosing thousands of dollars worth of school equipment.

    But yet the same incident happens on a computer and nothing happens. Bizarre.
  • by ( 745183 ) on Saturday August 20, 2005 @12:00PM (#13362006) Homepage
    ...there are some very serious laws about adults who solicit children for criminal activity.

    Indeed. From here, it's hard to distinguish between what happened and outright entrapment. The only defense to it would seem to be, "I didn't know the tape-dispenser was loaded..."

  • Re:Human error (Score:5, Interesting)

    by ZX81 ( 105194 ) on Saturday August 20, 2005 @12:02PM (#13362021) Homepage
    Or you could just call and complain: []

    Hmmmm can just see the police switchboard getting slashdotted now! :D
  • Re:Yes and no (Score:1, Interesting)

    by Anonymous Coward on Saturday August 20, 2005 @12:05PM (#13362028)
    That's true ... but I won't get charged with breaking and entering! These kids are being charged with hacking as a criminal offense, not for "violating the schools terms and conditions". That's despicable.
  • by putch ( 469506 ) on Saturday August 20, 2005 @12:09PM (#13362047) Homepage
    last resort? how about take their laptops away. voila, no more problem.
  • Re:Human error (Score:5, Interesting)

    by aussersterne ( 212916 ) on Saturday August 20, 2005 @12:10PM (#13362052) Homepage
    I didn't mean to suggest that the whole thing, bottom to top, was a scheme. I mean to suggest that the laptops were going to go to students anyway, and when the IT contractor asked the administrator, "Where do you want me to file the passwords away?" the administrator responded with, "Put them on the backs of the machines and we'll see who..."

    Something nearly the same happened when I was contracting for high schools. The DOS machines they used (this was a few years ago) could have been configured to start students into a menu system that was uninterruptable (i.e. turn machine on, get menu of available applications, no alternatives, no way to break out of the menu structure).

    Instead, they wanted me to use the AUTOEXEC.BAT batch file to launch the menu system rather than a menuing application started directly on bootup. Why? So that they could watch and see who hit CTRL-C at boot to exit the batch file. Those students were then expelled for "hacking" (even though these machines weren't on a network at all, this was ca. 1992) and they lost their computer priveleges at the high school for the rest of their high school career.

    Why? That's a question that was never satisfactorily answered to me. I can tell you that the answer was something along the lines of what I mentioned in my previous post: such students were basically believed to be "too big for their own britches" and it was thus basically one more way to find a few more kids with "no respect for authority" and push them out of the system.

    While I was still contracting there, I saw two kids expelled for hitting CTRL-C to dump to DOS and explore the C: drive. Both ended up enrolling at a local private high school, to my knowledge.
  • Re:Taped? (Score:5, Interesting)

    by utlemming ( 654269 ) on Saturday August 20, 2005 @12:24PM (#13362134) Homepage
    Agreed. However, if you read their account on the website, some of the students that had been charged attempted to turn their laptops in, but the school gave it back and told them they had to use the laptops -- they even told the administration that the laptops were a temptation to misbehave, and asked that the administration take the laptops. Requiring the children to have a laptop, which the children admitted posed a temptation is tantamount to encouraging the progression of a problem. In any other element of society, if you attempt to surrender something because it posses a danger to you or to someone else, the organization will take it. If I go to the DMV or the Sherifs office and state that I feel that my driving is a danger, they will gladly take my license away. Or if I go to the doctor and tell him that a medicane I am taking I am gettting adicted to, then he will change it. The main thing that I see is that the students are being punished after attempting to give up the temptation, when the administration forced them to have the temptation. The way I see this is that some of the students were responsable enough to admit the problem, seek help, but were turned away -- that, in my mind, is an endorsement of failure. The students parents might be able to make a claim of criminal neglegence. If the students had said that they were going to commit another criminal activity, and did, then the school would hold liability for failing to take preventative steps if the school indeed failed to take such steps.

    Do the student's bear some of the responsability. Yes. It would assinine to say that they didn't. However, the school system should have taken the computer's security more seriously, and should have used stronger passwords, and should not have put them on the computers. When the problem was discovered, the school should have taken steps to provide new passwords, which are stronger and not publicly known. For students that had been disciplined for misbehaving on the computers, a more proactive steps should have been taken to make sure that future violations would be adverted.

    The other question that I have, is what education about the use of computers was implemented? Was there an AUP? And did the students understand what the implications of using the computers in that manner would mean. Second question, did the student's parents know that they were being interrogated under the threat of prosecution? If the parents of the children were not present or given the opportunity to be present and if the children were not given their rights, then any evidence collected would be inadmissable in court. The third question, is what point would prosecuting these children accomplish?
  • by ( 213219 ) on Saturday August 20, 2005 @12:37PM (#13362207) Journal
    Forgive me for a moment, this post may seem slightly off topic but I think that what we are seeing is the symptom of a larger problem and that is what I want to address in this post. So, flame away if you want.

    Kids, by their very nature are curious and, a bit rebelious. That hasn't changed in generations, kids have always been tempted by things that they know they should not do and kids have always been known to defy authority. I know I did, and I'll bet you did too!

    I was very fortunate to have had several teachers who were actually able to harness my curiosity and my desire to "push the boundaries." To this day, I think they were the best teachers I had.

    I also had the other kind of teacher; I remember specifically one English teacher who told us to read a specfic chapter. I got in trouble for reading beyond the chapter! I loved reading and simply got caught up in the story. Why he got upset is still beyond me.

    Many teachers no longer teach kids, they teach cirruclium. They expect kids to march in lock-step to their plans. Kids going though this feel like they are prisoners and that their teachers are little more than glorified babysitters! They get bored, they don't understand why they are being limited and, they naturally fight this by defying the silly rules established by the people in authority. In short, the kids will be kids (just like they always have been).

    Yeah, the kids hacked the computers and used them for things that maybe they shouldn't have. I have to say that the administrators of the school should have expected this.

    It seems to me there were probably a number of other things that could have been done - including a policy of "if you hack this, we will take it away from you and you will fail the class". The way that it has happend smells like the administration has chosen, intentionally, to make examples out of these kids. I suspect that this was done to send a message to future students "Don't mess with us" - but this kind of thing against kids seldom works and can easily backfire (especially if nothing comes of the charges).

    I feel for the kids, I really do. Not because they hacked the computers but because the administration and staff of the school have obviously made some poor choices along the way. This problem is a symptom of something wrong much deeper in the system. The teachers should realize they are teaching kids who are naturally curious, naturally push the limits, and naturally defy authority. If these kids were challenged, rather than restricted, they would learn a hell of a lot more.

    Teachers, please go back to teaching kids, not cirriculum!

  • by glitch0 ( 859137 ) on Saturday August 20, 2005 @12:54PM (#13362341) Homepage
    It's worse than that. I'm 17 and in a high school in Florida. Someone could walk up to you and punch you in the face, and even if you just stood there and did nothing you would both get suspended for 5 days.

    It's horrible because the kids that come from shitty neighborhoods do this to the kids that come from the good neighborhoods all the time because the shitty neighborhood kids get a week long break from school (their parents don't care, they have other things to worry about) and the good neighborhood kids get screwed by their parents.

    A friend of mine was recently expelled for a conversation that went something like this:

    Friend 1: "oh you won't believe what john did at lunch - he told everyone about your crush on cindy!!"

    Friend 2: "ugh he did? *in a joking playful tone* i could just kill him sometimes!"

    Teacher heard this whole conversation, told the dean, next day kid gets pulled out of class and is never seen again. And I was there for all of this - there is NO WAY that anyone could mistake him for being serious when he said that.

    Also recently at my school I witnessed a gross exercise of power by the principal. Food and Drink are not allowed in any buildings (except cafeteria) including water (yeah, i know, its florida. they do this to "reduce bathroom breaks." i'm not kidding either.) So, a kid runs 7 miles in the morning (cross country team) and buys a gatorade from one of the machines on campus. He's heading towards his locker and the principal is outside the building his locker is in. The principal tells him that he can't go inside with the drink. He tells the principal in a calm non-condescending tone "I don't agree with this rule, but I respect you enough to obey it and not bring this drink inside." and calmly waits outside periodically drinking his gatorade and talking to friends (keep in mind that this was like 20 mins before school starts, so he wasn't going to be late to class or anything.) With the principal still there, a teacher comes over and tells my friend to move out of the way because he is blocking traffic. Now, he is standing about 5 feet to the left of the door, and is clearley not blocking traffic, but he does as he is told and moves about 5 steps off the wall. About 10 seconds later, the principal begins yelling at him for moving from the spot. My friend tries to explain himself calmly and without attitude, but the principal will not have it. He then tells him to go to guidance and wait there. My friend went to guidance, waited an hour and no one showed up so he went to class.

    You would be suprised what goes on in public schools. Yesterday my history teacher who was giving a lesson on religions around the world did not know if Budda was fat in real life and when I asked about it I was told that it was of no significance anyway. I told him that in fact it could be rather important, as he had just taught us that Buddhism promotes freeing yourself from useless indulgences and possesions and that if Budda was actually fat then it would be contradictory to what he taught (as fat people are usually observed to be grossly indulgent.)

    I was then yelled at for "interuppting class" despite the fact that I had raised my hand and been called on as per procedure specified by him. Basically he tried to blame me instead of just saying something like "Actually, I'm not sure. If we have time at the end of class we can look it up on the internet."

    Anyway those are just some of my observations spending 12 years in the public school system.
  • Re:Taped? (Score:5, Interesting)

    by bmo ( 77928 ) on Saturday August 20, 2005 @12:55PM (#13362350)
    The taping of the password to the backs of the machines is what I call an "Attractive Nuisance", in my not so humble opinion. Here's a sample definition:

    attractive nuisance doctrine

            There is normally no particular care required of property owners to safeguard trespassers from harm, but an attractive nuisance is an exception. An attractive nuisance is any inherently hazardous object or condition of property that can be expected to attract children to investigate or play (for example, construction sites and discarded large appliances). The doctrine imposes upon the property owner either the duty to take precautions that are reasonable in light of the normal behavior of young children--a much higher degree of care than required toward adults--or the same care as that owed to "invitees"--a higher standard than required toward uninvited, casual visitors (licensees). -doctrine.htm []

    By taping the passwords to the backs of the machines, the school system had created an attractive nuisance, especially considering the "behaviour of normal children". This was like installing a pool, placing a sign saying "Don't Swim", REFUSING to put up a fence, and then disclaiming all responsibility when someone drowns (violates policy).

    The school administration in this case is a fucking waste of oxygen.

  • Re:Password security (Score:5, Interesting)

    by BattleTroll ( 561035 ) <> on Saturday August 20, 2005 @12:56PM (#13362358)
    Then stop making me change my account passwords every 30 days! That is the most irritating, counter productive thing IT groups do with password management. Sure, make me type in garbage with no repeating characters. Sure, make the password 12 or more characters with at least 3 numbers. This I can accept. But once I type in a conforming password, don't ask me to change it!

    Our IT department just implemented this 30 day policy on all of the IT services. Unfortunately they don't have a shared password system so each of the 10 applications I need to do my job have different passwords. And of course these passwords all expire at different times.

    I never used to have to write down my passwords. I had one that worked for all my work-related services. But now I'm writing them all down. If someone happens to find it, it's not my problem.

    Foist this stupid scheme on people and of course they're going to write them down. Better that than forgetting a password and have yourself locked out of the system you need to do your job. Next you waste 20 minutes of the day waiting for the arrogant IT guy to reset it all the while listening to him complain about all the password resets they've done that day.

    So frustrating. What's the point when a little social engineering can get a password without too much trouble?
  • Re:Human error (Score:4, Interesting)

    by Freexe ( 717562 ) <serrkr@tznvy.pbz> on Saturday August 20, 2005 @12:57PM (#13362367) Homepage
    probably something like
    kdfs845 d1fs1jg84 jbjfb3 njsiuv ]dbsdfb
    and remeber XF and which one to use from the other groups, in this case : first, duped, last, first, first.

    Things like that make it just as hard for someone to crack, but easier (for me at least) to remember

  • by PotatoHead ( 12771 ) <doug&opengeek,org> on Saturday August 20, 2005 @01:07PM (#13362428) Homepage Journal
    with kids.

    You will lose. Any sane parent knows this. The educators, with their specialized training totally should know this. As a father I know this.

    The policy should reflect the reality of computing today; namely, that any access control methods can and will be circumvented by those willing to do so. Period, end of story. There is very little the school could do to prevent this kind of thing, so why bother?

    Either the kids play ball, or they don't get their own computer. Have a lab room setup for those not willing to agree to the terms of use and those that think they are willing, but end up on the wrong side of the rules.

    Charging these kids with a felony crime is just wrong. It's going to affect their future far more than it helps the school keep control. I've a feeling this school is one of these zero tolerance, power tripping schools that does more actual harm than good.

    So, they could have just taken the computers, booted the kids, put them on an alternative learning track, etc.... But, continuing to escalate the issue the way they did invited trouble, was counter productive, and could easily be considered rather draconian. --> "Lets make examples of a few of them to keep the others in line". Yeah, like I want my teen going to a school like that.

    In the schools defense, the law has taken away a lot of their power these days. The school staff is sharply limited in what they can actually do without going to the courts. (Which makes a keen understanding of the whole power struggle thing all the more important!) When I went to HS, in the 80's, principles could still actually make kids *do* things. Breaking up fights, for example, often meant the principle stepping in there, grabbing some kids, and sorting things out. He was never in the office, walked around the school and kept order.

    Things are far different today where even touching kids can get educators in trouble.

    There is a fine line being crossed with the whole kids rights thing. In terms of things like expression, we should be yielding to the kids. However, in terms of behavior, we should let the schools do a bit more than they currently are, if we are to avoid the courts for teen struggles.

    Also, where the fuck are the parents in this whole thing? If this were my kid, I would quite honestly start working that school and legal system over until the problem was corrected. I'm all for kids towing the line, but it's a two way street. If the school creates an environment for failure, (which they clearly have), the punishment for that failure needs to serve some greater end. (Which it clearly doesn't.)

    This whole mess is a crock. Anyone, who has parented teens, who possesses just a bit of common sense would have been able to defuse this issue and move on. My gut says this whole small town is fucked up.

  • Re:Additionally (Score:3, Interesting)

    by Ernesto Alvarez ( 750678 ) on Saturday August 20, 2005 @01:53PM (#13362701) Homepage Journal

    This policy stipulated that passwords were only to be changed by the MIS department, and that all password requests must go through them.

    Under most circumstances that is actually a very wise policy. Many products, MS Windows Terminal Services among others, do not allow the admin to access the user account without his password.

    Requiring the admins to know the user password is NOT a wise policy. That policy mixes authentication and authorization. If two people need to know the password to an account to do something, you weaken security because you cannot be sure who used the system to do something and because you have doubled (or multiplied if more than two people know) the chance that the password might be disclosed (accidentally or maliciously).

    If you do not share the keys (and needing the keys to do some administrative task is sharing), you can be sure who did what on the system, with the added benefit of being able to change the policy easily (revoking rights, for example).

    A good way of dealing with passwords can be found in military manuals (don't remember which manual exactly, but I think it's in the NISPOM []). To set a password, the user has to go see the security officer and request a change. Then the system chooses a random password and shows it to the user (but not the security officer). By doing this, the security officer knows all the necesary details, but does not know the password (so he cannot pretend to be the user).

    Of course that does not prevent the user from writing a copy of it under the keyboard, only education helps with that.

    By the way, I use MS terminal services also. I have my own account so it is known that it's me using the system (authentication) but my powers come from the fact that I belong to the administrators' group (authorization). Of course I cannot log in directly as another user, but that need is not very common either.
  • Re:Additionally (Score:3, Interesting)

    by blincoln ( 592401 ) on Saturday August 20, 2005 @02:00PM (#13362743) Homepage Journal
    If software requires that the admin knows the user's password to do basic administration, then you need to consider alternative technologies.

    I can see both sides of this issue.

    The reason Windows doesn't allow superusers to su to other accounts without their password is for accountability. It's a lot harder to notice a rogue admin reading and modifying files of execs when he/she can do it without knowing their password.

    There are ways around the restriction in terms of necessary administration. If someone is fired or leaves the company, an administrator can transfer ownership of their files to another user, giving them access. If an admin really needs to log in as someone else without their consent (maybe for legal investigative reasons?) they can change the password on the user's account.

    Now, where this breaks down is something like Exchange. My admin account at work is a member of the Exchange administrators' group, meaning I can read anyone's email in the company without knowing their password. That's frequently the information that should be the *hardest* to get to.

    OTOH, logically I believe that *ix has it right when it lets the superuser do *anything*. Dear Microsoft: I'm not really an administrator if there are processes I can't kill, and files I can't delete.

    The ownership stuff I mention above is an illusion anyway, since as an administrator I could install a keylogger on someone's workstation to get their password.

    Anyway, that was kind of a ramble, but my point is that it's a philosophical difference. Windows is designed in most ways to be Nerfed so that you don't shoot your eye out, and most of your admins don't know how to access restricted information without leaving a trail.
  • by King_TJ ( 85913 ) on Saturday August 20, 2005 @02:13PM (#13362796) Journal
    Rather than charging students with crimes for this type of activity, I'd be for the immediate termination of anyone on the high-school's "I.T. staff" who actually thought this was a good or even "workable" policy!

    If there really is a "hidden agenda" of fishing for "troublemakers", that's a very poor way to accomplish anything. I mean, hey, why not issue knives to every incoming student too and just sit back and wait to see who starts stabbing people?

    And anyway, historically speaking, the tinkerers/experimenters of the world are the ones who accomplished and contributed the most to society as a whole. "Respect for authority" be dammed.... Computers are all about exploring and experimentation. If you can't even create a "virtual sandbox" of sorts out of the system configuration you're issuing your students, so they have "boundaries" to what they can do on said machines, that just illustrates that the students are smarter than the faculty. The tools *are* and *have been* available to restrict usage of computers to only specific applications. If you opt not to use them, then I think you're making a de-facto vote for allowing students to do as they will with the laptops.

    You know which ones are most likely to go off and install programs like iChat AV or take full advantage of "remote control" software they figure out how to use? That's right -- the smartest ones and the ones who actually *enjoy* using a computer! But no, we have to punish them and encourage the mediocrity instead. Teach students that computers are ONLY there for specific tasks we set up for them in advance. Don't "have fun" with it or you're a "hacker". Drum all the curiousity out of them. It's EVIL!
  • Re:Human error (Score:2, Interesting)

    by Dollar Sign TA ( 895332 ) on Saturday August 20, 2005 @02:16PM (#13362811)
    I would take them aside and explain that the mundanes are terrified of them, and ask them to hide their brains when in such company
    Way to get your kids to be cocky bastards. Don't forget to tell your daughters to hide that they're smart in public. Sounds like a good policy to me.
  • Re:Human error (Score:5, Interesting)

    by Jah-Wren Ryel ( 80510 ) on Saturday August 20, 2005 @02:49PM (#13362950)
    Why do people write down the real password?

    Because no one ever suggested otherwise!

    Seriously, the biggest part of "having a sane password police" is to TEACH THE USERS BEST PRACTICES.

    Everywhere I've worked, and I've worked at a lot of places since I've been contracting since the early days of the internet bubble, there has been zero user education about passwords.

    Typically the IT department comes up with some rules and they think their responsibility stops there. Since they never bother to teach their users the best way to follow the password rules, it is no surprise that the users come up with all kinds of cockamamie schemes.

    These people aren't computer security experts, they are just regular schmoes who want to get their work done wit h the last amount of hassle. They've never had to think deeply about password security, so of course most of them never will on their own. They will take the path of least resistance to getting their work done and writing their password down in an easy to find place is very low resistance.

    Teaching them smart and effective password techniques is one of the surest ways to improve security that there is.
  • by gameshints ( 629632 ) on Saturday August 20, 2005 @03:13PM (#13363053) Homepage
    This reminds me of a time in High School when I was called to the office and told my network folder had been cleared and my login disabled for downloading MP3s. What were these MP3's that I downloaded? JFK's speeches for a final project in one of my classes.
  • Re:Human error (Score:3, Interesting)

    by arminw ( 717974 ) on Saturday August 20, 2005 @04:55PM (#13363439)
    ....Because it does not work when you have 10 or 20 different systems...

    Computers are much better at remembering stuff like passwords than most of us. Let the computer remember all your passwords in an encrypted password file. Then all you have to remember the ONE very good password that unlocks that file. Macs come with a nifty thing called keychain, where all password are stored. Many Internet sites and other servers get the password from the keychain automatically if it is already unlocked. The default is to unlock your keychain with the same password when you log in to the Mac. However, that may be changed by the user. A separate password can be used for the keychain. I am sure there must be similar schemes available for Windows. Of course, this doesn't help anyone who must log in from many different computers in various places. Here is an opportunity for someone to come up with a cheap, calculator type gadget that stores passwords securely. It can then display the login data on a screen or feed it directly to a computer via a USB plug or bluetooth wireless. Such a function could easily be added to a cell phone.

The relative importance of files depends on their cost in terms of the human effort needed to regenerate them. -- T.A. Dolotta