[jneal]

This reminds me of something that happened to me in high school back in 1999. I found an Excel doc in a public network drive that contained every single student's SSN, DOB, whether they had free/reduced lunch, address, phone, etc. I was admittedly snooping around, but this was all public stuff every student and teacher had full access to.

When I found it, I told one of the teachers that I trusted and she insisted that I must tell the principal. So I went down to the principal's office and told her. My primary goal was to get this removed or made private because even at that young age I knew this was very sensitive data and I wouldn't want just anyone having access to my information like that.

When I got home from school, I found my mother upset because we'd been called to return to school for an emergency meeting. I was questioned, and when I told them I only wanted this sensitive information properly secured I was told by the county IT administrator "Did you ever stop to think if maybe this information was public for a reason?" I took a second, and literally wanted to say "There is no reason this information should ever be public" but I ended up keeping my mouth shut in hopes to not get into further trouble.

I was nearly expelled for "hacking". They placed me on "academic probation" and threatened that if I did so much as forget my school ID at home one day, I would be immediately expelled without question. I was removed from my elective classes that involved computers and was disallowed from touching any computers at school.

Fun fact: Someone on the yearbook staff accidentally deleted the only copy of the yearbook files and our yearbook was in danger of basically not being made. I was called to the principal's office and asked to help. I was able to recover the deleted files and save the day. At some point they realized I never had malicious intent, but I still hold a small grudge for the way I was treated as a criminal for uncovering such a big security hole.

[ScottBurson]

> I was told by the county IT administrator "Did you ever stop to think if maybe this information was public for a reason?"

Absolutely jaw-dropping.

People's reactions to this kind of thing just blow my mind. If you are about to walk away from your car, having parked it in a high-crime area, and a passerby points out to you that you haven't locked it, do you call the police and have them arrested for looking into your car? If they were going to steal your car, would they have told you about it???

My wife ran into this back in 2001 or so. She had visited some Web site and noticed that the URLs followed a familiar pattern -- I think related to the Microsoft Access database. She wondered if some internal files were accessible via paths analogous to those she'd seen on the intranet where she worked. Sure enough, they were. She told the company about it, and of course they yelled at her.

Unfathomable.

[eximius]

> "Did you ever stop to think if maybe this information was public for a reason?"

If it was meant to be public, then you shouldn't have gotten in trouble for pointing out its existence. I don't understand the twisted logic there.

[ludamad]

This is public for the teachers, snooping this file is the same as rummaging through teacher's stuff!

[codeisawesome]

Then why wasn't it protected by authentication available to teachers only?

[mattstreet]

Yes, teacher's stuff containing a ton of other people's SSNs and other personal info and sitting around for anyone to access without any barrier! Totally cool, just hope no one does an rummaging!

[godzillabrennus]

I had a similar thing happen to me. In high school our user names were first letter of first name and last four of last name. The passwords were the last four digits of our phone numbers.

I figured out that the teachers had the same schema for their accounts. They also published a directory with all the names and phone numbers of the students and teachers. So basically I tried accounts until I got a teacher who didn't change their password. Then I used their ability to place files in shared folders on the network to distribute Quake2 across the different servers. I told a friend and they told people and inevitably the school blamed me for it and kicked me out of all my electives that had computers in them. I was the first student to ever fail touch typing because I couldn't complete the class.

Standardized learning and I have never been friends. I'm glad they tought me the system doesn't work and to work/learn outside of it.

[Obi_Juan_Kenobi]

I don't think that's really similar at all. You circumvented password protection and used it to play games. I don't agree with the punishment, but you clearly broke the rules. I also don't see that as having anything whatsoever to do with standardized learning, just you wanting to play games at school.

[AnthonyMouse]

It does fit with the trend of crazy overreactions to "computer hacking" though. If some kids figure out where you keep the keys to the gym and you catch them playing basketball after hours when it's supposed to be closed, you give them some detention, you don't prohibit them from ever entering the gym thereby causing them to miss school assemblies and fail classes. But do the equivalent thing on a computer and they assume you need the Hannibal Lecter treatment or else you'll whistle into a phone and bring forth Armageddon.

[grillvogel]

this isn't really the same, it sounds you logged ("hacked") into someone elses account by correctly guessing their password and then used their account for nefarious purposes

[nogridbag]

A similar thing happened to me at my university. This new website came out called TheFacebook.com and it seemed hip to add artificial friends like famous actors, super heroes, etc. I had the bright idea to add the school president as a friend by creating a fake account like the thousands of other fake accounts on TheFacebook. I needed a university email address, but luckily, my school allowed you to create a personalized email alias. What should I change my personalized email address to...? How about <president's name>@mail.myschool.edu? That would be funny - and I'd just revert it back after creating the stupid FB account.

There was some problem with the alias. I couldn't receive the FB confirmation email. So I gave up and went to sleep. The next morning I received a call from the campus police - they wanted to talk to me. I don't remember all the details, but I just remember a long process of being interrogated by campus police and later school administrators who were certain that I had hacked the president's email account. I mistakenly thought simply telling them "I wanted to add the school president as a friend on TheFacebook" was innocent and harmless enough. Some time later I received a letter with a list of 20 or so charges including things like Identity Theft and the possibility that I may be expelled.

I only found out at the end of this whole process that due to a bug in the mail system it allowed me to register a duplicate email alias and all of the school president's emails were being bounced and they assumed I was receiving them. I was able to knock it down writing an apology and community service.

[refurb]

Some time later I received a letter with a list of 20 or so charges including things like Identity Theft and the possibility that I may be expelled.

Wow. Whatever happened to the cops coming and saying "That was dumb. Let this be a lesson. Don't do it again."?

[xigency]

To be honest, that sounds like a really stupid idea.

[gregmac]

> I was nearly expelled for "hacking". They placed me on "academic probation"

This reaction makes me very, very angry.

I would love to push it back on them: it's unclear under what laws/regulations this would fall, but if you (as the student who found it) can get in trouble for finding this info, they can most certainly get in trouble for posting it in a location it can be found in.

Further, because you were actually punished for it, it means one of two things: they were in fact in the wrong for publishing it (and thus should be punished -- whether it's a criminal offence or merely a professional reprimand); or if they can't be punished, neither can you -- which means the principal should be in trouble for a giving out a groundless punishment.

In my mind, it ceases being an "honest mistake" when they attempt to punish the person who points it out.

I realize that the real world is much more complex than this: you were a kid, your parents don't necesarily want to put you through the doubtless retaliation the administration would put you through anyway (even if not official), and the people with the authority may not see it the same way (in the same way police officers rarely charge other officers with crimes).

[iamdave]

Remember clock Ahmed the clock kid? I had a situation almost exactly like his, except I made a working FM radio, could change stations and listen to local news and weather, I thought it was the coolest thing ever.

The school did not, and the district superintendent agreed with them. Who knew that an FM Radio made out of a La Gloria Cubana cigar box-with labelling removed so as not to run afoul of any "tobacco paraphernalia" questions constituted a "bomb".

Parents sued to have me reinstated, but the social stigma lasted well throughout high school. Kids nicknamed me "bomberman" and there was this whole narrative that I had to be removed from the school, handcuffed by the FBI and put into the back of a box truck and hauled away. When in reality, my dad picked me up in his Honda (which would later become my Honda) and we drove home.

[TomSawyer]

It sounds like you weren't sufficiently brown to get media attention? "Public school bureaucracy run by bureaucrats" doesn't have the right mass appeal.

[dragonwriter]

> It sounds like you weren't sufficiently brown to get media attention?

Or just didn't have a family with the right media instincts.

> "Public school bureaucracy run by bureaucrats" doesn't have the right mass appeal.

It has incredible mass appeal, which is frequently exploited politically -- by both sides of the political spectrum.

But for it to get media attention, someone's got to get it to the media's attention. Outside of people and institutions that are already high-probability news sources, the media isn't really actively monitoring what goes on to find potential stories, things become stories because someone involved brings it to the attention of the media.

[mrgoldenbrown]

Ahmed: police called. handcuffed, questioned for 90 minutes, transported to juvenile jail, all without being able to see parents. plus racist comments.

iamdave: picked up from school by his dad, no police involved.

Not exactly the same situations. Both crappy situations, but Ahmed's treatment was an order of magnitude more inappropriate.

[iamdave]

Well my intent here wasn't really to make a comparison of our situations as much as it was to highlight heavy handed bureaucracy within primary educational systems.

[iamdave]

>It sounds like you weren't sufficiently brown to get media attention? "Public school bureaucracy run by bureaucrats" doesn't have the right mass appeal.

We're brown, I think colloquially "black".

[powertower]

> Remember clock Ahmed the clock kid?

It turned out that his invention was a fully pre-built alarm clock removed from its plastic housing.

Also other details emerged that pretty much sealed the case against him - what he did was create an intentional hoax.

[dave2000]

That's your take-away from the situation, not the fact a child was handcuffed and treated like a terrorist for purely anti-Muslim reasons? Wow.

[geggam]

Crystal radios were a school project taught in science class when I was in high school

[gist]

> This reaction makes me very, very angry.

You are hearing one side of a story (that doesn't mean there is another side that would change your mind or my mind of course) but keep in mind that the parent also said "I admit I was snooping".

Let's say for arguments sake someone enters a room that they are not supposed to be in and finds something in a desk drawer that shouldn't be there. Should the person snooping be commended for doing that? As if a reward saying "go anywhere anytime and as long as the end justifies you are off the hook". Are you allowed to enter your neighbors house in search of contraband or access his computer? I realize this was allegedly "public" but the devil is in the details of what that means exactly.

[stordoff]

> I was nearly expelled for "hacking". They placed me on "academic probation" and threatened that if I did so much as forget my school ID at home one day, I would be immediately expelled without question. I was removed from my elective classes that involved computers and was disallowed from touching any computers at school.

Makes me glad that my school was reasonable when I got dragged into some "hacking" accusations. We were just made to work with the IT staff for a week (instead of going to classes), and that was the end of it.

The IT staff were surprising fine with it all (I think they realised A) that we weren't malicious, just bored and curious, and B) that it was their mistakes that gave people access (VNC server installed on all PCs with the password "vnc"; domain admin. account having the password of "school" etc.)

[brianpgordon]

I got in a lot of trouble in high school for playing with the DOS prompt in Windows. My teacher told the principal that the scary black window full of monospace text was -and I'm quoting here- a "highly sensitive zone" on the computer that no innocent student would access. Obviously I protested, and predictably the principal didn't believe a word of what I had to say.

I believe I had to stay up late writing a 4-page apology paper to forestall disciplinary proceedings since my family was planning to go on vacation the next day.