Reporter exploits weak Wi-Fi network; accesses student info
When the Palo Alto Unified School District decided to go high-tech and install wireless computer connections throughout it offices and on some campuses, it obviously hadn't gambled on security becoming an issue.
Armed merely with a laptop and a wireless connection card, a reporter for the Palo Alto Weekly succeeded last week in exploiting the school district's insecure network setup, obtaining some students' grades, home phone numbers, addresses, medical information, psychological evaluations and even full-color photos of the kids.
"I was sitting on the lawn, barefoot in front of the office," said Rachel Metz, the reporter who uncovered the system's weaknesses. "I was just looking to see what was going on, basically."
Metz, the weekly's education writer, discovered the vulnerabilities while researching an unrelated story at one of the district's middle school campuses. While taking some notes on her Apple iBook during an interview, a wireless connection popped up as active on her screen.
[ Read more ]
For all your wireless security information needs, visit the Wireless outside articles section of HNS.
- Review: Deploying License-Free Wireless Wide-Area Networks (14 May 2003)
- Article: Positive Identification in a Wireless World (6 May 2003)
- Article: Warchalking and Other Wireless Worries (3 April 2003)
- Article: How to Make Wireless Networks Secure (26 March 2003)
- Article: Interview with Cyrus Peikari, CEO of AirScanner Mobile Security (24 February 2003)
- Review: Maximum Wireless Security (17 February 2003)
- Article: Detecting Wireless LAN MAC Address Spoofing (22 January 2003)
- Article: Avoid Wireless LAN Security Pitfalls (17 January 2003)
- Article: Interview with Jay Chaudhry, CEO of AirDefense (7 January 2003)
- Review: Wireless Security and Privacy: Best Practices and Design Techniques (17 December 2002)
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.