Skip to comments.
Blame game [Google posting student info]
JournalNow -- Nort Carolina ^
| Lauren Williamson
Posted on 06/26/2006 11:41:42 AM PDT by WaterDragon
Catawba County Schools took aim at Google Friday.
The system filed an injunction against the Internet search engine
The temporary injunction, granted by the Honorable Richard D. Boner, calls for Google to remove any information pertaining to Catawba County Schools Board of Education from its server and index and alleges conversion and trespass against the corporation.
In short, schools say Google grabbed information they shouldnt have.
Google says they are wrong.
Either way, the names, Social Security numbers and test scores of 619 students were still bouncing around the Web for people with computers to find and read until late Friday, when the page was apparently removed.
Catawba County Schools chief technology officer Judith Ray said her department removed the file from its storage server Friday. They are also working to delete any other electronic files that may contain Social Security numbers or other secure student information.
The information was stored in the systems DocuShare server, which required a username and password to access, Ray said.
One of the students on the list had a presence on the Web, she said. In Googles effort to get information on her, one of its spiders latched onto her name in this document. We were not aware that password-protected sites are set up like that. To our knowledge, Google could only cache unsecure information that did not require a password or username.
(Excerpt) Read more at journalnow.com ...
TOPICS: Business/Economy; Constitution/Conservatism; Crime/Corruption; Culture/Society; Extended News; Miscellaneous; News/Current Events
KEYWORDS: bigunit; boner; google; idtheft; lawsuit; northcarolina; privacy; schoolboard; students
Navigation: use the links below to view more comments.
first previous 1-20, 21-27 last
To: WaterDragon
Catawba County Schools Superintendent Tim Markley discusses his frustrations with Google on Friday. The names and social security numbers of 620 students from Catawba County Schools are posted on the Internet search engine. ROBERT C. REED (RECORD PHOTOGRAPHER) -------------------------------------- If ever there was a "Caption this pic"...this guys is NOT happy with Google, no, not one little bit. "I'd like to get the guy in charge of Google and wrap my hands around his scrawny little neck and...!!" :-)
21
posted on
06/26/2006 12:15:16 PM PDT
by
pillut48
(CJ in TX)
To: 6SJ7
If the school does not want Google searching their pages, they need to add code to the site to instruct the Google web spiders to skip the site. Yeah, it's the school's fault. Google respects robot.txt files. Actually, it's a good thing that they found out through Google, there are LOTS of other spiders that are testing web sites for security holes. Heaven knows what else got out.
22
posted on
06/26/2006 12:15:23 PM PDT
by
glorgau
To: 6SJ7
Yep, happens all the time. I frequently tell people that they SHOULD NOT put any information on the web that they don't want the whole world to see, and I'm constantly shocked at the number of people who will argue the point. Web servers are PUBLIC RESOURCES. When you publish information onto the Internet, you are putting it somewhere that the whole world can view. For non-programmers, effectively protecting sensitive data online is almost impossible.
Situations like the one you described are common...people will put the "protected" files in an otherwise public folder, and then limit access to it via a password protected page. Unless you're on a Unix box with a well crafted htaccess file, that just isn't going to work. All it takes is ONE person or ONE web page to link into your "protected" folder, and the security will be irreparably broken. It's the security equivalent of sticking a key under your doormat.
I once visited a webpage that had customer data hidden behind a "secure" login. The routine was written in Javascript, and was entirely client side. When I caught what they were doing, I was all set to get the password from the source code (hey, it's on my computer, it's perfectly legal for me to read it) and send the webmaster a flaming email, but when I looked at the code I found an even dumber mistake...the code contained the actual URL of the "protected" pages". I copied it into my browser, hit enter, and read this wonderful list of fairly sensitive client documents. That kind of stupidity was staggering.
To: WaterDragon
Quoth the IT weenie Ms. Ray...
One of the students on the list had a presence on the Web,... In Googles effort to get information on her, one of its spiders latched onto her name in this document. We were not aware that password-protected sites are set up like that. To our knowledge, Google could only cache unsecure information that did not require a password or username.
It sounds like Ms. Ray is unaware of the fact that a null password isn't really a password at all. St00pid n00b.
24
posted on
06/26/2006 12:33:35 PM PDT
by
Redcloak
(Speak softly and wear a loud shirt.)
To: Arthalion
Perhaps someone with your technical saavy could have contacted them with a warning and offered to help secure the site. A little moonlighting that would also earn you the gratitude of your fellow (less technical) human beings.
To: WaterDragon
School Finds Out It's Not Google's Fault
More controversy was added to the situation after some sources reported that Google spiders had "hacked" the school system's server to index the information. But both the school's chief technology officer and Google (and a few others with the skinny on how this works) say that Google crawlers cannot bypass password protection to access and cache content.
In short, it's most likely the school's error and if lawsuits ensue from the parents of affected students, Catawba County Schools Superintendent Tim Markley will likely be making the same face he's making in this photo
To: Libertina
Perhaps someone with your technical saavy could have contacted them with a warning and offered to help secure the site.
I've known people who tried to do this very thing and were accused of "hacking their computers".
Of course, accusing somebody who is pointing out your security problems is much cheaper than winding up with a bill from them.
The US Navy had a lot of information posted recently on service members and families, including SSNs and birthplace/dates, and the same thing happened.
Like others have said, if it's connected to the internet, unless you really secure it, it's fair game for Yahoo, Google, MSN, etc.
Navigation: use the links below to view more comments.
first previous 1-20, 21-27 last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson