Evolving Thoughts

Student database to attract hackers

Posted by John S. Wilkins on June 17, 2008
(7)
More »

Okay, so while we’re bagging on Queensland, here’s a couple of articles (Ars Technica, ZDNet) on a proposed and apparently non-negotiable database of Queensland students, including their

things like photos, career aspirations, off-campus activities, contact information, behavior records, attendance, and performance records.

But don’t worry: the minister has declared that it won’t be hackable, and we all know how well politicians understand hacking, and how well hackers behave when politely asked. And of course no hackers might want to use that information for nefarious purposes neither.

Do these people have no idea? For a start, when you set up a system, computer-based or not, that benefits only the administrators, it follows as night follows that bright part of the diurnal rotation it’s hard to sleep through that it will end up being abused, because there’s no motive for the administrators to ensure that it is accurate and secure. It’s databasing for the sake of it. A bit like freebasing, I think, only for public servants and politicians.

(7)
More »

Comments

  1. #1 MartinDH
    June 17, 2008

    Hmmm…sounds like deliberate HAXX0R bait. Just a bit of raw and wriggling data to pull those dangerous nerds out of the woodwork so they can be “detained” as “terrorists”.

    Martin

  2. #2 Ian H Spedding FCD
    June 17, 2008

    Of course, hackers being hackers, they’re not going to be deterred by an obvious lure. It’s just another opportunity to prove they’re smarter than the security programmers.

  3. #3 themadlolscientist
    June 17, 2008

    All this database needs is a huge flashing sign:

    HACK ME! HACK ME! HACK ME!!!!!!

    OTOH, I suppose a sign would be redundant. Just saying “hackproof” in the fine print is enough.

  4. #4 Brian English
    June 17, 2008

    Idiots. This is so dumb.

  5. #5 Kirsty Thor
    June 18, 2008

    Could re-publishing ( they made it visible in the first place) the names and mobile phone numbers of the project officers responsible (!!??) for deploying the oneschool “managed operating environment” thoughout the state be considered to be poetic justice, giving them a taste of what they exposing the kids to, invasion of privacy? I say yes, so here they are:
    Milton Chalker 0427 625 537
    Mark Boustead 0428 785 790
    Lex Plant 0428 714 716
    Greg Moulder 0419 170 163
    Ian Rosenberg 0417 607 830
    Elizabeth McGowan 0427 032 284
    Rudy Schumann 0427 135 414
    Jason Raaschou 0407 599 251
    Paul McDonald 0409 347 006
    Darren Howlett 0428 755 494

    The names and mobile numbers of the district liason officers reponsible (!!??) for implementing the monster can be found at
    http://education.qld.gov.au/oneschool/district_liaison_officers.html

    Gee, they make it hard don’t they? Doesn’t it inspire confidence in them? Not.

    And if you want to see what the data records are actually like, mine’s contained in this document which the department has shown everyone:
    http://education.qld.gov.au/oneschool/docs/change_management/cm_bsm_support.pdf

    Cheers, Kirsty.

  6. #6 John S. Wilkins
    June 18, 2008

    My god, is that your real data? That is appalling. I was going to anonymise the phone numbers you put up there but on reflection I think I will leave them there.

  7. #7 Daniel
    February 6, 2009

    the only thing i don’t like about it is the fact that they have taken away the right click button, apart from everything else its fine