by Mike Masnick
Wed, Oct 17th 2007 5:41am
We've heard so many stories where whoever discovers a security vulnerability (and calls attention to it) is later blamed for that vulnerability. At this point, perhaps it shouldn't be surprising, but we keep hoping that people begin to realize what a ridiculous policy it is, and how it simply pushes people to keep quiet about security weaknesses, leaving them vulnerable to those who would do harm. In the latest case, the good news is that a student who found his university revealing names, social security numbers and grade point averages has not been expelled, but apparently the school came very close to making that decision. The school accused him of breaking "a university computer use policy that prohibits unauthorized people from accessing confidential files that may have been inadvertently placed in a publicly accessible location." Yes, you read that correctly. The school has a policy saying if it screws up and you accidentally access a file it shouldn't have made publicly available, you are to blame.
If you liked this post, you may also be interested in...
- NSA Director: If I Say 'Legal Framework' Enough, Will It Convince You Security People To Shut Up About Our Plan To Backdoor Encryption?
- Lenovo CTO Claims Concerns Over Superfish Are Simply 'Theoretical'
- Lenovo Quietly Deletes That Bit About 'No Security Concerns' To Superfish... While Superfish Says 'No Consumers Vulnerable'
- Lenovo In Denial: Insists There's No Security Problem With Superfish -- Which Is Very, Very Wrong.
- President Obama: I'm A Big Believer In Strong Encryption... But...