#EliSec and our team would gladly take up the challenge to make the FCPS intranet system more secure. Computer security, like privacy technologies of all types, is a highly political subject. Individual careers and the power base of huge bureaucracies, both government and corporate, sway in a balance so delicate that a major public event, such as the recent divulging of private student information, could tip the scales. Information security is essential in order to prevent potentially costly and embarrassing security lapses. One can't simply buy a one-size-fits-all box or install some expensive software and assume that all problems are solved. It all comes down to worker training and constant, diligent efforts on the part of all workers in a company to achieve a reasonable level of information security. Our team of consultants use unconventional techniques to discover both vulnerabilities and provide indepth network security solutions for our customers.

#EliSec
HashtagEliSec@gmail.com

Disclaimer: #EliSec and all words included in the letter above are fictitious and are intended only for entertainment and comical value.

If a (presumed) high school student had enough knowledge to get past FCPS security systems, then that says a lot about their IT department being clueless to security.

I bet the people they have on staff only know about FORTRAN and COBOL and C+ and are still running windows 95. IT is ALWAYS changing and one must be willing to study new technologies as they come about- but it feels like the IT staff for FCPS just does the bare minimum to get by (as long as its working RIGHT NOW I'm not even gonna try to improve upon it!) and become complacent in their jobs (it's a government job, what did you expect?).

FCPS, I implore you to spend extra on your IT staff to make sure EVERYONE is up to date on security standards!!!

my 2 cents Wrote:
-------------------------------------------------------
> If a (presumed) high school student had enough
> knowledge to get past FCPS security systems...

As noted by another poster elsewhere, this appears to be a case NOT of a "hack" but simply of a "Oh, look what was left on this loaner laptop!" (or equivalent).

Because the original file was generated in June and the copies posted were made in October, it appears the SIMPLEST answer to "How did this happen!? is that someone got access, probably perfectly legitimately, to a laptop or PC that had the file either just sitting there or in the Recycle Bin or maybe deleted but still on disk. It would be more difficult to have "stolen" the file than simply to have found it.

> ... then that says a lot about their IT department being
> clueless to security.

True.

But if the file was simply found rather than stolen, then the police-stated potential charge of "Criminal Trespass by Computer" probably wouldn't stick. And, if this IS the case, then it is unlikely ANY laws were broken because the data was freely given to the person who made it public.

Maybe.

Nota Lawyer Wrote:
-------------------------------------------------------
>
> But if the file was simply found rather than
> stolen, then the police-stated potential charge of
> "Criminal Trespass by Computer" probably wouldn't
> stick. And, if this IS the case, then it is
> unlikely ANY laws were broken because the data was
> freely given to the person who made it public.


if it was the case that someone just stumbled upon and found the file(teacher's kid), it would still be an issue with FCPS information assurance and network security because a copy of the information was made available to a person not authorized.

"Only schools not 'bloggers' can violate FERPA"
Attachments:

Eli The Security Consultant Wrote:
-------------------------------------------------------

>
> #EliSec
> HashtagEliSec@gmail.com
>


I sent you an email

taxation without representation Wrote:
-------------------------------------------------------
> "Only schools not 'bloggers' can violate FERPA"

The FCPS outside legal counsel specifically referenced FERPA. Which means Cary is going to be able to put that file back up on January 4 after the emergency temporary order expires.

Unless their legal counsel takes the time to figure that out before then, and can pull some other irrelevant legal reason out of their asses.

Can a lawyer be disbarred for knowingly and falsely citing the wrong legal authority in a motion filed in a federal court? Or at least for lying to a federal judge by saying this file needed to be taken down because it violated FERPA?

You know what that means? Wrote:
-------------------------------------------------------
> taxation without representation Wrote:
> --------------------------------------------------
> -----
> > "Only schools not 'bloggers' can violate FERPA"
>
> The FCPS outside legal counsel specifically
> referenced FERPA. Which means Cary is going to be
> able to put that file back up on January 4 after
> the emergency temporary order expires.
>
> Unless their legal counsel takes the time to
> figure that out before then, and can pull some
> other irrelevant legal reason out of their asses.
>
> Can a lawyer be disbarred for knowingly and
> falsely citing the wrong legal authority in a
> motion filed in a federal court? Or at least for
> lying to a federal judge by saying this file
> needed to be taken down because it violated FERPA?



WRONG.

The motion says that John Doe a/k/a Fairfax Leaks, likely violated FERPA.