Well hey guys. Wether you believe me or not I'm the actual 15 year old (Now 16) student that got in trouble for all this mess. I got suspended for 4 months and finally got back in school Febuary 2nd.

Just want to see what it is that you guys have to say about this, any questions you have I'll gladly answer, Im very open about the whole situation.

There's something unpleasant about the Times Union link. Norton reports an intrusion attempt.

This kid just proved his onesty and intelligence by, alerting the person above him. To most industries the Network Security officer should be on the run for not doing their job. It's like if your neighbor has wireless and doesn't password it , you connect and use it , is that stealing... no nobody ownes the airways it their stupid fault it's not protected. I think the kid should have the security officer's job. They did not know but, he made them aware of it. I seen this happen at the local district here.. The court dropped all charges, no information was tampered with. For the people that says this is wrong "hang the boy" I say not he was helping out. It been have been secured already. So security or IT staff were was you?

There was an incident where a few people got in trouble for cheating at my school last semester. The problem was that the answers were plainly available online, the person that initially discovered them got in trouble for hacking, and spreading them around, when all he did was a Google search, and anybody else could have just as easily found them.

...but shooting the messenger is still as popular as ever, it seems.

Sounds to me more like walking through the parking lot, seeing the window down on the principle's car, poking a head in to see what's inside, and then telling the man that his car's wide open.

Then, instead of a hearty thanks, gettin' the clappers slapped on instead.

Lame...

If you're going to be dumb; you better be tough.

---
"law" in USA?
One more example how great the "legal" system is in the last communist nation, the USA! The Big brother/boss/ruler/etc is _always_ right, right?
---

Don't disgrace socialism by comparing the wonderfully capitalist, imperialist, near (ha) fascist US to it :p

---
Most schools have a policy against hacking
Hey, the kid hacked and probably left a trail behind so he was wrong and should be punished. If all he did was advise the school that their network was vulnerable, I doubt he would have been punished.

As usual, your reports are written the way you want people to view the world and not necessarily objectively or accurately.
---

See below plz. He didn't have to 'hack' anything. Due to an error on the network he and anyone else with the same type of account, regardless of access level, had access to the file.

---
There's a guy in my neighborhood doing the same thing
The way my particular neighborhood crook works is, he wanders around after dark trying out people's car doors. When he finds one that is unlocked, he rummages around in the car to find what he can. He almost never takes anything (only things with immediate value like money).
This 15 year old kid is doing the exact same thing. The only difference is, him and the dummies who write for the Inquirer are the ones who don't get the point. What's the point? You just Do Not rummage around in other people's belongings.
15 yr old crook: "Yes but you left your car door unlocked! Anybody could rummage around in your belongings!"
Any ordinary person: "I Don't Care, You Go To Jail You Dumb Arse".
---

Wrong. Big difference. Intent to deprive property; which is absent from the kid who explored the network and consequently found an unsecure file. What the kid did is not similar to 'trying a door' in the least. The kid had every right to 'open' the door he did; all he used was his own student account and had access to the file. This was the sysadmin's mistake, not his. Furthermore he reported the insecurity rather than 'take the cash.' He should be protected under good samaritan laws afaic. Refrain from analogies unless you're completely sure about the similarity of the methods used. There was none here.

If you left your car unlocked and a kid knocked on your door and told you that your car is unlocked, would you call the police? Assuming for a second that the kid had not stolen anything and just wanted to help? 

The fact is, some websites have god awful security. If I visit www.aschool.com/students/index.html and I change the URL in my browser to www.aschool.com/teachers/index.html and I get a web page, I'm I a hacker for doing so?

As it happens, I'm a developer and I am interested in this kind of thing. I have found a few sites over the years that are/were wide open to attack, never once have I been tempted to do anything with the data nor have I ever divulged what I found to anyone else. I have been tempted inform the site owners about the problem but have never done so for exactly this reason.

The article does not say exactly what the kid in question did. If he browsed around an insecure site and did nothing more than inform the school of the problem, then I don't think he should be punished. If he did some damage while there (IE to prove he had access), then I think he should be punished.

If it's the first case, it's more likely that some adults don't like being shown up for the fools they are by a child.

In the second case, one could argue that an act of vandalism took place, and I would be up for punishing the child.

This case could be a case of shooting the messenger. It would be interesting to see how it develops.

its still wide open from here.... fscking boring network.

i spose we could cause some havoc if they convict that kid?

@ Grunchy

The difference being that your neighbourhood crook doesn't then try and tell the owner that their car door is unlocked.

People are curious - it's how we discover things - and to not expect some people to try to get into places (in a non-illegal manner) would be stupid. Obviously, the guy trying the door on your car is doing an illegal activity because he has no business getting into your property. But someone who has a password that works and is using the same network has no reason not to poke around if they want to.

It's like finding some documents scattered in the local park and then getting prosecuted for returning them.

To the people who seem to find the 15yo at fault, wouldn't you think that if the boy had malicious intent he would have simply taken the information he had accessed and made off with it to do whatever evil-doings he had planned to begin with? It seems silly to me to "hack" and "crack" a system in "search" of valuable information to turn around and then give yourself up to the authorities? That doesn't strike me as something a criminal would do. 

This does however sound to me like another typical case in the U.S. where a bunch of stupid adults (probably ignorant white people) allowed them selves to be outwitted by a child, and as a result decided to place the blame on him to teach him the lesson of not disrespecting his elders stupidity.

Given the school's reaction on this kid, what actions can we expect from the person who finds their next security hole?


The way my particular neighborhood crook works is, he wanders around after dark trying out people's car doors. When he finds one that is unlocked, he rummages around in the car to find what he can. He almost never takes anything (only things with immediate value like money).
This 15 year old kid is doing the exact same thing. The only difference is, him and the dummies who write for the Inquirer are the ones who don't get the point. What's the point? You just Do Not rummage around in other people's belongings.
15 yr old crook: "Yes but you left your car door unlocked! Anybody could rummage around in your belongings!"
Any ordinary person: "I Don't Care, You Go To Jail You Dumb Arse".

and this is news to anyone who has delt with anyone else in the public sector because...?

once again public sector workers pove they are public sector, because they couldn't get a job in the real world.

Well, what else can you expect from a gang of drooling, inbred, blue-collar unionized useless parasites?

The "people" in this part of the US are particularly petty and mean-spirited skanks. Must be the high proportion of leftists, plus the high number of government employees (never call 'em workers) in the area.

If I were the parents of the kid, I'd file a huge lawsuit against the school district and the district attorney, if he hadn't had the good sense to toss this kid's arrest away already.

One more example how great the "legal" system is in the last communist nation, the USA! The Big brother/boss/ruler/etc is _always_ right, right?

Revolt!

The world is waiting......

Hey, the kid hacked and probably left a trail behind so he was wrong and should be punished. If all he did was advise the school that their network was vulnerable, I doubt he would have been punished.

As usual, your reports are written the way you want people to view the world and not necessarily objectively or accurately.

That's right, shaft the kid who bothered to highlight the flaw. 

And justify it by saying (to extrapolate) "he must have been exploring with intent to find flaws" is also ridiculous. If the security was working in the first place he wouldn't have been ABLE to fall face-first into a sensitive file, least of all get in trouble for trying to help.

Surely he's not a hacker if all's he did was visit a site and enter his password. That doesn't actually involve any cracking or hacking. I'd bet that the kid has quite a strong legal safeguard against any proceedings.

Rather stupid really.