When I was in high school, approximately a million years ago, my friend Matt got in trouble with The Law. Inspired by movies like 1983’s War Games, he used his Commodore computer to hack into a government network. He ended up with a bedroom full of FBI agents who, needless to say, took his computer away and scolded him sternly.
Matt’s exploits gave him a dashing outlaw glow, although none of us really knew anything about computers at that point. And in the years to come, many movies glorified the smart kid’s triumph over silly, stupid adults who didn’t really know how to use computers.
Funny, then, to see reality mirror art in the morning paper the other day. The Associated Press ran a story about the “Kutztown 13,” a group of Pennsylvania teenagers charged with felonies for using their school-issued Apple iBooks to circumvent security measures and access forbidden programs (iChat), music, and Web sites.
Whether these kids “deserved” the punishment they received is one thing. I’m interested in the technical details of this debate.
For starters, this hardly sounds like hacking to me. According to the students’ Web site, Cutusabreak.org, the administrator password (
50Trexler) was “printed” on the back of each iBook. Is it just me, or is that the most pathetic security system you’ve ever heard of?
Sure, there’s the matter of setting up the computers’ user accounts more securely, but for starters the technical people could have simply created a better password (50Trexler is the school’s address) and kept it in a locked drawer. You don’t have to be a genius to create a good password. Help is built into the OS. Take a quick trip to Keychain Access (in Applications/Utilities), select File: New Keychain, enter a test name in the Save As field, click on Create, and click on the key icon next to the Password field. Password Assistant will generate a password up to 31 characters long. You can use the Type pop-up menu to choose from Memorable, Letters & Numbers, Random or even FIPS-81 (a federal encryption standard) Compliant. That’s it. (For more information about securing networks, check out Mac Security: Fact and Fiction and The Keychain’s Hidden Powers.)
It’s great that schools are giving kids computers, but you’d think by now administrators would realize that computer security isn’t child’s play. It’s been 23 years since my friend Matt got in trouble; hasn’t anybody learned anything since then?