Comment

misteloct@lemmy.dbzer0.com ⁨10⁩ ⁨months⁩ ago

This more or less happened to my friend in early ~2000s, they were technically amazing for grade school. When the school “database” was deleted they + friend were suspended for an entire month, almost expelled.

Turns out they had warned their teacher that the files were in a public shared folder and anyone could just literally delete them. No backups, these were grades, assignments, etc for dozens of teachers over many years. They were severely punished for trying to disclose a vulnerability essentially and blamed for the whole thing.

source

Sort:hotnew top

LastYearsIrritant@sopuli.xyz ⁨10⁩ ⁨months⁩ ago
Never report vulnerabilities yourself to an organization, always use a neutral, trusted third party to report it.

source
- Aatube@kbin.melroy.org ⁨10⁩ ⁨months⁩ ago
  which organization would you use in this situation?
  
  source
  - Wolf314159@startrek.website ⁨10⁩ ⁨months⁩ ago
    If you were in highschool at the time, really the only ethical thing to do for someone in your position is to delete all the files and shine a light on their bad security practices, but don’t say anything about it to anyone. It’s that last bit that always gets you in trouble. Absolute candor is something adults almost never want to hear from children.
    
    source
    michaelmrose@lemmy.world ⁨10⁩ ⁨months⁩ ago
    Couldn’t you just rename it to something obvious so as to make people think it was gone whilst leaving all the valuable data intact. mv valuableData.whatever valuableData.thiswholethingisvulnerablefixit
    
    source
    -> View More Comments
    Aatube@kbin.melroy.org ⁨10⁩ ⁨months⁩ ago
    genuinely think of the teachers
    
    source
    -> View More Comments
  - Gustephan@lemmy.world ⁨10⁩ ⁨months⁩ ago
    None. Just cheat. It will prepare you for the real world better than pretending to respect the authority of morons.
    
    source
  - ikidd@lemmy.world ⁨10⁩ ⁨months⁩ ago
    A pair of scissors, various magazines, and the postal service.
    
    source
    Saledovil@sh.itjust.works ⁨10⁩ ⁨months⁩ ago
    I suppose having a lawyer notify the school would be ideal. Most likely too expensive, though. So, yeah, ransom letter it is.
    
    source
    -> View More Comments
  - misteloct@lemmy.dbzer0.com ⁨10⁩ ⁨months⁩ ago
    The Parent-Teacher Association? 😂
    
    source
  - Natanael@infosec.pub ⁨10⁩ ⁨months⁩ ago
    Depending on where you are, either the regional / national school system administration, or some random local journalist
    
    source