>What's wrong with this picture?

6:20 PM


A former prison inmate has been arrested and charged with hacking the facility's computer network, stealing personal details of more than 1,100 prison employees and making them available to fellow inmates.

Francis G. Janosko, 42, gained access to the names, addresses, dates of birth, social security numbers and telephone numbers of employees working for the Plymouth County Correctional Facility in Massachusetts, according to an indictment unsealed Wednesday in US District Court in Boston. Using a thin client that was connected to a prison server, the prisoner was able to access an employee database by exploiting a bug in legal research software made available to inmates.

The Register

I bet some system administrator is searching for a new job now. What stupidity. Why am I being so harsh on the guy when it was a software bug that let the inmate in? Because the inmate couldn't have known about that bug without either looking for it or having prior knowledge of it. Which means the system administrator either did not look for bugs in the software prior to application or did not keep the software updated and/or did not keep up to date on new software exploits. If you really want to get technical about it, these inmates shouldn't have been connected to any server of any importance anyways. You don't know what kind of minds you're getting in a prison. They might be geniuses or they might be morons, but the fact remains that they are a huge, HUGE security risk.

My IT class is definitely going to hear about this one.

You Might Also Like