Cenzic 232 Patent
Paid Advertising
web application security lab

School Teacher Loses Her Job Because of Spyware

A school teacher was arrested for allowing children to look at porn. But, as you might expect, she had nothing to do with it. An innocent looking website (could have been any one anywhere) had a link to a site that some children followed that had pornography. Later on, the teacher noticed that she was getting porn popups - guess who has spyware? The best part is the litigators didn’t even bother to check for it. Let’s screw the consumer for their poor security.

Who loses? Children lose - they no longer have their teacher and they were exposed to pornography. The teacher loses - because she lost her job and may have to register as a sex offender if things don’t pan out well for her. We lose - yes, we lose when we cannot protect school teachers from innocent surfing of hair websites. If consumers don’t feel safe to use the internet because they are worried that they will lose their freedom and their livelihood, I think we have a serious problem here. Anyway, scary read and of course, the normal XSS implications apply, ad nauseam. Yes, this goes in to the scary implications of CSRF category.

19 Responses to “School Teacher Loses Her Job Because of Spyware”

  1. mgroves Says:

    Lose, damnit, lose!

  2. Mephisto Says:

    A conviction could set a precedence for laxed security on public computers.
    Here’s some scenarios…

    1) What if this had happened at a public library where a child was doing research for a book report and the computer they were using all the sudden started redirecting traffic to a hard core porn site. Whose responsible??

    2) Some malicious person goes to their local public library and installs a keylogger on one of the publicly used computers. All users after this have their confidential information stolen and become victims of identity theft. Whose responsible?? (We already know this stuff happens!)

    I think this case will definitely be worth following to determine get held accountable.

  3. Mephisto Says:

    My last sentence should have read…

    “I think this case will definitely be worth following to determine who is ultimately held accountable.”

  4. reed Says:

    s/loose/lose/g

  5. RSnake Says:

    Yes yes, my spelling sucks. Thanks for catching it.

  6. reed Says:

    Still two more to fix. ;)

  7. John @ NIST.org Says:

    This is very serious, she’s facing up to 40 years in prison!
    http://www.norwichbulletin.com/apps/pbcs.dll/article?AID=/20070123/NEWS01/701230349/1002

    Alex Eckelberry and his crew at Sunbelt Software are to try to clear her name, or at least get the judge to over rule the jury and declare a mistrial. A huge task, especially in Florida. See his blog at http://sunbeltblog.blogspot.com/ and search for ‘Amero’ (multiple entries).

    What’s even more sad is if this had been a male teacher he wouldn’t stand a chance in hell of getting this kind of publicity (and Alex probably would never have even heard of the case to offer help). They would just bury the guy in the prison Potter’s Field in another 30-40 years.

    Sentencing is March 2nd. I wish her luck.

    John Herron
    http://www.nist.org

  8. Awesome AnDrEw Says:

    “They no longer have their teacher and they were exposed to pornography” sounds more like a win-win situation to me? Does anyone really care to be in school?

  9. Mister T£st Says:

    “Awesome” AnDrEw: How old are you again?

  10. Spyware Says:

    Damn, Im sorry :-/, I really didn’t want that to happen and..
    HEY SHUT DOWN THOSE SCANNERS!!

    //ontopic:
    Ehr, why blame the teacher? Just grab a computer “expert” and let them scan for spyware, that proves she’s innocent.

    Kinda blame the victim huh, since they wanted to point at someone and say: “You are guilty”, because they couldn’t arrest the computer, and they DIDN’T want to trace the creator of the spyware (cop + donuts² = fat² lazy cop). This is nothing more then a public execution, since when does the law allow that?

    This makes me angry :X.

  11. kuza55 Says:

    I really don’t think you can blame security people for this one. if its the same case I read about; and it sounds like it is, then the computer was running an unpatched version of Windows 98 SE; I’m sorry, but if you’re using 9 year old tech, there’s not much we can do.

  12. Jordan Says:

    Perfect! This is exactly what we need. Finally, some accountability for insecure machines. Now teachers everywhere will take better care of their computers.

    /me quietly removes tongue from cheek

  13. Fred Says:

    It just kills me to see people posting above about ‘who is responsible’ and ‘who is to blame’, and that’s a HUGE part of what’s wrong with society in the USA today.
    ‘Someone’ has to be delegated the blame for ANYTHING that someone else feels is ‘wrong’, and that is ‘wrong’.

    Why does there always have to be blame directed at a person or place ?

    Why can’t people accept ‘oops - sorry - I screwed up’ ????
    I must be the only guy left in the world that, when one of my programs has an error, I say ‘Sorry, my mistake, I will fix it’, whereas most of my colleagues start blaming the initial specs for being ‘wrong’, or something someone else did, or a DB change - ANYTHING as long as they don’t catch the blame.

    In this case of the teacher, how can you blame her ? The teacher cannot be on all eyes in her classrom at the same time, she trusted the site she was in, and it wasn’t to be trusted, but she didn’t know that.

    What would happen if someone has a seminar on web information and happens to go to www.whitehouse.com ? You would think that’s a safe site, but if you go there, according to most company’s rules, you will be fired……

    ‘Blame’, ‘responsibility’, it’s a damned joke. Suck it up and say ’sorry, it won’t happen again’, and move on.

  14. Fred Says:

    Two things:
    1) I have not been there in forever, it appears whitehouse.com is no longer a porn site, but you still get my drift.

    2) Kuza55 - sure, blame the O/S. I have all the patches for everything, I do more than the average person to prevent bad stuff, and I still get bad things from time-to-time, and you cannot blame the teacher for not being a computer expert, most of them don’t have the time, and it’s not their job to be O/S and experts just as I’m not accredited or qualified to be a teacher..

  15. RSnake Says:

    Whitehouse.com is a yellow pages page now for collecting leads. It’s no longer a pr0n site. Agreed… blame is probably ONLY accurately placed on the malicious website.

  16. kuza55 Says:

    @Fred
    Of course its not the teacher’s job; its the IT department’s job to have upgraded to something newer, so that websites couldn’t just drop malware onto the computer whenever it wanted.

    And its much easier to say “don’t blame anyone” when you’re not being prosecuted.

  17. nEUrOO Says:

    The parents quote makes me smiling:
    “It was truly uncalled for. I would not want my child in her classroom. All she had to do was throw a coat over it or unplug it. We figured even if there were pop-ups, would you sit there?”

    I’m pretty sure they would do the same thing (which make sense)… but parents are always better in these cases :/

  18. Awesome AnDrEw Says:

    @Mister T£st
    I have been out of school for quite some time though I will not release any credible information pertaining to my actual age.

    @Fred
    I agree with your thoughts on the whole ‘blame game’. It’d be wonderful if people would just take a step back and realize how minimal this problem truly is in the grandiose and futile void we call life (something I will one day address in a cynical and philosophic book).

    @All
    I love this Wii trial version of Opera, but it’s a pain in the ass to point and click every character since they have not released a keyboard attachment yet.

  19. Awesome AnDrEw Says:

    @nEUrOO
    As George Carlin pointed out in one of his older HBO specials (I believe it was “You’re All Diseased”) parents are always the first to jump on the credit-grabbing bandwagon when their children succeed, and the forefront of the “We had nothing to do with it” when their offspring fail miserably.