School Tricks Pupils Into Installing a Root CA 417
First time accepted submitter paddysteed writes "I go to secondary school in the UK. I went digging around the computers there and found that on the schools machines, there was a root CA from the school. I then suspected that the software they instruct windows users to install on their own hardware to gain access to the BYOD network installed the same certificate. I created a windows virtual machine and connected to the network the way that was recommended. Immediately afterwards I checked the list of root CA's, and found my school's. I thought the story posted a few days ago was bad, but what my school has done is install their certificate on people's own machines — which I think is far worse. This basically allows them to intercept and modify any HTTPS traffic on their network. Considering this is a boarding school, and our only method of communicating to the outside world is over their network, I feel this is particularly bad. We were not told about this policy and we have not signed anything which would excuse it. I confronted the IT department and they initially denied everything. I left and within five minutes, the WiFi network was down then as quickly as it had gone down, it was back up. I went back and they confirmed that there was a mistake and they had 'fixed' it. They also told me that the risk was very low and the head of networks told me he was willing to bet his job on it. I asked them to instruct people to remove the bad certificate from their own machines, but they claimed this was unnecessary due to the very low risk. I want to take this further but to get the school's management interested I will need to explain what has happened and why it is bad to non-technical people and provide evidence that what has been done is potentially illegal."
We Don't Need No Education (Score:5, Funny)
Re:In their defence. (Score:5, Funny)
Honestly, there will be plenty of time for that when you are an adult ... you aren't missing anything.
if you are young and reading this, know :
HE'S LYING.
Re:Probably not Illegal. (Score:3, Funny)
ah you must be the true Scotsman we keep hearing about.
Re:In their defence. (Score:5, Funny)
One teacher. Thirty students. Alt-tab.
Re:In their defence. (Score:0, Funny)
"It'll be a while before school authorities recognise that they're standing with their fingers in the tiny remains of a dyke, the rest of which has long since been washed away by the incoming tide."
The dam that keeps wateer out of low=lying areas is a dike
You might get away with sticking your fingers in a dyke if you're female and she likes you, and if thats what turns you on. If you are male it is not advisable.