It is shocking to me that people in the CIS graduation program can't figure this out. If you don't believe me, go grab a copy of firebug, or use chrome's element inspector and find out for yourself. EVERYTHING I know about this issue was gathered from using firebug and looking at the HTTP headers. If that's illegal, then so is every single web browser since the days of mosaic.
I personally agree with the idea of regulation on the Internet, however, I would put an emphasis on corporate responsibility. In the case of DeVry, I would charge $1000 per violation of their own student privacy policies, and leave the option open for a personal lawsuit. Enforcing a sanction on the person that finds the problem makes absolutely no sense to me, but does act as a reminder for everyone out there to keep things silent; it makes more business sense to eliminate the person screaming about the problem then actually fix the problem.
How does it feel to know that your information is exposed to everyone in the world and there isn't a dam thing DeVry is going to do about it but punish the people that expose the problem? Feel safe? You shouldn't, because you aren't. Remember, the only laws that exist are those that can be enforced, if you don't know the rules are being broken, how are you going to enforce them? Do you really think anyone is checking the server log files? They can't even enable SSL, I seriously doubt they're doing anything about anything else security related.
One final note about the subject: which would you rather have on your side, a Jedi knight with next to no social skills, or a Sith lord hell bent on the destruction of the world? Think about the next time you get the urge to go tattle to the dean. ;)
I personally agree with the idea of regulation on the Internet, however, I would put an emphasis on corporate responsibility. In the case of DeVry, I would charge $1000 per violation of their own student privacy policies, and leave the option open for a personal lawsuit. Enforcing a sanction on the person that finds the problem makes absolutely no sense to me, but does act as a reminder for everyone out there to keep things silent; it makes more business sense to eliminate the person screaming about the problem then actually fix the problem.
How does it feel to know that your information is exposed to everyone in the world and there isn't a dam thing DeVry is going to do about it but punish the people that expose the problem? Feel safe? You shouldn't, because you aren't. Remember, the only laws that exist are those that can be enforced, if you don't know the rules are being broken, how are you going to enforce them? Do you really think anyone is checking the server log files? They can't even enable SSL, I seriously doubt they're doing anything about anything else security related.
One final note about the subject: which would you rather have on your side, a Jedi knight with next to no social skills, or a Sith lord hell bent on the destruction of the world? Think about the next time you get the urge to go tattle to the dean. ;)
No comments:
Post a Comment