Security Insecurities

| Learning | June 7, 2013

(The head librarian is showing us how to look up someone’s account if the student doesn’t have their ID in order to check out books.)

Head Librarian: “Okay, so with me so far? At this screen you enter this access code [code] and voila! Now this works for students, teachers and even administrators, so you can check things out to anyone.”

My Friend: “What if they want to pay their late fees?”

Head Librarian: “Oh, you can find all that on this screen. See? You have access to all the student’s information: library records, late fees, grades, address, social security number, whatever you need!”

(My friend turns to look at me with a surprised and slightly horrified look. I immediately turn to the head librarian.)

Me: “Uh, did you just show us, two underage students, how to get anyone’s name, address, and social security number? And this anyone includes all the students, teachers, and faculty members?”

(The head librarian turns to me as her jaw drops.)

Head Librarian: “I… should not have done that. You two go dust or shelve something. I’m going to change my access code now.”

1 Thumbs