Reporter Exposes Unsecure Wireless Network In Public School

Armed only with a laptop and a wireless connection card, a reporter for the Palo Alto Weekly succeeded last week in accessing the Palo Alto Unified School District's insecure Wi-Fi network.

Rachel Metz, the newspaper's education reporter, obtained some students' grades, phone numbers, addresses, medical information, psychological evaluations and even photos of the kids.

Metz discovered the vulnerabilities while researching an unrelated story at one of the district's middle school campuses. While sitting outside taking notes on her laptop computer, a wireless connection popped up as active on her screen.

She then asked administrators for a list of school facilities that had wireless connections, which included the district's main office. Metz went there and was quickly able to log on as a guest, without any special user name or password, and view confidential student files.

Metz informed the district about the security issue with its servers. The school district quickly took the network off-line and began to address the problem. But Metz said she could have easily stolen data or loaded a computer virus onto the server.

"I had no agenda. I was just very surprised, they seemed nonchalant about security," she said Thursday.

The school district has begun fixing the weak wireless security.

"We are making sure that this information that was brought to our attention is addressed," said Palo Alto schools superintendent Mary Frances Callan. "That's where our total focus is."

Some upset parents contacted the district after learning of the security hole, she said.

Wireless network security continues to be a problem for some businesses and organizations. Jupiter Research recently found that less than half of business enterprises employ technology to secure their wireless networks.