Honeoye Falls-Lima Press Conference 2018-10-02

Posted on 2018-10-02 by OFAL Author

      Today (2018-10-02) was a Press Conference at Honeoye Falls-Lima on the topic of ‘Computer Trespass’.

      Short Summary: Some kids, being kids, did things they shouldn’t have with the schools computer network. It sounds like the problem has been fixed and those directly impacted have been notified.

      I would be remiss if I didn’t point out the notices on the school website. First a ‘Notice of Computer Trespass‘ and second an ‘Update: Notice of Computer Trespass‘. Likely be more in time, but it is difficult to provide links to events that have not yet happened.

      As I had the time available, I joined the show. Amusingly enough, getting there was a small adventure of it’s own, due to the schools unwelcoming stance during the day. There was a substitute secretary, which meant they didn’t know me. So had to get Rhonda (Board Clerk) to vouch for me, as I don’t make a habit of carrying identification with me while walking around (as the Fourth Amendment denies government the option of requiring it, generally speaking). Easily sorted out.

      Board of Education events have a tendency of starting a little late, so I wasn’t surprised this did as well. As I haven’t been to many (any?) Press Conferences before, it was interesting to watch the reporters and their camera crews setup. Looked like three groups, but I wasn’t sure. Pretty sure I saw an 8 and 10, so likely WROC and WHEC will have something out later today. Or I get distracted, and they publish before I do.



      The reporters asked questions, and Gene (Superintendent) answered (mostly). Attempting to repeat facts stated:

  • The ‘hack’ was students logging into SchoolTool as Gene.
  • As Gene’s account cannot change SchoolTool data, nothing was changed.
  • Issue has been “contained”.
  • Students had access to the computers no earlier then September 17, 2018.
  • District learned of the issue September 19, 2018.
  • Those directly involved (students, their parents, etc) have been directly notified.
  • Students responsible disciplined accordingly, per the Acceptable Use Policy.
  • Certain details would not be given due to student privacy concerns.
  • Certain details would not be given due to network security concerns.



    •       With those facts (hopefully accurately expressed) out of the way, it’s time for my observations and wild speculation.



          Gene handled himself well. He was professional as the situation warranted, but he also manage to insert jokes now and then (how funny they were is debatable). I got the sense he didn’t want to be in the situation he was, which was to be expected. He was polite throughout, and I can’t fault him for any of it.

          The reporters were on the other side, and I think ‘side’ is the appropriate word. I had a sense it was an adversarial exchange, but maybe all press conferences are that way. To be fair, it is the reporters job to ask questions, to find out what is going on. Whereas it is Gene’s job to manage the running of the school district. To a point, those two job’s coincide, which is likely why the press conference was held. Past that point, there are things Gene won’t (can’t?) answer, while he has plenty of other things to occupy his attention.

          Putting that together, that the press conference ended with Gene walking out of the room shouldn’t be a surprise. How else could it end, when the reporters want ALL the information, and Gene has neither the time or ability to give it.



          From details shared, I would speculate that some students took the laptops they had been issued, and guessed Gene’s password. Username is generally predictable, especially in a big organization, so that’s halfway in right there. Does make me wonder what Gene’s password was, but that’s almost irrelevant.

          I found the choice of the word ‘contained’ interesting as well. If the problem was ‘guessed password’, then it could be easily (and instantly) contained by disabling that account. At which point there is plenty of time to sort through what happened, the ‘leak’ is closed.

          That Gene’s account can’t change SchoolTool information does make sense, he has no reason to be able to do that (as he put it, he has people for that). In many ways, he then becomes the perfect target. He’s the Superintendent, so he should have Admin access to everything, right? So instead of focusing on those with actual Admin access, attackers go after those with Admin titles (and limited access).

          Which illustrates how the word “Admin” has two different uses. It could mean ‘high ranking person in the school bureaucracy’, such as Gene, Renee, Bruce, etc. It could also mean ‘user with absolute power over the computer system in question’. I would assume Cindy has that, but who knows. Gene appeared to use the two meanings interchangeable, but with how clear he was that his account couldn’t change data, I’m pretty sure he doesn’t have an Admin account for SchoolTool. Despite anything his title may imply.

          As for what data was actually accessed, that was a bit unclear. It sounded like all that was accessed was a directory of information, but not the actual data contained. Think ‘card catalog’, not ‘book on shelf’. The reporters tried to get this nailed down, but Gene didn’t give here. Not that I can blame him, bumps right into privacy and security issues. As long as the District knows what was accessed, and informs those directly impacted (as they said they did), I’m inclined to give them the benefit of the doubt here.



          I look forward to this being discussed at the next Board of Education meeting, as I’m sure it will be.



          And those are my Observations From Audience Land for the October 2, 2018 Press Conference at Honeoye Falls-Lima.

    This entry was posted in School of Honeoye Falls-Lima and tagged . Bookmark the permalink.

    Leave a Reply