Feneric (feneric) wrote in saugus,
Feneric
feneric
saugus

  • Mood:

The Curious Case of the Saugus Public Schools Web Site

Amazingly the Saugus Public Schools web site has been getting a lot of negative attention lately due to the fact that it was cracked and a weird "Red Eye" message left at its topmost level. In fact, a couple of weeks back Dr. Manville and I were informally discussing it (prior to the library benefit that we both participated in), and he mentioned that he'd even been recently contacted by a local reporter with regards to it.

I don't find it amazing that it's getting some negative attention; what I find amazing is how long it took. It was first cracked back in late 2003 or thereabouts, and prior to that in the early fall of that year the main page had accidentally been cleared out. The cracker, when he or she went in, did not do too much more than add a new page that just so happened to be sitting in the default location for the Saugus Public Schools web site, and most of the subsidiary pages were left intact (although quite a few of them became more-or-less unreachable). Later maintenance dropped quite a few of the unreachable pages, but didn't fix the defaced main page. The last time real information was available on the site was back in the summer of 2003. Note that I've linked to archived copies of each of the site's mentioned states (as recorded by the Internet Archive) so you can see them all for yourself. The key thing to observe here is that this is old news. Saugus.net was averaging two messages per month about it being "strange" or "down" or "wrong" the entire time it was messed up. We have no access to it, though, and we'd always have to tell people that we were willing to help but couldn't do anything about it unless we were given access.

The Saugus Public Schools web site is itself hosted by MECnet (Saugus is affiliated with the MEC), and it's not clear how the cracking was achieved. Site connection though (at the moment, I'm told that within a week or two it'll be made more secure) is limited to FTP, an inherently insecure protocol. Quite possibly the password was sniffed. It's also possible though that any one of a number of other little holes (presumably all now mostly fixed) were utilized. The information listed on the defaced site is associated with Brazil; in particular, it lists a Brazilian domain name so it's assumed the cracker comes from Brazil. It's just another example of how every web site and every computer is a potential target for crackers.

I suppose I should answer the expected question of why I'm using the term cracker in lieu of the more media-popular term hacker. The reason is simple: in computing circles the latter refers to one highly skilled in the art of computer science. Within the computer subculture a hacker is a little like what a gunfighter is in an old Western; in both cases it's a skilled person, and the title implies neither good nor evil. In fact, the terms white hat and black hat are often used for hackers just as they are for old Western gunfighters. A cracker on the other hand is someone who breaks into systems; being a cracker does not necessarily imply a high degree of skill, either, as there are semi-automated tools that can do much of the breaking for even fairly basic users.

The site briefly changed again this weekend, and was set to point directly to the Saugus High School site. This of course is also wrong, and just adds to the confusion for people looking for other schools in town. This change appears to have been executed by someone within mecnet; perhaps it was due to the recent attention the site has gotten.

The site changed again today. As part of a Teaching American History Grant project, Saugus.net is working in conjunction with the Saugus Public Schools and the Saugus Iron Works to make lesson plans related to the concept of teaching with historic places generally available to whomever wishes to use them. I had asked Dr. Manville if he wanted me to temporarily copy the old archived circa 2003 information back in place (so that it at least has the proper links to the proper places) on the side while I was working on the grant site. He agreed that it was better than what had been there, and so earlier today I copied the old information back, being careful not to overwrite any of the newer information that has been uploaded since then (there are a few new pages scattered within). I did a quick search for out-of-date links and removed a few (I'm sure there are still some left) and made a couple of minor updates. The bulk of the material in there is out-of-date and I haven't (at this point, anyway) updated any of it. Likewise, the actual coding of the site smells of the mid-'90s, and the whole thing needs to be introduced to modern concepts like XHTML, CSS, and RDF. I didn't have the time today to tackle that job, though; I'll wait and see what the School Department wants to do with it before I do anything else on it. There is talk of redesigning the whole thing and making the effort to keep it current. Hopefully it'll happen, but of course in this age of rabid budget cuts do understand that it isn't necessarily the highest priority item on the School Department's agenda.

I suppose I should also mention one other point of confusion for many people: there are many ways to enter the Saugus Public Schools site. In fact, all the following work; take your pick:

The first two listed should never change; they reflect the fact that the School Department is a part of the Government of the Town of Saugus and a part of the public school system of the Commonwealth of Massachusetts respectively. The last two listed are both reflective of the fact that the Saugus Public School's site is physically hosted through MECnet in Billerica; if the MEC were to change at some point those addresses could conceivably change along with it. Thus, the first two are to be preferred.

Subscribe
  • Post a new comment

    Error

    default userpic

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 2 comments