Who is the real criminal?

The Cynic has a recommendation.  Hire Codeine for the IT Department.  The self proclaimed “Grey hat hacker,” Codeine, technically a criminal, played the role of UVM’s personal Robin Hood this September. He hacked his way through our server’s feeble defense codes and left us a little note: your information is not safe. The University was made aware of a security breach, did nothing about it, and neglected to inform students. The Cynic finds this unacceptable. For eight hours, several pages on the UVM site were compromised — an embarrassment in itself. But what if this was a malicious hacker and not a benevolent computer geek? What if an “internal communication breakdown” in the IT department resulted in a massive security breach that stole personal information or took down the entire UVM site? The administration needs to tell us how they will prevent this from happening in the future and how they will protect their high-tuition paying students. Will the University let us know if and when hacks occur in the future, or when personal information such as medical records, grades or emails is compromised? How secure are UVM’s servers? These are questions students shouldn’t have to ask.  We should not have to question the security of our personal information at an institution we have chosen to give thousands of dollars to. Instead of staying ahead of the story and acknowledging the breach occurred, it seems that UVM hoped that no one would investigate what had happened. Unfortunately, students are now left asking the question: have successful hacks been kept secret from us in the past? The true “communication breakdown” came when UVM students were kept in the dark about security risks.  Now that the trust has been broken, students have no choice but to look at the University through skeptical eyes.   Though the IT department said that personal student information was stored on different server than the one that was hacked, is that server equally vulnerable to attack? The Cynic believes that students, faculty and staff have a right to know what is happening with regards to our personal information and we encourage the University to be more transparent when it comes to our security.