Thursday, February 19, 2009

Dumb Smart People

You might think that an organization of law professors would know how to conduct business in reasonably smart ways. But you would be wrong.

I just got a message from the AALS -- the Association of American Law Schools -- asking me to update my information in the AALS Directory of Law Teachers. In the past, they've snail-mailed every law professor a paper form to be filled out and returned. This year, I believe for the first time, they've switched to an electronic system. The e-mail asks that we each login to the AALS website and update our information electronically.

Great idea. There's just one thing. To login, we need our username and password. These were included in the e-mail. And guess what? Both the username and password are trivially deducible from the law professor's name. I won't post the exact details, but let's just say that I now know the AALS username and password for every law professor in the country. I could change any of their directory entries. Any of them could change mine. Well, actually, they couldn't, because I immediately logged on and changed my password. But I bet 98% of law professors haven't done that yet. So if you'd like to go crazy with the AALS Directory, now's your chance.

This has got to be the worst security system ever devised. I e-mailed the President and Executive Director of the AALS to suggest that they shut down the system immediately and keep it down until they institute proper security. I'll let you know if they respond.

1 comment:

Andrew said...

"But I bet 98% of law professors haven't done that yet."
It completely agree. What for it it.
http://law-us.blogspot.com/