科技创新!
Teenager finds educational software exposed millions of student records
Teenager Bill Demirkapi had been ghosted. Hard. "It didn’t feel good," he explained to the large crowd gathered to hear him speak. "It hurt my feelings.”
But Demirkapi, despite his status as a recent high-school graduate, wasn't lamenting the traditional spurned-love problems typical of his cohort. Far from it. Instead, he was speaking at the famous DEF CON hacker conference in Las Vegas, and the ghoster-in-question was educational software maker Blackboard.
Demirkapi had reported numerous vulnerabilities in Blackboard's software to the company; after initially being in communication with him, the company stopped responding to his emails. But Demirkapi, who found he could access a host of student data — including family military status, weighted GPAs, and special education status — through vulnerabilities in Blackboard's system, was undeterred.
In fact, he was just getting started. And Blackboard wasn't his only target.
Having walked the walk, he now talks the talk. Credit: jack morse / mashable Over the course of his high school career, Demirkapi — a budding security researcher — also investigated K-through-12 software maker Follett. In doing so, he determined the company left millions of student and teacher records exposed to anyone who bothered to look.
Specifically, he explained, there were more than 5 million student and teacher records in the system that covered over 5,000 schools. Left exposed were students' immunization history, attendance data, school photos, birthdays, and more.
"It was my data too in there," he told the audience of decidedly not teenage hackers. "This was pretty crazy stuff."
He tried to do the right thing and notified both his high school and the software manufacturers of his discoveries. Using a flaw in the system to alert students and teachers to its vulnerabilities, however, earned him a two-day suspension.
"Two days off of school," he said of the punishment. "I think it’s a pretty big win-win."
SEE ALSO: Remotely hacking elevator phones shouldn't be this easyEventually, Follett and Blackboard did listen — and many of the vulnerabilities he reported were patched at the end of July.
"Blackboard is always working hard to improve both the security of our products as well as the process and procedures we leverage in support of security," read a statement the company provided Demirkapi and he shared with DEF CON.
Asked by a member of the crowd what he's going to do next, Demirkapi gave an answer that elicited raucous applause from the hacker crowd: "Start college, maybe break their software."
Never give up on your dreams, Bill. The privacy of millions of students and teachers is counting on it.
Featured Video For You
From ATMs to printers, hackers prove you can play 'Doom' on anything
友链
外链
互链
Copyright © 2023 Powered by
Teenager finds educational software exposed millions of student records-寸地尺天网
sitemap
文章
56
浏览
31
获赞
6856
热门推荐
Facebook insists new Workplace tool was for 'preventing bullying,' not suppressing unions
Facebook wants to empower you to make the world more open and connected as you suppress your workersThe adorable villagers of 'Animal Crossing' give the best life advice
This post is part of Hard Refresh, a soothing weekly column where we try to cleanse your brain of wh'Time' morphs Trump and Putin's faces in horrifying cover you'll never unsee
Holy shit, Time. Good morning to you, too.The magazine known for responding to Trump's every move wiFake Apple products that were released in 2019
2019 was a big year for Apple, with items like its upgraded Apple Watch and AirPods Pro proving to bInstagram's 'Hashtag Mindfulness' boom: The good, the bad, and the ugly
March Mindfulness is our new series that examines the explosive growth in mindfulness and meditationThis guy makes a 'September' music video every year, and this year it's the best
Demi Adejuyigbe knows how to commit to a bit. The comedian has been heralding in every autumn with a'Johny Johny Yes Papa' is just one of many terrifying YouTube videos made for kids
The internet is invested in the tale of Johny, Papa, and their sugary deceit. "Johny Johny Yes Papa"Facebook testing feature to let you transfer your photos to other services
Facebook released a new tool that allows you to take all the photos you've uploaded to the social neThe best of Martha Stewart's deeply weird personal Instagram account
To truly understand the heart of Martha Stewart, you need to dig deep into her personal Instagram acSteve Bannon is headlining the New Yorker Festival and readers are outraged
Update: The New Yorker has disinvited Steve Bannon from the New Yorker Festival. Proving time is a fFacebook testing feature to let you transfer your photos to other services
Facebook released a new tool that allows you to take all the photos you've uploaded to the social neSteve Bannon is headlining the New Yorker Festival and readers are outraged
Update: The New Yorker has disinvited Steve Bannon from the New Yorker Festival. Proving time is a fTwitter flags another Trump tweet for 'abusive behavior'
The dam has broken. Twitter once again slapped a label on a Donald Trump tweet Tuesday, writing thatFrom Hermes to Montblanc: A guide to the fanciest smartwatches of 2019
I'll be honest, it took me a very long time to jump on the smartwatch bandwagon. Up until designer bThis smart scale from Kakao Friends is actually cute and nice
The smart home has reached peak cute.If you care about your weight, stepping on the cold, metallic t