科技创新!
Teenager finds educational software exposed millions of student records
Teenager Bill Demirkapi had been ghosted. Hard. "It didn’t feel good," he explained to the large crowd gathered to hear him speak. "It hurt my feelings.”
But Demirkapi, despite his status as a recent high-school graduate, wasn't lamenting the traditional spurned-love problems typical of his cohort. Far from it. Instead, he was speaking at the famous DEF CON hacker conference in Las Vegas, and the ghoster-in-question was educational software maker Blackboard.
Demirkapi had reported numerous vulnerabilities in Blackboard's software to the company; after initially being in communication with him, the company stopped responding to his emails. But Demirkapi, who found he could access a host of student data — including family military status, weighted GPAs, and special education status — through vulnerabilities in Blackboard's system, was undeterred.
In fact, he was just getting started. And Blackboard wasn't his only target.
Having walked the walk, he now talks the talk. Credit: jack morse / mashable Over the course of his high school career, Demirkapi — a budding security researcher — also investigated K-through-12 software maker Follett. In doing so, he determined the company left millions of student and teacher records exposed to anyone who bothered to look.
Specifically, he explained, there were more than 5 million student and teacher records in the system that covered over 5,000 schools. Left exposed were students' immunization history, attendance data, school photos, birthdays, and more.
"It was my data too in there," he told the audience of decidedly not teenage hackers. "This was pretty crazy stuff."
He tried to do the right thing and notified both his high school and the software manufacturers of his discoveries. Using a flaw in the system to alert students and teachers to its vulnerabilities, however, earned him a two-day suspension.
"Two days off of school," he said of the punishment. "I think it’s a pretty big win-win."
SEE ALSO: Remotely hacking elevator phones shouldn't be this easyEventually, Follett and Blackboard did listen — and many of the vulnerabilities he reported were patched at the end of July.
"Blackboard is always working hard to improve both the security of our products as well as the process and procedures we leverage in support of security," read a statement the company provided Demirkapi and he shared with DEF CON.
Asked by a member of the crowd what he's going to do next, Demirkapi gave an answer that elicited raucous applause from the hacker crowd: "Start college, maybe break their software."
Never give up on your dreams, Bill. The privacy of millions of students and teachers is counting on it.
Featured Video For You
From ATMs to printers, hackers prove you can play 'Doom' on anything
友链
外链
互链
Copyright © 2023 Powered by
Teenager finds educational software exposed millions of student records-山眉水眼网
sitemap
文章
352
浏览
553
获赞
8897
热门推荐
Watch Mariah Carey's incredibly, perfectly extra bottle cap challenge
Mariah Carey doesn't do anything without flair, and her attempt at the viral bottle cap challenge isMichelle Obama's letter to her young self is so tender I must weep
This is One Good Thing, a weekly column where we tell you about one of the few nice things that happAriana Grande’s new tattoo has a hilarious misspelling
Not all tattoos turn out as expected. Ariana Grande knows this to be true, as the singer just experiAmazon sells its self
Amazon wants to push retail into the future, but it could leave some customers behind. The e-commercThe Chicago Bulls' logo is NSFW if you flip it upside down
Graphic design was clearly not the passion of whoever designed the NBA's Chicago Bulls logo. Or perhFood delivery companies offer option to leave orders at your door because of coronavirus
You're hunkered down, maintaining your social distance, but damnit, now you have to interact with thHappy Holidays, internet: Here are 5 hilarious seasonal cards to send your loved ones
The end of the year is almost here and I can't think of better way to spread some holiday cheer thanFacebook now lets you create 3D photos without a portrait mode camera
Imagine if every photo in your Facebook news feed looked alive, like something out of a Harry PotterMotorola One 5G brings quadruple rear cameras and 5G support for less than $500
Folks who are curious about this whole "5G" thing but don't want to take out a loan to get in on itFacebook now lets you create 3D photos without a portrait mode camera
Imagine if every photo in your Facebook news feed looked alive, like something out of a Harry Potter20 gifts for people who've been burned by 2018
2018 is almost over and you know what that means? You survived.You overcame all the bullshit news anManchester United's 'not a cellphone in sight' meme backfires spectacularly
Here's a sage piece of advice for you: think twice before you meme. If only someone had given thisChill, that terrifying amusement park ride video is fake
Some amusement park rides are too good to be true. A famous drop ride in Seoul, Korea got a CGI updaApple doubles storage in Mac Mini
It's not quite as glamorous as some of the other Apple news we got this morning, but the Mac Mini'sAmazon workers in U.S. test positive for coronavirus in 8 warehouses
Amazon workers in eight warehouses across the U.S. have tested positive for COVID-19, the Washington