科技创新!
Teenager finds educational software exposed millions of student records
Teenager Bill Demirkapi had been ghosted. Hard. "It didn’t feel good," he explained to the large crowd gathered to hear him speak. "It hurt my feelings.”
But Demirkapi, despite his status as a recent high-school graduate, wasn't lamenting the traditional spurned-love problems typical of his cohort. Far from it. Instead, he was speaking at the famous DEF CON hacker conference in Las Vegas, and the ghoster-in-question was educational software maker Blackboard.
Demirkapi had reported numerous vulnerabilities in Blackboard's software to the company; after initially being in communication with him, the company stopped responding to his emails. But Demirkapi, who found he could access a host of student data — including family military status, weighted GPAs, and special education status — through vulnerabilities in Blackboard's system, was undeterred.
In fact, he was just getting started. And Blackboard wasn't his only target.
Having walked the walk, he now talks the talk. Credit: jack morse / mashable Over the course of his high school career, Demirkapi — a budding security researcher — also investigated K-through-12 software maker Follett. In doing so, he determined the company left millions of student and teacher records exposed to anyone who bothered to look.
Specifically, he explained, there were more than 5 million student and teacher records in the system that covered over 5,000 schools. Left exposed were students' immunization history, attendance data, school photos, birthdays, and more.
"It was my data too in there," he told the audience of decidedly not teenage hackers. "This was pretty crazy stuff."
He tried to do the right thing and notified both his high school and the software manufacturers of his discoveries. Using a flaw in the system to alert students and teachers to its vulnerabilities, however, earned him a two-day suspension.
"Two days off of school," he said of the punishment. "I think it’s a pretty big win-win."
SEE ALSO: Remotely hacking elevator phones shouldn't be this easyEventually, Follett and Blackboard did listen — and many of the vulnerabilities he reported were patched at the end of July.
"Blackboard is always working hard to improve both the security of our products as well as the process and procedures we leverage in support of security," read a statement the company provided Demirkapi and he shared with DEF CON.
Asked by a member of the crowd what he's going to do next, Demirkapi gave an answer that elicited raucous applause from the hacker crowd: "Start college, maybe break their software."
Never give up on your dreams, Bill. The privacy of millions of students and teachers is counting on it.
Featured Video For You
From ATMs to printers, hackers prove you can play 'Doom' on anything
友链
外链
互链
Copyright © 2023 Powered by
Teenager finds educational software exposed millions of student records-口沸目赤网
sitemap
文章
81
浏览
21
获赞
5
热门推荐
The best of Martha Stewart's deeply weird personal Instagram account
To truly understand the heart of Martha Stewart, you need to dig deep into her personal Instagram acTesla delivers first Semi electric truck to Pepsi
Elon Musk unveiled it in 2017 and said it was coming in 2019. Three more years later, it's finally hTwitter Blue will cost $7 on the web, $11 on the iPhone, report says
Elon Musk's Twitter still appears to be struggling with how to turn its subscription service, TwitteTikTok is brimming with (and repurposing) old internet memes
Forward this email to ten of your contacts or expect a nasty surprise in the morning. Reblog this poHarry and Meghan share a new pic of baby Archie for Mother's Day
Baby feet: a great way to celebrate Mother's Day.The Duke and Duchess of Sussex posted a new photo oQueen Elizabeth II of the United Kingdom has died aged 96
Queen Elizabeth II — sovereign of the United Kingdom and the Commonwealth including Canada, AuTikTok's CEO is headed to Congress to testify about user privacy and safety
TikTok's CEO Shou Zi Chew will testifyin a Congressional hearing set to take place on March 23.The UThe best car tech of CES 2023
It’s a heck of a time to be a car owner.While one wouldn’t typically think of cars as &l12 interesting gadgets to spice up your self
May is National Masturbation Month, and we're celebrating with Feeling Yourself, a series exploringInstagram meme creators demand more transparent positing guidelines
They called it the "Instarrection." On Saturday, July 23, meme page creators took to the streets toGoogle Bard: Leaked email asks reveals employees asked to help test the AI chatbot
Google knows its AI search tool Bard needs work and is asking staffers for help.A leaked email fromSamsung Galaxy S23 specs leak: Massive batteries, powerful cameras
Samsung's Galaxy S23 series of flagship smartphones isn't coming until Feb. 1, but all the secrets aLinkedIn says its extra intense clipboard snooping in iOS is a bug
LinkedIn's iOS app has taken the ongoing issue of snooping at users' clipboards to whole, new level.Lofi Girl music livestream goes offline thanks to false Youtube copyright claim
It's the bane of every YouTuber's existence: False copyright claims.And one of the internet's most bTwitter reacts to the pure insanity that was Arizona's Republican primary for governor debate
On Thursday, four Arizona Republicans duked it out in a gubernatorial debate that can only be descri