Information Security News mailing list archives
Re: Eighth-grade hackers pilfer science class exam
From: Thomas Roy Garner <trgarner () YTA ATTMIL NE JP>
Date: Fri, 15 Dec 2000 22:59:17 +0900
Two eighth-grade honor students at a magnet middle school hacked into their science teacher's computer recently and thought they hit the jackpot.
I rarely, if ever, reply to this group, but I must ask, the article is a bit vague on one level. HOW did these kids get around security? Now before everyone get's their reply ready to go, THINK HARD, what has all of these ISN reports taught us? Question everything. I do not fault the students for their actions, I feel that they are being held accountable for their actions, however, on the same note, what about the school? Did they use a common bug? Was their system 100% up to date w/ the latest patches? Was the password protection AlphaNumeric-Case-Sensitive, w/ double checking against "common" passwords?
Cheating is nothing new among students. But Andi Ringer, Hillsborough's supervisor of middle school science education, said this is the first she has heard of it being accomplished by hacking. "I guess this is a new glitch," she said.
I know that I'm speculating, but when is a glitch a glitch?
"We think only two students broke into (the computer) and according to the students they gave it to only one or two kids," said Hilderbrand. He would not identify the students.
I used to write an "underground" magazine many years ago, and the one thing that I learned throughout those years, was that, you NEVER EVER tell anyone your exploits. This could apply to real-world crimes, ever watch Cops? Jesus!
Ringer and Hilderbrand said the test should not have been put on the computer. "There's too many ways of getting a copy of it," Hilderbrand said.
If there was a way to get this document, then the method of security IS AT QUESTION. It seems that the if there are "too many ways of getting a copy of it", then there must be some SERIOUS review of this school's classification review; especially on the definition of "secure".
Students could have seen the teacher's password, he said. Or they could have gotten an administrative password that overrides the teacher's. The teacher was not identified.
Of course, it is the STUDENTs fault, and not the teacher? Did this individual write it down and stick it in her desk? (tisk tisk), was it an easily identifiable pw? Where is sysadmin? System logs? Something, ANYTHING!
Florida law makes unauthorized access to a computer system a third-degree felony. But DeRuzzo said school administrators thought they could handle the matter without calling police.
As always, I'm of two minds regarding this issue. If a computer system is NOT running w/ the latest patches, latest revision of firewalls, allows individuals to pick/choose a password, doesn't do systematic checks of passwords against dictionaries, then really, if you leave the key's to your house outside your door, do you THINK your NOT going to be robbed or at least have someone wander through your home? BOTH sides are at fault, a) the students, b) the school district. -- Thomas Roy Garner Yokota Air Base, Japan ICQ 4580576 ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Eighth-grade hackers pilfer science class exam William Knowles (Dec 15)
- Re: Eighth-grade hackers pilfer science class exam Thomas Roy Garner (Dec 17)