Teenager finds educational software exposed millions of student records
我要评论Teenager Bill Demirkapi had been ghosted. Hard. "It didn’t feel good," he explained to the large crowd gathered to hear him speak. "It hurt my feelings.”
But Demirkapi, despite his status as a recent high-school graduate, wasn't lamenting the traditional spurned-love problems typical of his cohort. Far from it. Instead, he was speaking at the famous DEF CON hacker conference in Las Vegas, and the ghoster-in-question was educational software maker Blackboard.
Demirkapi had reported numerous vulnerabilities in Blackboard's software to the company; after initially being in communication with him, the company stopped responding to his emails. But Demirkapi, who found he could access a host of student data — including family military status, weighted GPAs, and special education status — through vulnerabilities in Blackboard's system, was undeterred.
In fact, he was just getting started. And Blackboard wasn't his only target.
Having walked the walk, he now talks the talk.Credit: jack morse / mashableOver the course of his high school career, Demirkapi — a budding security researcher — also investigated K-through-12 software maker Follett. In doing so, he determined the company left millions of student and teacher records exposed to anyone who bothered to look.
Specifically, he explained, there were more than 5 million student and teacher records in the system that covered over 5,000 schools. Left exposed were students' immunization history, attendance data, school photos, birthdays, and more.
"It was my data too in there," he told the audience of decidedly not teenage hackers. "This was pretty crazy stuff."
He tried to do the right thing and notified both his high school and the software manufacturers of his discoveries. Using a flaw in the system to alert students and teachers to its vulnerabilities, however, earned him a two-day suspension.
"Two days off of school," he said of the punishment. "I think it’s a pretty big win-win."
SEE ALSO:Remotely hacking elevator phones shouldn't be this easyEventually, Follett and Blackboard did listen — and many of the vulnerabilities he reported were patched at the end of July.
"Blackboard is always working hard to improve both the security of our products as well as the process and procedures we leverage in support of security," read a statement the company provided Demirkapi and he shared with DEF CON.
Asked by a member of the crowd what he's going to do next, Demirkapi gave an answer that elicited raucous applause from the hacker crowd: "Start college, maybe break their software."
Never give up on your dreams, Bill. The privacy of millions of students and teachers is counting on it.
Featured Video For You
From ATMs to printers, hackers prove you can play 'Doom' on anything
相关文章
From Prairie Grasslands to Man
The Tree-Planter’s State is not a moniker that Nebraska takes lightly. That’s because what early exp2024-09-22
本报讯近年来,汉源县始终坚持将教育扶贫作为摆脱贫困的治本之策,聚焦重点工作精准施策,加快实现脱贫攻坚目标任务,开启教育扶贫“加速度”。在推进教育扶贫工作中,汉源县选优配强教育扶贫“带队人”成立教育脱贫2024-09-22
参会人员认真听讲本报讯7月31日,一场与老百姓生活息息相关的法律讲座在宝兴县灵关镇举行。该讲座标志着宝兴县民法典宣讲团的首讲拉开帷幕。当日,灵关镇120余名村组干部、法律明白人、社会治理专干参加此次宣2024-09-22
灞变笢鍏ず166瀹跺叏鐪佹€ц涓氬崗浼氬晢浼氭秹浼佹敹璐规爣鍑哶涓浗灞变笢缃慱闈掑矝
銆€銆€灞变笢鐪佹皯鏀垮巺浜庤繎鏃ュ彂甯冦€婂叧浜?016骞村害鏃犱笟鍔′富绠″崟浣嶅拰宸茶劚閽╄涓氬崗浼氬晢浼氭秹浼佹敹璐瑰叕鍛娿€嬶紝鍏ず浜嗗北涓滅渷绗竴鎵瑰叏鐪佹€ц涓氬崗浼氬晢浼氭秹浼2024-09-22
海丰芥蓝入选全国名特优新农产品名录_南方+_南方plus日前,农业农村部农产品质量安全中心公布了2024年度全国名特优新农产品名录,“海丰芥蓝”成功入选,海丰名物再添一员!“南海物丰”,海丰县属南亚热2024-09-22
本报讯7月27日下午,书香龙溪新时代文明实践基地学雷锋志愿服务队,为雨城区人力资源和社会保障综合服务中心送去230余册书籍,包含政治理论、思想道德建设、生活百科、文学艺术、历史知识等多个领域。书籍捐赠2024-09-22
最新评论