The student was suspended from school because he found a hole in the school's software system
Bill Demirkapi, a Lexington, Massachusetts 11th grade student, discovered a hole in a software used by his school to score, report grades and schedule students' school schedules. If successfully taking advantage of this vulnerability, bad guys can steal students' personal information such as passwords, birth dates, living places, nutrition information at school lunches .
This software is called Aspen, developed by Follett Corporation. The vulnerability Demirkapi discovered on Aspen allows hackers to directly insert their code into websites. The system prevents hackers from manually adding out-of-order commands on Aspen, which can only be partially deleted.
Bill Demirkapi sent a letter informing his findings to Follett Corporation, but the company ignored it. Therefore, the boy decided to use the software to send a notice.
"Hello, I'm Bill Demirkapi 123, this is the software's cookies. And don't worry, I don't get it bad. Follett Corporation doesn't have any security measures. :)."
But this message, instead of going to Follett Corporation, goes to the school's notification system. Therefore, all parents and teachers in the school receive it. Shortly thereafter, the message was deleted but the school decided to suspend it for a short time with Bill Demirkapi.
At the Defcon conference for hackers just now, Demirkapi said: ' The school seems unhappy with this incident, and I understand that too . '
Finally, Follett contacted Demirkapi to ask about the vulnerability in the software. Currently, that hole has been patched.
Bill Demirkapi also found a lot of SQL-type vulnerabilities that exist in Blackboard - another software designed to be used in the field of education, allowing hackers to gather a lot of information, including email and electricity. Voice, point, bus and social network accounts of 5 million students and teachers in 5000 other schools.
Demirkapi said that information systems between schools are not separated so hackers only need to penetrate a place where information can be obtained from all schools using the software.
Demirkapi said that he had repeatedly emailed Blackboard but did not receive any feedback despite all of it being read.
The vulnerabilities that Demirkapi found show that software used in education can affect hundreds of thousands of people across the country but are not receiving adequate attention.
Currently, Demirkapi is studying at Rochester University of Technology and continuing to study network security.
- The 9-year-old boy has written more than 30 mobile games
- Gamers almost have to cut their fingers because they play games on a cracked smartphone
You should read it
- How to Make an Educational Video
- This is how technology shapes education in the future
- 10 fun educational apps for kids on the iPhone
- Microsoft will launch Bing without advertising
- QANDA - Korean learning app achieved the no.1 chart of Vietnam Education
- How to Make an Open Educational Resource
- Top 10 best software for secondary school students
- Security vulnerabilities - basic insights
May be interested
- Google Docs, Sheets and Slides update the new Material interfacegoogle recently launched a new material design style interface for a series of g suite applications on the web platform including google docs, sheets and slides.
- How does Samsung DeX work on Windows 10 (video)dex is a service that allows your smartphone to be used as a computer by connecting your phone to an external monitor such as a tv or computer monitor.
- With this fake Lightning cable, hackers can remotely take over your computer in minutesthanks to the lightning o.mg cable that mg security researcher was able to access remotely, opened a terminal window on the mac's screen and forced them to run some commands on the computer.
- Using deepfake to fix the movie CGI the new Lion King, the young man earned a beautiful resulttwo artists nikolay mochkin and jonty pressinger have teamed up to use deepfake in the new movie the lion king, which has just been released.
- Millions of people have been tricked: The elevator button closes just to make ... the scenemost elevator button closures are designed only for the purpose of giving and giving lift riders a sense of control.
- Not phones, new TVs are the first device to run HarmonyOS, Huawei's ready-to-replace Android operating systemrecently, huawei announced that its first devices will run harmonyos operating system, a smart tv duo called honor vision and honor vision pro.