The student was suspended from school because he found a hole in the school's software system
Bill Demirkapi, a Lexington, Massachusetts 11th grade student, discovered a hole in a software used by his school to score, report grades and schedule students' school schedules. If successfully taking advantage of this vulnerability, bad guys can steal students' personal information such as passwords, birth dates, living places, nutrition information at school lunches .
This software is called Aspen, developed by Follett Corporation. The vulnerability Demirkapi discovered on Aspen allows hackers to directly insert their code into websites. The system prevents hackers from manually adding out-of-order commands on Aspen, which can only be partially deleted.
Bill Demirkapi sent a letter informing his findings to Follett Corporation, but the company ignored it. Therefore, the boy decided to use the software to send a notice.
"Hello, I'm Bill Demirkapi 123, this is the software's cookies. And don't worry, I don't get it bad. Follett Corporation doesn't have any security measures. :)."
But this message, instead of going to Follett Corporation, goes to the school's notification system. Therefore, all parents and teachers in the school receive it. Shortly thereafter, the message was deleted but the school decided to suspend it for a short time with Bill Demirkapi.
At the Defcon conference for hackers just now, Demirkapi said: ' The school seems unhappy with this incident, and I understand that too . '
Finally, Follett contacted Demirkapi to ask about the vulnerability in the software. Currently, that hole has been patched.
Bill Demirkapi also found a lot of SQL-type vulnerabilities that exist in Blackboard - another software designed to be used in the field of education, allowing hackers to gather a lot of information, including email and electricity. Voice, point, bus and social network accounts of 5 million students and teachers in 5000 other schools.
Demirkapi said that information systems between schools are not separated so hackers only need to penetrate a place where information can be obtained from all schools using the software.
Demirkapi said that he had repeatedly emailed Blackboard but did not receive any feedback despite all of it being read.
The vulnerabilities that Demirkapi found show that software used in education can affect hundreds of thousands of people across the country but are not receiving adequate attention.
Currently, Demirkapi is studying at Rochester University of Technology and continuing to study network security.
- The 9-year-old boy has written more than 30 mobile games
- Gamers almost have to cut their fingers because they play games on a cracked smartphone
You should read it
- Top 10 best children's educational games on the phone
- How to Become an Educational Consultant
- How to Make an Educational Video
- This is how technology shapes education in the future
- 4 Best Educational Tools for College Students
- 10 fun educational apps for kids on the iPhone
- Microsoft will launch Bing without advertising
- QANDA - Korean learning app achieved the no.1 chart of Vietnam Education
- How to Make an Open Educational Resource
- Top 10 best software for secondary school students
- Security vulnerabilities - basic insights
- Bulgaria: Getting urgent IT experts for revealing vulnerabilities in software