×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Teen Writes App To Block Teachers Out Of Their Grading Program

samzenpus posted more than 4 years ago | from the trolling-the-teacher's-lounge dept.

Idle 7

Matthew C. Beighey should get a lot of ironic extra credit points in his computer class, but will probably spend time in a juvenile detention facility instead, for writing an application to shut teachers out of their grading system. This was not the first time Matthew had been in trouble for computer-related mischief. Last Fall, he accessed school files containing Social Security numbers, driver's license numbers, home addresses, and other data on past and present transportation employees. Matthew's program logged into the grading system as a teacher and entered a false password three times, making it impossible for teachers to get into the system. "If I log on with an incorrect password three times, it locks me out," said District spokeswoman Kelly DeFeciani.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

7 comments

Kudo's ... (0)

Anonymous Coward | more than 4 years ago | (#28341717)

... for doing what many other students want to do, but dont have enough balls, or have to many brain cells to do.

Re:Kudo's ... (1)

icebike (68054) | more than 4 years ago | (#28341963)

So he gets an A for security awareness then.

Why was this not in the system to begin with?

Re:Kudo's ... (1)

mpoulton (689851) | more than 4 years ago | (#28342025)

No, what he did was use that existing security feature to lock out all the teachers by automatically entering incorrect passwords repeatedly.

Re:Kudo's ... (1)

meerling (1487879) | more than 4 years ago | (#28344021)

Absolutely Correct :) This is a common type of abuse. I thought most admins had set their systems up to automatically unlock after a reasonable amount of time (15 minutes - 2 hours), as well as send them an alert when this happens so they can be on the lookout for this kind of mischief. This kind us stuff is pretty much expected on school networks. (Not because it's condoned, but rather there is always one student that wants to test the limits...)

Re:Kudo's ... (0)

Anonymous Coward | more than 4 years ago | (#28344051)

I'm betting there was an alert, which was why this guy got noticed and caught.

And an unlock is only good if there's no further attempts to log-in, so all you have to do is set it to retry before the cooldown has expired.

Re:Kudo's ... (1)

NickW1234 (1313523) | more than 4 years ago | (#28355009)

The proper way is not to lock it at all, but slow it down so that repeated attempts take long enough to make a brute force attack impractical. Any kind of lockout leads to a very easy DoS. If it merely increases it's response time to 10 seconds it's not a really big deal to wait for the slower login, and DoSing becomes at least a bit less obvious. Better yet, don't put the grading software on a box accessible from any computer room in the school. A simple firewall could go a long way.

Re:Kudo's ... (1)

ls671 (1122017) | more than 4 years ago | (#28359119)

Also don't forget that easy to guess user names (or resource names for that matter) is bad practice security wise.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...