Slashdot Mirror

← Back to Stories (view on slashdot.org)

Disclosure of Major Software Exploits by Students?

Posted by Cliff on from the good-deeds-that-always-seem-to-be-punished dept.

school-hacker asks: "I am a U.S. university student who has recently come across 2 remote exploits for a homework program used by colleges nationwide. Both vulnerabilities allow students to give themselves arbitrary scores, and possibly execute arbitrary code. To further emphasize the scope of this vulnerability, I have written and -selftested proof-of-concept exploit code. Naturally, I want to share this information with their software engineers, and would even be nice enough and suggest a means to fixing it. However, with the state of current intellectual property and reverse-engineering laws, I hesitate to do so out of fear of litigation or academic disciplinary action. As an ethical geek, what do -you- do?" While the responses from an earlier story might prove useful, here, there is always the possibility of the university making things harder for the person reporting the problem. How can students avoid both legal and academic trouble, when trying to notify their university of security problems?

6 of 503 comments (clear)

  1. LOL by hughesey · · Score: 0, Offtopic

    *looks shady* You can trust us!

    --

    Michael "Hughesey" Hughes
    Head Editor/S
  2. Exploit it... by Anonymous Coward · · Score: -1, Offtopic

    ...and then take it in the ass. Prison rape is funny when it happens to you.

    *_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_
    g_______________________________________________g
    o_/_____\_____________\____________/____\_______o
    a|_______|_____________\__________|______|______a_
    t|_______`._____________|_________|_______:_____t_
    s`________|_____________|________\|_______|_____s_
    e_\_______|_/_______/__\\\___--___\\_______:____e_
    x__\______\/____--~~__________~--__|_\_____|____x_
    *___\______\_-~____________________~-_\____|____*_
    g____\______\_________.--------.______\|___|____g_
    o______\_____\______//_________(_(__>__\___|___ _o _
    a_______\___.__C____)_________(_(____>__|__/____a_
    t_______/\_|___C_____)/______\_(_____>__|_/_____t_
    s______/_/\|___C_____)___HACK_|__(___>___/__\____s _
    e_____|___(____C_____)\______/__//__/_/_____\___e_
    x_____|____\__|_____\\_________//_(__/_______|__x_
    *____|_\____\____)___`----___--'_____________|__*_
    g____|__\______________\_______/____________/_|_g_ _
    o___|______________/____|_____|__\____________|_o _
    a___|_____________|____/_______\__\___________|_a_
    t___|__________/_/____|_________|__\___________|t _
    s___|_________/_/______\__/\___/____|__________|s_
    e__|_________/_/________|____|_______|_________|e _
    x__|__________|_________|____|_______|_________|x
    sdfkjsdkjafho;erfgh ergiuh waaaaahu seerg uh irfgeuh erguhsdgiuhlsdhjldfbasuh aiugaaaaaauh igiguh bjl krfg bjl abjl rfgiuhfg iuh abjl a bj k kbjv hjdf abukjsdv abkjadkj dfv abkjldfv kjdfv bj kdf gvasdkjsdf ahjdbhjsdv ajsdv akusd hsdiuhsdf ahsdf aghsdf aghdfasfasddf sfsdiusdagifvaguh iav ghvu qigwerfiugafv hjbvahjbviuweg iadgbrad hjerfbv igulfvgiulrfv guiwrv igulrvwf iguwrv IGURV WEGUIWRV IGUAERV IGUVAFV IGUAFV GU ADFVIGU ADFVIGUDFV GHFA K ADFVBHJ SDFBAAAAASDBHJDFVHJSAAAAA GHAAAAAY dgkjghr ho idaaaaaho gsdho gaaaaaho igih dgiho rgho iergiho agaaaaasiguhl asiguhasuh iasuh iguh iguh saaaaahka hksg auaaaaa raaaaaiuh uh iuh i aaaaaauh uh h hj i aihj i uh bj bjlbvdj fb guh vgu gu dggu dfv uh

  3. cute chicks by Anonymous Coward · · Score: -1, Offtopic

    well the solution is obvious. find the hotest chicks you can find and change there grades for them in exchange for 'favours' ala wargames.

    come on people dont you learn anything from the movies??

  4. RMS IS A SEX OFFENDER by Anonymous Coward · · Score: -1, Offtopic

    GNU GENERAL PUBLIC LICENSE

    Version 2, June 1991

    Copyright (C) 1989, 1991 Free Software Foundation, Inc.
    59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

    Everyone is permitted to copy and distribute verbatim copies
    of this license document, but changing it is not allowed.

    Preamble

    The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too.

    When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things.

    To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it.

    For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights.

    We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software.

    Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations.

    Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all.

    The precise terms and conditions for copying, distribution and modification follow.

    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

    0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you".

    Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does.

    1. You may copy and distribute verbatim copies of the Program's source code

  5. RMS SI TEH SEXXUAAL OFFENDOR! by Anonymous Coward · · Score: -1, Offtopic

    GNU GENERAL PUBLIC LICENSE

    Version 2, June 1991

    Copyright (C) 1989, 1991 Free Software Foundation, Inc.
    59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

    Everyone is permitted to copy and distribute verbatim copies
    of this license document, but changing it is not allowed.

    Preamble

    The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too.

    When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things.

    To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it.

    For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights.

    We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software.

    Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations.

    Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all.

    The precise terms and conditions for copying, distribution and modification follow.

    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

    0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you".

    Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does.

    1. You may copy and distribute verbatim copies of the Program's source code

  6. Re:Down boy, down.... by robi2106 · · Score: 0, Offtopic

    But you don't have to go all cloak-and-dagger about it.

    But that is where all of the fun comes from!

    robi