Slashdot Mirror

← Back to Stories (view on slashdot.org)

UCSB Student Engineers Grade Hack

Posted by samzenpus on from the eyes-on-your-own-paper dept.

An anonymous reader writes "The UCSB Daily Nexus reports "A UCSB student is being charged with four felonies after she allegedly stole the identity of two professors and used the information to change her own and several other students' grades, police said." The article goes on to note that, though working a few tricks to get into the system, she was fairly unsophisticated, and in fact failed to conceal her IP address from authorities. With other computing snafus recently making headlines, are universities too careless with their data?"

5 of 544 comments (clear)

  1. Who needs programmatic security... by kwoo · · Score: 5, Insightful

    ... when the policy enforced by the program is broken to begin with?

    From TFA:

    The university's grading system, eGrades, is an in-house program that professors can access via the Internet to submit and alter students' grades. eGrades uses UCSB NetID, a campuswide authentication system, to check a user's identity. If a user forgets their password, they can reset it by entering their Social Security number and date of birth, Schmidt said.

    This is evil. SSNs and DoBs are far too easy to find. The suspect worked for an insurance agency, but it would not be difficult to find this information through other means.

    For more examples of such problems in systems, check out Risks Digest.

    --
    unixkb.com -- articles on practical Unix issues.
  2. Re:Blowjob by DarKry · · Score: 5, Insightful

    Fact of the matter is this is just going to happen more and more often. University networks are wide open, first there are computer labs where any one can sit down and pop in a knoppix std cd. then they can fire up ettercap and go to town on everything getting passed on the switch. When campuses use SSL protected systems for grades it is just asking for trouble. Its just a matter of time before Joe Blow will have eery profs passwords. Once that happens it can be tempting to change a couple grades here and there. And grades are nothing compared to the other information that can be obtained, SSN's of the entire campus for instance... Basicly ARP needs to get secure because there is really no way for a college (that has to have an open network to function) can be a safe place to send important data back and forth. Maybe the solution is a private network for profs with the important info on it. Good lesson though.

    --
    Crawl This - http://darkry.net/test/test.php
  3. And where have you been? by fizbin · · Score: 5, Insightful
    Geeks are starting to act like construction workers.
    (Emphasis mine)

    I don't know where you've been, but (no matter what ESR's jargon file says) there's always been a consistent streak of fairly crude sexism in the computer geek world. I'm sure some sociologist has written about it extensively, but it's the kind of thing I see in any large group of (mostly younger) men who are all in competition for alpha male status. (I've watched the sales guys at work, and it's there too)

    Here on slashdot, there's intense competition among the first posts to get something modded up to "funny". I don't know if that's the driver - I'm not a sociologist - but it might have something to do with eliciting this behavior.

    Had this student been male, would there have been a gay sex joke made? Probably, given slashdot, eventually (if nothing else, some GNAA troll would show up), but not in the first 100 posts. (Though actually, the original post's text would work just as well if the student were male...)
  4. Two idiots... HTTPS and Computers for Idiots.... by Mechcozmo · · Score: 5, Insightful
    "You have to use an encrypted web browser connection, so if you know that as the geeky https, you have to use an https connection, so that provides the real protection to it," Schmidt said.

    So... uh.... wha???

    If she captured packets, then yeah, this idiot might have a valid point but what the hell is this guy talking about otherwise?

    And this isn't hacking. It isn't even cracking. It's "I guessed a freaking password! But didn't know jack crap about anything else so I got busted. Oh well. At least that Schmidt guy will give me 'Computers for Idiots" when he is done with it."

  5. Re:Just for comparison.... by hazem · · Score: 5, Insightful

    Compromising the grade-system destroy's the common-people's faith in "the system", so it has to be punished more.

    Beating up old ladies only destorys faith in the person who did it.

    It's one reason petty counterfeiters are hit so harder than a petty theft. It's not like the few $100's they make will actually lead to inflation. But if enough people get away with it then it leads to a general lack of faith and confidence in the dollar. That's a bad thing, since the whole economy works on the idea that we all pretty much believe a dollar is worth the same thing.