Slashdot Mirror

← Back to Stories (view on slashdot.org)

Teen Writes App To Block Teachers Out Of Their Grading Program

Posted by samzenpus on from the trolling-the-teacher's-lounge dept.

Matthew C. Beighey should get a lot of ironic extra credit points in his computer class, but will probably spend time in a juvenile detention facility instead, for writing an application to shut teachers out of their grading system. This was not the first time Matthew had been in trouble for computer-related mischief. Last Fall, he accessed school files containing Social Security numbers, driver's license numbers, home addresses, and other data on past and present transportation employees. Matthew's program logged into the grading system as a teacher and entered a false password three times, making it impossible for teachers to get into the system. "If I log on with an incorrect password three times, it locks me out," said District spokeswoman Kelly DeFeciani.

7 comments

  1. Kudo's ... by Anonymous Coward · · Score: 0

    ... for doing what many other students want to do, but dont have enough balls, or have to many brain cells to do.

    1. Re:Kudo's ... by icebike · · Score: 1

      So he gets an A for security awareness then.

      Why was this not in the system to begin with?

      --
      Sig Battery depleted. Reverting to safe mode.
    2. Re:Kudo's ... by mpoulton · · Score: 1

      No, what he did was use that existing security feature to lock out all the teachers by automatically entering incorrect passwords repeatedly.

      --
      I am a geek attorney, but not your geek attorney unless you've already retained me. This is not legal advice.
    3. Re:Kudo's ... by meerling · · Score: 1

      Absolutely Correct :) This is a common type of abuse. I thought most admins had set their systems up to automatically unlock after a reasonable amount of time (15 minutes - 2 hours), as well as send them an alert when this happens so they can be on the lookout for this kind of mischief. This kind us stuff is pretty much expected on school networks. (Not because it's condoned, but rather there is always one student that wants to test the limits...)

    4. Re:Kudo's ... by Anonymous Coward · · Score: 0

      I'm betting there was an alert, which was why this guy got noticed and caught.

      And an unlock is only good if there's no further attempts to log-in, so all you have to do is set it to retry before the cooldown has expired.

    5. Re:Kudo's ... by NickW1234 · · Score: 1

      The proper way is not to lock it at all, but slow it down so that repeated attempts take long enough to make a brute force attack impractical. Any kind of lockout leads to a very easy DoS. If it merely increases it's response time to 10 seconds it's not a really big deal to wait for the slower login, and DoSing becomes at least a bit less obvious. Better yet, don't put the grading software on a box accessible from any computer room in the school. A simple firewall could go a long way.

    6. Re:Kudo's ... by ls671 · · Score: 1

      Also don't forget that easy to guess user names (or resource names for that matter) is bad practice security wise.

      --
      Everything I write is lies, read between the lines.