Student Hacks System to Alter Grades
This is an interesting story:
A UCSB student is being charged with four felonies after she allegedly stole the identity of two professors and used the information to change her own and several other students' grades, police said.
The Universty of California Santa Barbara has a custom program, eGrades, where faculty can submit and alter grades. It's password protected, of course. But there's a backup system, so that faculty who forget their password can reset it using their Social Security number and date of birth.
A student worked for an insurance company, and she was able to obtain SSN and DOB for two faculty members. She used that information to reset their passwords and change grades.
Police, university officials and campus computer specialists said Ramirez's alleged illegal access to the computer grading system was not the result of a deficiency or flaw in the program.
Sounds like a flaw in the program to me. It's even one I've written about: a primary security mechanism that fails to a less-secure secondary mechanism.
Posted on April 1, 2005 at 2:36 PM • 22 Comments