[ISN] High school student earns A in hacking

From: InfoSec News (isnat_private)
Date: Tue Dec 17 2002 - 03:25:28 PST

Next message: InfoSec News: "RE: [ISN] Microsoft upgrades IE flaw to critical after criticism"

Previous message: InfoSec News: "Re: [ISN] Microsoft upgrades IE flaw to critical after criticism"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.siliconvalley.com/mld/siliconvalley/living/community/4754902.htm

By Larry Slonaker
Mercury News
December 16, 2002

Reid Ellison, an 11th-grader at Anzar High School in San Juan
Bautista, recently decided a cool student project would be to hack
into the school's computer grading system. So he presented the idea to
school administrators, and they gave him the go-ahead.

He hacked his way in without difficulty. Once there, he wanted to
leave a footprint to prove he had been successful. But he couldn't
artificially bump up his grades -- he already had a straight-A
average.

His solution? Lower his grades. He dropped himself from a 4.0
grade-point average to 1.9.

``It was kind of the opposite of what most people would do,'' he said
Monday.

Reid's project was an Anzar ``exhibition.'' The school requires
students to create six exhibitions to graduate. The projects, which
have both a written and oral component, ``are supposed to be
issue-based, not topic-based,'' said Wayne Norton, Reid's adviser.

``They're not just reports.''

Students' exhibitions have to touch on six subject areas, and Reid hit
three in his hacking report -- history, science and math. (Part 2 of
his written report was, ``The History of Hacking.'')

Last week he gave a presentation on his project to his three
evaluators. They gave him a perfect score.

As it turned out, doing the report was the hard part of the project.  
The hacking was easy.

``I had a pretty good idea that it wasn't the best security system,''
Reid said. Once he had his hacking program in place, figuring out the
password ``didn't take too long -- 200 milliseconds.''

He didn't tell any fellow students he had been successful until the
administration had a chance to change the password. The school is
taking other steps to shore up its security, too.

``We're aware we've got a hole that needs to be plugged,'' Norton
said.

After his hacking venture was recorded, Reid remembered perhaps the
most important stage of the project. He made sure his grades were
adjusted back up.

He obviously didn't get that 4.0 by accident.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "RE: [ISN] Microsoft upgrades IE flaw to critical after criticism"
Previous message: InfoSec News: "Re: [ISN] Microsoft upgrades IE flaw to critical after criticism"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 13:12:45 PST