[ISN] High school student earns A in hacking

From: InfoSec News (isnat_private)
Date: Tue Dec 17 2002 - 03:25:28 PST

  • Next message: InfoSec News: "RE: [ISN] Microsoft upgrades IE flaw to critical after criticism"

    By Larry Slonaker
    Mercury News
    December 16, 2002
    Reid Ellison, an 11th-grader at Anzar High School in San Juan
    Bautista, recently decided a cool student project would be to hack
    into the school's computer grading system. So he presented the idea to
    school administrators, and they gave him the go-ahead.
    He hacked his way in without difficulty. Once there, he wanted to
    leave a footprint to prove he had been successful. But he couldn't
    artificially bump up his grades -- he already had a straight-A
    His solution? Lower his grades. He dropped himself from a 4.0
    grade-point average to 1.9.
    ``It was kind of the opposite of what most people would do,'' he said
    Reid's project was an Anzar ``exhibition.'' The school requires
    students to create six exhibitions to graduate. The projects, which
    have both a written and oral component, ``are supposed to be
    issue-based, not topic-based,'' said Wayne Norton, Reid's adviser.
    ``They're not just reports.''
    Students' exhibitions have to touch on six subject areas, and Reid hit
    three in his hacking report -- history, science and math. (Part 2 of
    his written report was, ``The History of Hacking.'')
    Last week he gave a presentation on his project to his three
    evaluators. They gave him a perfect score.
    As it turned out, doing the report was the hard part of the project.  
    The hacking was easy.
    ``I had a pretty good idea that it wasn't the best security system,''
    Reid said. Once he had his hacking program in place, figuring out the
    password ``didn't take too long -- 200 milliseconds.''
    He didn't tell any fellow students he had been successful until the
    administration had a chance to change the password. The school is
    taking other steps to shore up its security, too.
    ``We're aware we've got a hole that needs to be plugged,'' Norton
    After his hacking venture was recorded, Reid remembered perhaps the
    most important stage of the project. He made sure his grades were
    adjusted back up.
    He obviously didn't get that 4.0 by accident.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 13:12:45 PST