Boy had teacher's computer password
A 9-year-old Fairfax County boy who changed course content and passwords in the Fairfax school system's online teaching system -- including the superintendent's -- accessed it using a teacher's password, officials said Thursday.
The school district detected the problems last month and, with the help of Fairfax police, tracked them to a McLean boy's home computer.
Police obtained a search warrant that said Fairfax's version of the widely used Blackboard Learning System "had been hacked" and that the boy's Blackboard account had "administrator privileges."
Blackboard and school officials clarified Thursday that the boy had not found and exploited a security vulnerability, but rather that he had obtained a teacher's password.
Fairfax schools spokesman Paul Regnier said the boy was able to use that access to enroll other users, including Superintendent Jack D. Dale, into his class and could then change their passwords.
-- Tom Jackman
By
Washington Post Editors
|
April 16, 2010; 8:26 AM ET
Categories:
Fairfax
,
Schools
,
Tom Jackman
,
Updates
Save & Share:
Previous: U.S. Capitol Police officer arrested on child porn charge
Next: Police seek charming car thief who got three in one day
Posted by: richg74 | April 16, 2010 4:20 PM | Report abuse
The comments to this entry are closed.
"Blackboard and school officials clarified Thursday that the boy had not found and exploited a security vulnerability, but rather that he had obtained a teacher's password."
So, in other words, by knowing one teacher's password he was able to change passwords for arbitrary other users, and have general administrative access to the system? If that's true, then I would call that design a security vulnerability of major proportions.