Network News

X My Profile
View More Activity

Boy had teacher's computer password

Washington Post Editors

A 9-year-old Fairfax County boy who changed course content and passwords in the Fairfax school system's online teaching system -- including the superintendent's -- accessed it using a teacher's password, officials said Thursday.

The school district detected the problems last month and, with the help of Fairfax police, tracked them to a McLean boy's home computer.

Police obtained a search warrant that said Fairfax's version of the widely used Blackboard Learning System "had been hacked" and that the boy's Blackboard account had "administrator privileges."

Blackboard and school officials clarified Thursday that the boy had not found and exploited a security vulnerability, but rather that he had obtained a teacher's password.

Fairfax schools spokesman Paul Regnier said the boy was able to use that access to enroll other users, including Superintendent Jack D. Dale, into his class and could then change their passwords.

-- Tom Jackman

By Washington Post Editors  |  April 16, 2010; 8:26 AM ET
Categories:  Fairfax , Schools , Tom Jackman , Updates  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: U.S. Capitol Police officer arrested on child porn charge
Next: Police seek charming car thief who got three in one day

Comments

"Blackboard and school officials clarified Thursday that the boy had not found and exploited a security vulnerability, but rather that he had obtained a teacher's password."

So, in other words, by knowing one teacher's password he was able to change passwords for arbitrary other users, and have general administrative access to the system? If that's true, then I would call that design a security vulnerability of major proportions.

Posted by: richg74 | April 16, 2010 4:20 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company