Tag Archive for: Students

Minneapolis students use ‘Rickroll’ prank to highlight district computer security flaws

/in


Updated 10 p.m.

Two Minneapolis Public Schools students used an email prank Friday to draw attention to what they say are more security flaws in the district’s computer systems.

The teens, who described themselves as members of Washburn High School’s class of 2025, sent a mass email from a district account to staff and students.

Couched as a Rickroll joke, in which a prankster tricks their target into listening to Rick Astley’s “Never Gonna Give You Up,” the email linked to a detailed report that the teens wrote detailing the problems that they found, including easily accessible student photos and usernames.

Ian Coldwater, a Minneapolis-based professional hacker who helps their clients find vulnerabilities in computer systems, said in a phone interview Friday that the students uncovered serious security flaws.

MPR News is Member supported public media. Show your support today, donate, and ensure access to local news and in-depth conversations for everyone.

“There are things that are accessible from within the network that shouldn’t be,” Coldwater said. “There should be extra layers of having to be authorized to see some of this stuff, even if you are connected to the school network.”

The teens wrote in their report that a March ransomware attack targeting the district inspired them to investigate other potential information technology problems.

Coldwater, who reviewed the report for MPR News, said that the students included suggested fixes and were careful not to publish private data.

“Their work is solid,” Coldwater said. “I hope that people see their talent, see their desire and commitment to act ethically and help them cultivate it, channel it in good directions, hire them to help fix this rather than punishing them.”

The teens wrote that they were not able to access their fellow students’ grades, but that potential security flaws with Chromebook laptops could enable “academic cheating and dishonesty” when the computers are used for standardized testing.

In an email to MPR News Friday afternoon, district spokesperson Crystina Lugo-Beach downplayed this latest incident.

“This was NOT a hack, but an internal email sent out by a group of students using…

Source…

Minneapolis students use “Rickroll” prank to highlight district computer security flaws

/in


Updated: 10:00 p.m.

Two Minneapolis Public Schools students used an email prank Friday to draw attention to what they say are more security flaws in the district’s computer systems.

The teens, who described themselves as members of Washburn High School’s class of 2025, sent a mass email from a district account to staff and students.

Couched as a Rickroll joke, in which a prankster tricks their target into listening to Rick Astley’s “Never Gonna Give You Up,” the email linked to a detailed report that the teens wrote detailing the problems that they found, including easily accessible student photos and usernames.

Ian Coldwater, a Minneapolis-based professional hacker who helps their clients find vulnerabilities in computer systems, said in a phone interview Friday that the students uncovered serious security flaws.

MPR News is Member supported public media. Show your support today, donate, and ensure access to local news and in-depth conversations for everyone.

“There are things that are accessible from within the network that shouldn’t be,” Coldwater said. “There should be extra layers of having to be authorized to see some of this stuff, even if you are connected to the school network.”

The teens wrote in their report that a March ransomware attack targeting the district inspired them to investigate other potential information technology problems.

Coldwater, who reviewed the report for MPR News, said that the students included suggested fixes and were careful not to publish private data.

“Their work is solid,” Coldwater said. “I hope that people see their talent, see their desire and commitment to act ethically and help them cultivate it, channel it in good directions, hire them to help fix this rather than punishing them.”

The teens wrote that they were not able to access their fellow students’ grades, but that potential security flaws with Chromebook laptops could enable “academic cheating and dishonesty” when the computers are used for standardized testing.

In an email to MPR News Friday afternoon, district spokesperson Crystina Lugo-Beach downplayed this latest incident.

“This was NOT a hack, but an internal email sent out by a group of students…

Source…

Opinion | This Is Why I Teach My Law Students How to Hack

/in


In the movies, you can tell the best hackers by how they type. The faster they punch the keys, the more dangerous they are. Hacking is portrayed as a highly technical feat, a quintessentially technological phenomenon.

This impression of high-tech wizardry pervades not just our popular culture but also our real-world attempts to combat cybercrime. If cybercrime is a sophisticated high-tech feat, we assume, the solution must be too. Cybersecurity companies hype proprietary tools like “next generation” firewalls, anti-malware software and intrusion-detection systems. Policy experts like John Ratcliffe, a former director of national intelligence, urge us to invest public resources in a hugely expensive “cyber Manhattan Project” that will supercharge our digital capabilities.

But this whole concept is misguided. The principles of computer science dictate that there are hard, inherent limits to how much technology can help. Yes, it can make hacking harder, but it cannot possibly, even in theory, stop it. What’s more, the history of hacking shows that the vulnerabilities hackers exploit are as often human as technical — not only the cognitive quirks discovered by behavioral economists but also old-fashioned vices like greed and sloth.

To be sure, you should enable two-factor authentication and install those software updates that you’ve been putting off. But many of the threats we face are rooted in the nature of human and group behavior. The solutions will need to be social too — job creation programs, software liability reform, cryptocurrency regulation and the like.

For the past four years, I have taught a cybersecurity class at Yale Law School in which I show my students how to break into computers. Having grown up with a user-friendly web, my students generally have no real idea how the internet or computers work. They are surprised to find how easily they learn to hack and how much they enjoy it. (I do, too, and I didn’t hack a computer until I was 52.) By the end of the semester, they are cracking passwords, cloning websites and crashing servers.

Why do I teach idealistic young people how to lead a life of cybercrime? Many of my students will pursue careers in…

Source…

computer science vs cyber security students

/in