Skip to main content
The K-12 Cybersecurity Resource Center
  • Home
  • Join K12 SIX
  • K12 Cyber Incident Map
  • Year in Review
  • School Cybersecurity Resources
    • Recommended Resources
    • K-12 Cybersecurity Standards
    • K-12 Cybersecurity Self-Assessment
  • Blog
    • Alerts
    • In the News
    • On the Air
    • Commentary
    • Guest Posts
    • Sponsored Posts
  • About
    • Press Room
    • Contact

The K-12 Cybersecurity Resource Center

A K12 Security Information eXchange (K12 SIX) Community Initiative
  • Home
  • Join K12 SIX
  • K12 Cyber Incident Map
  • Year in Review
  • School Cybersecurity Resources
    • Recommended Resources
    • K-12 Cybersecurity Standards
    • K-12 Cybersecurity Self-Assessment
  • Blog
    • Alerts
    • In the News
    • On the Air
    • Commentary
    • Guest Posts
    • Sponsored Posts
  • About
    • Press Room
    • Contact
  1. Home
  2. Blog
  3. Commentary
  4. On the Air
  5. Disclosing Security Issues: One Student’s Experience
K-12 Cybersecurity News You Can Use: Sept 16, 2019
Journey to a Safer Network: Westfield School District

Disclosing Security Issues: One Student’s Experience

September 10, 2019Written by Doug Levin | K12 SIX
  • share  
  • tweet 
  • share 
  • share  
  • save  
  • share 
  • share 
  • pocket 
  • share  
  • share  
  • share 
  • share  
  • email 
  • print 
  • RSS feed 

The latest edition (“A Bored Student Hacked His School’s Systems. Will the Edtech Industry Pay Attention?“) of the EdSurge Podcast focuses on the story of Bill Demirkapi, who recently made national news for his presentation at DEF CON, the renowned hacking conference. During that presentation, Bill reflected on his colorful experiences as a high school student discovering and disclosing security vulnerabilities in two major education technology products.

The EdSurge podcast offers important nuance on the issue of student hacking and suggests that both schools and their vendors have work to do to shore up their cybersecurity policies and practices.

Be sure to give it a listen:

 

A Bored Student Hacked His School’s Systems. Will the Edtech Industry Pay Attention? by EdSurge On Air

This week we’re talking about cybersecurity at schools-and how secure-or in some cases how vulnerable-the tech systems in school systems are. At the center of our story: Bill Demirkapi, who managed to bust into two key student information systems of his high school, then tried to tell the edtech companies to get them to fix their software-with mixed results.

Blog, Commentary, On the Air Bill Demirkapi, Blackboard, EdSurge, EdSurge Podcast, Follett Corporation, Jeffrey R. Young, student hacking, Tony Wan

Similar posts

Our Son was in Trouble
December 2, 2019

Janet Currier, mother of a student expelled for hacking his school district’s IT system, shares her story about the impact of IT-related school discipline policies.

Student hacker shows holes in K-12 cybersecurity
October 4, 2018

It started with a yellow sticky note stuck to a student computer. It ended with a hacked IT system and the expulsion of two students.

The OnEducation Podcast: Unsecured Networks, Punished Students
September 26, 2018

The latest edition of the OnEducation podcast discusses a recent case of student hacking: what went wrong and how it could have been avoided.

K-12 Cybersecurity News You Can Use: Sept 16, 2019
Journey to a Safer Network: Westfield School District

RSS @K12CyberMap (Twitter)

  • RT K12 SIX: At the conference see Cody Venzke of @CenDemTech present on the legal aspects of cybersecurity in K-12 education including pending regulat... February 1, 2023
    RT K12 SIXAt the conference see Cody Venzke of @CenDemTech present on the legal aspects of cybersecurity in K-12 education including pending regulation, legal requirements for schools, vendor management and info sharing. Learn more: https://www.k12six.org/2023-conference
  • RT K12 SIX: At the 2023 National K-12 Cybersecurity Leadership Conference Alaina Clark & @douglevin will have a fireside chat on @CISAgov's role in ed... January 31, 2023
    RT K12 SIXAt the 2023 National K-12 Cybersecurity Leadership Conference Alaina Clark & @douglevin will have a fireside chat on @CISAgov's role in education cybersecurity, the recent CISA report on the sector, & how schools can best defend themselves: https://www.k12six.org/2023-conference
  • RT K12 SIX: See you in 3 weeks! Jim will walk through a 2020 cyberattack & cover the district’s recovery & process to rebuild its security enterprise... January 30, 2023
    RT K12 SIXSee you in 3 weeks! Jim will walk through a 2020 cyberattack & cover the district’s recovery & process to rebuild its security enterprise. He'll cover what worked, what was learned, & what unexpected issues arose. Learn more here: https://www.k12six.org/2023-conference
  • RT K12 SIX: Attend the conference Feb. 22-23 and learn more about @HeartlandAEA 's MSP cybersecurity program serving central Iowa schools with vendor ... January 27, 2023
    RT K12 SIXAttend the conference Feb. 22-23 and learn more about @HeartlandAEA 's MSP cybersecurity program serving central Iowa schools with vendor sourcing, evaluation, contracting and management: https://www.k12six.org/2023-conference
  • RT K12 SIX: This is the last business day to book a hotel room for the National K-12 Cybersecurity Leadership Conference in Austin, Texas. Don't forge... January 27, 2023
    RT K12 SIXThis is the last business day to book a hotel room for the National K-12 Cybersecurity Leadership Conference in Austin, Texas. Don't forget to reserve your spot! https://www.k12six.org/2023-conference

About This Site

Maintained as a free, independent service to the K-12 community by the K12 Security Information eXchange (K12 SIX).

How Do Your School District’s Cybersecurity Risk Management Practices Stack Up?

Take the free, private K-12 Cybersecurity Self Assessment to find out.

Last updated 1/30/2021 (version 1.2)

Breaking News: Cybersecurity Vulnerabilities and Threats

  • US-CERT Current Activity
  • US-CERT Alerts
  • CERT Vulnerability Notes
  • Dark Reading
  • Naked Security
  • Threatpost
  • Error
VMware Releases Security Update for VMware vRealize Operations
CISA Releases One Industrial Control Systems Advisory
ISC Releases Security Advisories for Multiple Versions of BIND 9
JCDC Announces 2023 Planning Agenda
CISA Releases Eight Industrial Control Systems Advisories
CISA Has Added One Known Exploited Vulnerability to Catalog
CISA, NSA, and MS-ISAC Release Advisory on the Malicious Use of RMM Software
VMware Releases Security Updates for VMware vRealize Log Insight
AA23-025A: Protecting Against Malicious Use of Remote Monitoring and Management Software
AA22-335A: #StopRansomware: Cuba Ransomware
AA22-321A: #StopRansomware: Hive Ransomware
AA22-320A: Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester
AA22-294A: #StopRansomware: Daixin Team
AA22-279A: Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors
AA22-277A: Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
AA22-265A: Control System Defense: Know the Opponent
VU#572615: Vulnerabilities in TP-Link routers, WR710N-V1-151022 and Archer C5 V2
VU#986018: New Netcomm router models NF20MESH, NF20, and NL1902 vulnerabilities
VU#709991: Netatalk contains multiple error and memory management vulnerabilities
VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations
VU#794340: OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly
VU#730793: Heimdal Kerberos vulnerable to remotely triggered NULL pointer dereference
VU#915563: Microsoft Exchange vulnerable to server-side request forgery and remote code execution.
VU#855201: L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers
Why CISOs Should Care About Brand Impersonation Scam Sites
Nearly All Firms Have Ties With Breached Third Parties
CISA to Open Supply Chain Risk Management Office
Greater Incident Complexity, Shift in How Threat Actors Use Stolen Data, Will Drive the Cyber Threat Landscape in 2023, Says Beazley Report
Radiant Logic Signs Definitive Agreement to Acquire Brainwave GRC
Vista Equity Partners Completes Acquisition of KnowBe4
Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows
Beating the Odds: 3 Challenges Women Face in the Cybersecurity Industry
Password-stealing “vulnerability” reported in KeePass – bug or feature?
GitHub code-signing certificates stolen (but will be revoked this week)
Serious Security: The Samba logon bug caused by outdated crypto
Hive ransomware servers shut down at last, says FBI
Dutch suspect locked up for alleged personal data megathefts
S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]
GoTo admits: Customer cloud backups stolen together with decryption key
Apple patches are out – old iPhones get an old zero-day fix at last!
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers

RSS Error: A feed could not be found at `https://blog.opsecedu.com/feed`; the status code is `502` and content-type is ``

Copyright © 2018-2022 EdTech Strategies, LLC. All Rights Reserved.
Disclaimer | Privacy Policy | Contact