Skip to main content
The K-12 Cybersecurity Resource Center
  • Home
  • Join K12 SIX
  • K12 Cyber Incident Map
  • Year in Review
  • School Cybersecurity Resources
    • Recommended Resources
    • K-12 Cybersecurity Standards
    • K-12 Cybersecurity Self-Assessment
  • Blog
    • Alerts
    • In the News
    • On the Air
    • Commentary
    • Guest Posts
    • Sponsored Posts
  • About
    • Press Room
    • Contact

The K-12 Cybersecurity Resource Center

A K12 Security Information eXchange (K12 SIX) Community Initiative
  • Home
  • Join K12 SIX
  • K12 Cyber Incident Map
  • Year in Review
  • School Cybersecurity Resources
    • Recommended Resources
    • K-12 Cybersecurity Standards
    • K-12 Cybersecurity Self-Assessment
  • Blog
    • Alerts
    • In the News
    • On the Air
    • Commentary
    • Guest Posts
    • Sponsored Posts
  • About
    • Press Room
    • Contact
  1. Home
  2. Blog
  3. Commentary
  4. On the Air
  5. Disclosing Security Issues: One Student’s Experience
K-12 Cybersecurity News You Can Use: Sept 16, 2019
Journey to a Safer Network: Westfield School District

Disclosing Security Issues: One Student’s Experience

September 10, 2019Written by Doug Levin | K12 SIX
  • share  
  • tweet 
  • share 
  • share  
  • save  
  • share 
  • share 
  • pocket 
  • share  
  • share  
  • share 
  • share  
  • email 
  • print 
  • RSS feed 

The latest edition (“A Bored Student Hacked His School’s Systems. Will the Edtech Industry Pay Attention?“) of the EdSurge Podcast focuses on the story of Bill Demirkapi, who recently made national news for his presentation at DEF CON, the renowned hacking conference. During that presentation, Bill reflected on his colorful experiences as a high school student discovering and disclosing security vulnerabilities in two major education technology products.

The EdSurge podcast offers important nuance on the issue of student hacking and suggests that both schools and their vendors have work to do to shore up their cybersecurity policies and practices.

Be sure to give it a listen:

 

A Bored Student Hacked His School’s Systems. Will the Edtech Industry Pay Attention? by EdSurge On Air

This week we’re talking about cybersecurity at schools-and how secure-or in some cases how vulnerable-the tech systems in school systems are. At the center of our story: Bill Demirkapi, who managed to bust into two key student information systems of his high school, then tried to tell the edtech companies to get them to fix their software-with mixed results.

Blog, Commentary, On the Air Bill Demirkapi, Blackboard, EdSurge, EdSurge Podcast, Follett Corporation, Jeffrey R. Young, student hacking, Tony Wan

Similar posts

Our Son was in Trouble
December 2, 2019

Janet Currier, mother of a student expelled for hacking his school district’s IT system, shares her story about the impact of IT-related school discipline policies.

Student hacker shows holes in K-12 cybersecurity
October 4, 2018

It started with a yellow sticky note stuck to a student computer. It ended with a hacked IT system and the expulsion of two students.

The OnEducation Podcast: Unsecured Networks, Punished Students
September 26, 2018

The latest edition of the OnEducation podcast discusses a recent case of student hacking: what went wrong and how it could have been avoided.

K-12 Cybersecurity News You Can Use: Sept 16, 2019
Journey to a Safer Network: Westfield School District

RSS @K12CyberMap (Twitter)

  • RT K12 SIX: At the conference see Cody Venzke of @CenDemTech present on the legal aspects of cybersecurity in K-12 education including pending regulat... February 1, 2023
    RT K12 SIXAt the conference see Cody Venzke of @CenDemTech present on the legal aspects of cybersecurity in K-12 education including pending regulation, legal requirements for schools, vendor management and info sharing. Learn more: https://www.k12six.org/2023-conference https://t.co/9NDiC4QnGd
  • RT K12 SIX: At the 2023 National K-12 Cybersecurity Leadership Conference Alaina Clark & @douglevin will have a fireside chat on @CISAgov's role in ed... January 31, 2023
    RT K12 SIXAt the 2023 National K-12 Cybersecurity Leadership Conference Alaina Clark & @douglevin will have a fireside chat on @CISAgov's role in education cybersecurity, the recent CISA report on the sector, & how schools can best defend themselves: https://www.k12six.org/2023-conference https://t.co/LcXII2K6uX
  • RT K12 SIX: See you in 3 weeks! Jim will walk through a 2020 cyberattack & cover the district’s recovery & process to rebuild its security enterprise... January 30, 2023
    RT K12 SIXSee you in 3 weeks! Jim will walk through a 2020 cyberattack & cover the district’s recovery & process to rebuild its security enterprise. He'll cover what worked, what was learned, & what unexpected issues arose. Learn more here: https://www.k12six.org/2023-conference https://t.co/8AUrrhszEo
  • RT K12 SIX: Attend the conference Feb. 22-23 and learn more about @HeartlandAEA 's MSP cybersecurity program serving central Iowa schools with vendor ... January 27, 2023
    RT K12 SIXAttend the conference Feb. 22-23 and learn more about @HeartlandAEA 's MSP cybersecurity program serving central Iowa schools with vendor sourcing, evaluation, contracting and management: https://www.k12six.org/2023-conference https://t.co/8jY6DiRgPl
  • RT K12 SIX: This is the last business day to book a hotel room for the National K-12 Cybersecurity Leadership Conference in Austin, Texas. Don't forge... January 27, 2023
    RT K12 SIXThis is the last business day to book a hotel room for the National K-12 Cybersecurity Leadership Conference in Austin, Texas. Don't forget to reserve your spot! https://www.k12six.org/2023-conference

About This Site

Maintained as a free, independent service to the K-12 community by the K12 Security Information eXchange (K12 SIX).

How Do Your School District’s Cybersecurity Risk Management Practices Stack Up?

Take the free, private K-12 Cybersecurity Self Assessment to find out.

Last updated 1/30/2021 (version 1.2)

Breaking News: Cybersecurity Vulnerabilities and Threats

  • US-CERT Current Activity
  • US-CERT Alerts
  • CERT Vulnerability Notes
  • Dark Reading
  • Naked Security
  • Threatpost
  • Error
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog
Progress Software Releases Security Advisory for MOVEit Transfer
CISA Releases Five Industrial Control Systems Advisories
CISA Adds One Known Exploited Vulnerability to Catalog
CISA Releases One Industrial Control Systems Advisory
CISA Adds One Known Exploited Vulnerability to Catalog
CISA Warns of Hurricane/Typhoon-Related Scams
People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection
#StopRansomware: BianLian Ransomware Group
Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG
Hunting Russian Intelligence “Snake” Malware
APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers
#StopRansomware: LockBit 3.0
Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server
#StopRansomware: Royal Ransomware
VU#782720: TCG TPM2.0 implementations vulnerable to memory corruption
VU#572615: Vulnerabilities in TP-Link routers, WR710N-V1-151022 and Archer C5 V2
VU#986018: New Netcomm router models NF20MESH, NF20, and NL1902 vulnerabilities
VU#709991: Netatalk contains multiple error and memory management vulnerabilities
VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations
VU#794340: OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly
VU#730793: Heimdal Kerberos vulnerable to remotely triggered NULL pointer dereference
VU#915563: Microsoft Exchange vulnerable to server-side request forgery and remote code execution.
Mass Exploitation of Zero-Day Bug in MOVEit File Transfer Underway
After 'Inception' Attack, New Due Diligence Requirements Are Needed
PyPI's 2FA Requirements Don't Go Far Enough, Researchers Say
'PostalFurious' SMS Attacks Target UAE Citizens for Data Theft
'Picture-in-Picture' Obfuscation Spoofs Delta, Kohl's for Credential Harvesting
Streamers Ditch Netflix for Dark Web After Password Sharing Ban
Want Sustainable Security? Find Middle Ground Between Tech & Education
Apple Zero-Days, iMessage Used in 4-Year, Ongoing Spying Effort
Researchers claim Windows “backdoor” affects hundreds of Gigabyte motherboards
S3 Ep137: 16th century crypto skullduggery
Serious Security: That KeePass “master password crack”, and what we can learn from it
Serious Security: Verification is vital – examining an OAUTH login bug
S3 Ep136: Navigating a manic malware maelstrom
Ransomware tales: The MitM attack that really had a Man in the Middle
PyPI open-source code repository deals with manic malware maelstrom
Phone scamming kingpin gets 13 years for running “iSpoof” service
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers

RSS Error: WP HTTP Error: cURL error 60: SSL: no alternative certificate subject name matches target host name 'blog.opsecedu.com'

Copyright © 2018-2022 EdTech Strategies, LLC. All Rights Reserved.
Disclaimer | Privacy Policy | Contact