Skip to main content
The K-12 Cybersecurity Resource Center
  • Home
  • Join K12 SIX
  • K12 Cyber Incident Map
  • Year in Review
  • School Cybersecurity Resources
    • Recommended Resources
    • K-12 Cybersecurity Standards
    • K-12 Cybersecurity Self-Assessment
  • Blog
    • Alerts
    • In the News
    • On the Air
    • Commentary
    • Guest Posts
    • Sponsored Posts
  • About
    • About
    • Press Room
    • Newsletter
    • Contact

The K-12 Cybersecurity Resource Center

A K12 Security Information Exchange (K12 SIX) Initiative
  • Home
  • Join K12 SIX
  • K12 Cyber Incident Map
  • Year in Review
  • School Cybersecurity Resources
    • Recommended Resources
    • K-12 Cybersecurity Standards
    • K-12 Cybersecurity Self-Assessment
  • Blog
    • Alerts
    • In the News
    • On the Air
    • Commentary
    • Guest Posts
    • Sponsored Posts
  • About
    • About
    • Press Room
    • Newsletter
    • Contact
  1. Home
  2. Blog
  3. Commentary
  4. On the Air
  5. Disclosing Security Issues: One Student’s Experience
K-12 Cybersecurity News You Can Use: Sept 16, 2019
Journey to a Safer Network: Westfield School District

Disclosing Security Issues: One Student’s Experience

September 10, 2019Written by Doug Levin
  • share  
  • tweet  
  • share 
  • share  
  • save  
  • share 
  • share 
  • pocket 
  • share  
  • share  
  • share 
  • share  
  • email 
  • print 
  • RSS feed 

The latest edition (“A Bored Student Hacked His School’s Systems. Will the Edtech Industry Pay Attention?“) of the EdSurge Podcast focuses on the story of Bill Demirkapi, who recently made national news for his presentation at DEF CON, the renowned hacking conference. During that presentation, Bill reflected on his colorful experiences as a high school student discovering and disclosing security vulnerabilities in two major education technology products.

The EdSurge podcast offers important nuance on the issue of student hacking and suggests that both schools and their vendors have work to do to shore up their cybersecurity policies and practices.

Be sure to give it a listen:

 

A Bored Student Hacked His School’s Systems. Will the Edtech Industry Pay Attention? by EdSurge On Air

This week we’re talking about cybersecurity at schools-and how secure-or in some cases how vulnerable-the tech systems in school systems are. At the center of our story: Bill Demirkapi, who managed to bust into two key student information systems of his high school, then tried to tell the edtech companies to get them to fix their software-with mixed results.

Blog, Commentary, On the Air Bill Demirkapi, Blackboard, EdSurge, EdSurge Podcast, Follett Corporation, Jeffrey R. Young, student hacking, Tony Wan

Similar posts

Our Son was in Trouble
December 2, 2019

Janet Currier, mother of a student expelled for hacking his school district’s IT system, shares her story about the impact of IT-related school discipline policies.

Student hacker shows holes in K-12 cybersecurity
October 4, 2018

It started with a yellow sticky note stuck to a student computer. It ended with a hacked IT system and the expulsion of two students.

The OnEducation Podcast: Unsecured Networks, Punished Students
September 26, 2018

The latest edition of the OnEducation podcast discusses a recent case of student hacking: what went wrong and how it could have been avoided.

K-12 Cybersecurity News You Can Use: Sept 16, 2019
Journey to a Safer Network: Westfield School District

Newsletter Sign Up

TheΒ best way to keep up-to-date with the K-12-specific cybersecurity news you need.

RSS @K12CyberMap (Twitter)

  • RT π™³πš˜πšžπš π™»πšŽπšŸπš’πš—: Schools using popular WordPress plugin have been backdoored for months May 20, 2022
    RTβ€‚π™³πš˜πšžπš π™»πšŽπšŸπš’πš—Schools using popular WordPress plugin have been backdoored for months https://arstechnica.com/information-technology/2022/05/researchers-find-backdoor-lurking-in-wordpress-plugin-used-by-schools/
  • RT π™³πš˜πšžπš π™»πšŽπšŸπš’πš—: Happening today1 p.m. (ET): β€œDigital Threats: How Schools Are Combating Ransomware β€” with FADI FAHIL, AARO... May 18, 2022
    RTβ€‚π™³πš˜πšžπš π™»πšŽπšŸπš’πš—Happening today1 p.m. (ET): β€œDigital Threats: How Schools Are Combating Ransomware β€” with FADI FAHIL, AARON HIGBEE, GEORGE JACKSON, DOUG LEVIN and BHARGAV A. VYAS” https://events.nextgov.com/cybersmart-tv-2022-digital-threats/
  • RT π™³πš˜πšžπš π™»πšŽπšŸπš’πš—: Folks should follow @KristalKstar - she is doing an enormous public service via her investigative reporting ... May 13, 2022
    RTβ€‚π™³πš˜πšžπš π™»πšŽπšŸπš’πš—Folks should follow @KristalKstar - she is doing an enormous public service via her investigative reporting of K-12 cyber incidents. Wish more reporters followed her lead by following up on their stories, making phone calls, obtaining public records, etc.Kristal Kuykendall, Education & Ed Tech Editor: The @Illuminateed #databreach impact is still spreading. Besides those in […]
  • RT π™³πš˜πšžπš π™»πšŽπšŸπš’πš—: Will be presenting later today as part of a K-12 focused webinar entitled "Out of Step with Mounting Threats... May 11, 2022
    RTβ€‚π™³πš˜πšžπš π™»πšŽπšŸπš’πš—Will be presenting later today as part of a K-12 focused webinar entitled "Out of Step with Mounting Threats: Data Driven Strategies to Remediate Risk" https://carahevents.carahsoft.com/Event/Details/285682-iboss
  • RT U.S. Department of Education: Nominations are now open for the 2022 Presidential Cybersecurity Education Award, which honors two K-12 teachers who ... May 9, 2022
    RT U.S. Department of EducationNominations are now open for the 2022 Presidential Cybersecurity Education Award, which honors two K-12 teachers who instill in their students the knowledge & skills to succeed in cybersecurity education & careers. Submit nominations & learn more: http://cte.ed.gov/cyberaward

About This Site

Maintained as a free, independent service to the K-12 community in partnership with the K12 Security Information Exchange (K12 SIX).

How Do Your School District’s Cybersecurity Risk Management Practices Stack Up?

Take the free, private K-12 Cybersecurity Self Assessment to find out.

Last updated 1/30/2021 (version 1.2)

Breaking News: Cybersecurity Vulnerabilities and Threats

  • US-CERT Current Activity
  • US-CERT Alerts
  • CERT Vulnerability Notes
  • Dark Reading
  • Naked Security
  • Threatpost
  • OpsecEdu
ISC Releases Security Advisory for BIND
CISA Releases Analysis of FY21 Risk and Vulnerability Assessments
CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities
Threat Actors Exploiting F5 BIG IP CVE-2022-1388
Apple Releases Security Updates for Multiple Products
Weak Security Controls and Practices Routinely Exploited for Initial Access
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Apache Releases Security Advisory for Tomcat
AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control
AA22-138A: Threat Actors Exploiting F5 BIG-IP CVE-2022-1388
AA22-137A: Weak Security Controls and Practices Routinely Exploited for Initial Access
AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers
AA22-117A: 2021 Top Routinely Exploited Vulnerabilities
AA22-110A: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
AA22-108A: TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies
AA22-103A: APT Cyber Tools Targeting ICS/SCADA Devices
VU#473698: uClibc, uClibc-ng libraries have monotonically increasing DNS transaction ID
VU#730007: Tychon is vulnerable to privilege escalation due to OPENSSLDIR location
VU#411271: Qt allows for privilege escalation due to hard-coding of qt_prfxpath value
VU#970766: Spring Framework insecurely handles PropertyDescriptor objects with data binding
VU#383864: Visual Voice Mail (VVM) services transmit unencrypted credentials via SMS
VU#229438: Mobile device monitoring services do not authenticate API requests
VU#796611: InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM
VU#119678: Samba vfs_fruit module insecurely handles extended file attributes
Chatbot Army Deployed in Latest DHL Shipping Phish
Partial Patching Still Provides Strong Protection Against APTs
Quantum Key Distribution for a Post-Quantum World
Microsoft Rushes a Fix After May Patch Tuesday Breaks Authentication
Authentication Is Static, Yet Attackers Are Dynamic: Filling the Critical Gap
New Open Source Project Brings Consistent Identity Access to Multicloud
More Than 1,000 Cybersecurity Career Pursuers Complete the (ISC)Β² Entry-Level Cybersecurity Certification Pilot Exam
Deadbolt Ransomware Targeting QNAP NAS Devices
Mozilla patches Wednesday’s Pwn2Own double-exploit… on Friday!
Microsoft patches the Patch Tuesday patch that broke authentication
US Government says: Patch VMware right now, or get off our network
S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]
Pwn2Own hacking schedule released – Windows and Linux are top targets
Apple patches zero-day kernel hole and much more – update now!
Firefox out-of-band update to 100.0.1 – just in time for Pwn2Own?
He sold cracked passwords for a living – now he’s serving 4 years in prison
Closing the Gap Between Application Security and Observability
380K Kubernetes API Servers Exposed to Public Internet
Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover
DOJ Says Doctor is Malware Mastermind
APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days
April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell
Sysrv-K Botnet Targets Windows, Linux
iPhones Vulnerable to Attack Even When Turned Off
Find Log4j with SaltProject and Everything
MyStaff – Simplified Administrative Password Reset
Properly configuring Google Meet
Talking to the Zoom API using Powershell (or your favorite language)
How Zoom failed to understand K-12 education
Enable Remote Work with Ordig and WireGuard VPN for Windows
Improving Windows Defender Update Efficacy
Assess your Active Directory before someone else does (BloodHound)
Copyright Β© 2018-2021 EdTech Strategies, LLC. All Rights Reserved.
Disclaimer | Privacy Policy | Contact