We used It's Learning in "high school". It had login without https at the time, ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		matsemann on Sept 18, 2019 \| parent \| context \| favorite \| on: How we hacked Blackboard and changed our grades (2... We used It's Learning in "high school". It had login without https at the time, and on the school wifi it was then easy to listen and get other's credentials. Some people got hold of some teachers' credentials, and tried to remove or alter some minuscule data. One guy however, decided to sell grade-editing as a service to others. Of course it was noticed by the school, and it became a big deal with police involved and everything. Happy ending, though, the two people I know that was involved got master's in compsci a few years later.

perryprog on Sept 18, 2019 | [–]

Must've been fixed. My school used It's Learning for a while until this year, and it was fairly secure. HSTS of course.

matsemann on Sept 19, 2019 | | [–]

Yes, this was 10 years ago. I may even misremember, maybe it was a unsecured single sign on in front or something where the fault actually was.

food_eater on Sept 18, 2019 | [–]

Did this happen to go down in Florida?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact