UCSB Student Engineers Grade Hack 544
An anonymous reader writes "The UCSB Daily Nexus reports "A UCSB student is being charged with four felonies after she allegedly stole the identity of two professors and used the information to change her own and several other students' grades, police said." The article goes on to note that, though working a few tricks to get into the system, she was fairly unsophisticated, and in fact failed to conceal her IP address from authorities. With other computing snafus recently making headlines, are universities too careless with their data?"
Blowjob (Score:4, Funny)
Re:Blowjob (Score:4, Insightful)
Geeks are starting to act like construction workers..."if a woman wants to get ahead, all she has to do is suck some dick."
And where have you been? (Score:5, Insightful)
I don't know where you've been, but (no matter what ESR's jargon file says) there's always been a consistent streak of fairly crude sexism in the computer geek world. I'm sure some sociologist has written about it extensively, but it's the kind of thing I see in any large group of (mostly younger) men who are all in competition for alpha male status. (I've watched the sales guys at work, and it's there too)
Here on slashdot, there's intense competition among the first posts to get something modded up to "funny". I don't know if that's the driver - I'm not a sociologist - but it might have something to do with eliciting this behavior.
Had this student been male, would there have been a gay sex joke made? Probably, given slashdot, eventually (if nothing else, some GNAA troll would show up), but not in the first 100 posts. (Though actually, the original post's text would work just as well if the student were male...)
Re:And where have you been? (Score:3, Interesting)
Look, I'm not trying to make you change all occurrences of "he" to "he/she" or some worse neologism, I'm not trying to make sure that all your example sentences have an equal balance of male and female names, and I'm not trying to make sure you hire unqualified employees so that your organization fits some desired overall demographics.
Re:And where have you been? (Score:3, Insightful)
Women are whores, plain and simple.
So you say all women are whores, and then you're surprised when you get called a dog. (Or whatever.)
Here's a radical idea: how about both sexes lay off the name-calling. You can call this PC if you like; I see it as a matter of simple politeness.
Re:Blowjob (Score:5, Funny)
What with men having the advantage because they give better blowjobs you mean?
"if a woman wants to get ahead, all she has to do is suck some dick."
Strange choice of example. It says that men are easily corrupted by offers of trivial sexual favours. It doesn't say anything negative about women at all.
Re:Blowjob (Score:5, Funny)
Re:Blowjob (Score:5, Insightful)
You're assuming a lot. I know a lot of people who'd fire a woman offering a blowjob for a favour, if they were her employer/boss.
Re:Don't sweat it (Score:3, Funny)
"Chairperson" is worse because it dehumanises the position
Because we all know that people aren't human.
Re:she didn't compromise the system (Score:5, Informative)
oh, and she knew how to use google also. http://www.google.com/search?q=university%20califo rnia%20santa%20barbara%20egrades [google.com]
Re:she didn't compromise the system (Score:5, Funny)
Re:she didn't compromise the system (Score:3, Insightful)
Er, set up a system where you couldn't change someone's password just by knowing their SSN?
Re:she didn't compromise the system (Score:5, Interesting)
This is not a "hack"!!!! She didn't exploit any technological weakness, only stole data giving access to a system.
Re:Blowjob (Score:5, Funny)
"Well then, why don't you try studying?"
Re:Blowjob (Score:5, Insightful)
Re:Blowjob (Score:4, Informative)
Well, here's one solution - set the BIOS not to boot from CD. Set a sensible BIOS password. That's that problem sorted.
Seriously, I don't know why so many people bang on about Linux-on-a-CD being dangerous; it's like ActiveX - it's only dangerous if your computer setup allows it to be.
Re:Is SSL breakable? (Score:3, Interesting)
Re:Is SSL breakable? (Score:5, Informative)
Huh?
There are two SSL key exchange methods which are mostly used: (1) RSA and (2) ephemeral Diffie Hellman.
With (1), the client (browser) picks a random 48-byte key k, PKCS1 pads this, then raises it to the server's public exponent (e) mod N and sends that.
With (2), the client and server do a diffie hellman key exchange with the addition of the server signing his (so that the client can be sure he's talking to the server) with his RSA private key.
In neither case can the pre-master secret be obtained by a sniffer. In case (1), obtaining the pre-master secret from C = PKCS1( k )^e mod N implies being able to find e'th roots mod N (good luck with that). With the latter, the sniffer has: g^a mod p and g^b mod p, finding g^ab mod p is exactly the diffie hellman problem, good luck with that, too.
Re:Is SSL breakable? (Score:5, Informative)
Admittedly, most browsers will detect this, and throw up a dialogue box -- but due to poor training or understanding of security, 99% of users will simply click away the warning to get their application, and will happily login and access information, while the MITM steals all packets without having to attack the encryption.
SSL and SSHv1 are both vulnerable to this type of attack. SSHv2 and IPSEC will resist it, and fail the connection, which is correct behaviour.
Re:Is SSL breakable? (Score:3, Informative)
Ettercap can also detect an SSH connection going out and respond to the client saying that the server only allows SSHv1. The default client behavior is to initiate the connection over SSHv1 (this is wrong). Ettercap then sniffs the key exchange and forwards the connection (over SSHv2 this time) to the remote server. The server thinks you're connecting through SSH
Re:Blowjob (Score:3, Interesting)
As I see it, the only options are:
1) Eliminate ARP entirely, by locking ARP caches with fixed addresses of critical devices (an administrative nightmare);
2) Use an IDS
Re:Blowjob (Score:4, Funny)
Indeed. As illustrated by this excellent graph:
P|iiiiiiiiiiiiiiiiiiiiiiiiiiiii
O|iiiiiiiiiiiiiiiiiiiiiiiiiiiii
P|iiiiiiiii_iiiiiiiiiiiiiiiiiii
U|iiiiiiii( )iiiiiiiiiiiiiiiiii
L|iiiiiiii//iiiiiiiiiiiiiiiiiii
A|iiiiiii//iiiiiiiiiiiiiiiiiiii
R|iiiiii//_iiiiiiiiiiiiiiiiiiii
I|iiiii//(_)iiiiiiiiiiiiiiiiiii
T|iiii//(_)iiiiiiiiiiiiiiiiiiii
Y|______________________________
. S U C K I N G --------------->
Shoulda used an open wireless access point! (Score:5, Interesting)
Mainstream Media could take a lesson from the UCSB guys - nice writeup with some nice details that explain things pretty well - good read.
Re:Shoulda used an open wireless access point! (Score:3, Funny)
Comp sci has suddenly become too common for me, I need a new career.
Re:Zen (Score:3, Funny)
Tor and Privoxy (Score:2, Funny)
Re:Shoulda used an open wireless access point! (Score:5, Funny)
Nonono! The line is "if it hadn't been for those pesky kids and that dog!"
Mack Daddy says "NO!" (Score:3, Interesting)
Believe it or not, they keep mac address databases, any self respecting router will. Who is to say the police can't trace the IP to an wireless access point and check Mac addresses? Who is to say that free is really free, that it's not one big honey pot? They have camera's? They know the time it happened??
It ain't that easy...
Re:Mack Daddy says "NO!" (Score:4, Informative)
Re:Mack Daddy says "NO!" (Score:5, Interesting)
Alone it means little, but along with other information, it can sometimes tell you something. Yesterday I put up a new AP and left it open as a loss leader of sorts as there are other free conections in the area. (The first hit is free) Going through my access logs I came accros a user that used quite a bit of upstream but little downstream bandwidth. I cross checked the MAC with my dhcp server log and came up with 'client-hostname "your-2r8c4odfb2"'. That's an odd thing to name your computer. Thinking that 2r8c4odfb2 might me some wierd 1337 speak, I googled [google.com]it and found: your-2r8c4odfb2.cpe.ozrk.al.charter.com listed as the hostname for a computer which had sent quite a bit of email (read SPAM). Now I could be way off base here, but the wierd traffic coupled, with the hostname listed as having a high probibility of being a spam server, was enough for me to ban the mac till the AP is added to the authentication and billing system.
Comment removed (Score:4, Interesting)
I don't think it would have worked. (Score:5, Informative)
So, she wouldn't have got to keep the forged grades but she might have avoided a criminal record. Maybe.
Re:Shoulda used an open wireless access point! (Score:3, Insightful)
A smarter hacker would infect the system with a script that would gradually, over time, boost their GPA in a difficult to trace method. Maybe figure out a minor improvement that you'd make every day to all students that had a student id number that fit a given algorithm.. where your own id just happens to be one that comes up most frequently. Say that your student
Re:Shoulda used an open wireless access point! (Score:5, Interesting)
Anythig which boosts your score is going to point at you.
What you want to do is plant evidence of the professors having a bias against you. Subtle things. Enough to form the basis of an appeal. Then you drop your grades in your good subjects so a review will see that you are a victim and give you a pass.
Is it only me? (Score:3, Insightful)
Re:Is it only me? (Score:3)
She didn't hack the login, she used ID information to impersonate the professors and get the passwords changed.
Given the level of security, it's perhaps better called ``identity casually picked up off the floor where it was just lying around'', but it's clearly a subclass of identity theft.
Re:Shoulda used an open wireless access point! (Score:4, Insightful)
Thank you for the kind comments, xmas2003 and obsol33t.
I'd like to clarify and reply to some of the comments made on Slashdot, if you would allow.
I did not think this incidient could be considered "hacking." Notice that we didn't use the terms "hacker," "hacked," "exploited" or "compromised" in the headlines or article when describing what happened. Like the article says, there were technically not exploits in the system -- no SQL injection, buffer overflow, XSS, etc.
Not every person could repeat what Ramirez allegedly did. Her job gave her a specific access to personal information. It's really a case of identity theft, a felony offense. The police are responsible for charging Ramirez, not the university.
When reading the story, you have to remember that it's a general newspaper, not 2600 or the like. The three (3) paragraphs, out of roughly 30, about the knowledge required to enter eGrades was included to give readers a perspective on the difficulty level needed to do what the perpetrator did. "Was this person a 'true hacker' or was it something simpler than that?"
The phrase, "required some technical savvy," was meant to indicate a small amount, not emphasize, of technical knowledge was needed.
Also, the lede -- the first sentence in a news article -- states, the grades of several students, not just Ramirez's and her roommate's, were changed. Police would not release further specific details about others' changes because of the ongoing investigation, as the article stated.
Schmidt, as far as I know, is a very competent network programmer/sysadmin/computer geek. He's also pleasant on the phone. =) I'm guessing he simplified his statements because he was talking to the press and did not know if I had any technical knowledge. For the record, I know enough. =)
Re:Just for comparison.... (Score:5, Insightful)
Beating up old ladies only destorys faith in the person who did it.
It's one reason petty counterfeiters are hit so harder than a petty theft. It's not like the few $100's they make will actually lead to inflation. But if enough people get away with it then it leads to a general lack of faith and confidence in the dollar. That's a bad thing, since the whole economy works on the idea that we all pretty much believe a dollar is worth the same thing.
Re:Just for comparison.... (Score:3, Insightful)
In fact counterfeiting doesn't even come close to the kind of effect a good elected official can achieve in this respect
Can't Hack It (Score:5, Funny)
*ducks*
Pfft... this is nothing (Score:5, Interesting)
Re:Pfft... this is nothing (Score:2)
Who needs programmatic security... (Score:5, Insightful)
... when the policy enforced by the program is broken to begin with?
From TFA:
The university's grading system, eGrades, is an in-house program that professors can access via the Internet to submit and alter students' grades. eGrades uses UCSB NetID, a campuswide authentication system, to check a user's identity. If a user forgets their password, they can reset it by entering their Social Security number and date of birth, Schmidt said.
This is evil. SSNs and DoBs are far too easy to find. The suspect worked for an insurance agency, but it would not be difficult to find this information through other means.
For more examples of such problems in systems, check out Risks Digest [ncl.ac.uk].
Re:Who needs programmatic security... (Score:5, Insightful)
But on the other hand:
When a grade is altered, a feedback system is automatically triggered to inform professors and the Registrar's Office of the changes.
"There's basically a feedback mechanism, and ultimately, it comes back to the feedback mechanism and the individual department trying to reconcile grades and saying 'It doesn't look like this is correct and how can this happen?'"
So while the access point security is awful, there are processes in place to flag potential problems. At least they are practicing security in depth, even if one of their layers is paper-thin.
Re:Who needs programmatic security... (Score:3, Interesting)
My $CREDITCARDCOMPANY just got gobbled up by a bigger one. One of their "innovations" is that you can't have an arbitrary ID - it has to be all numbers and defaults to your SSN. I had a little talk with one of their managers who said "that's the way it is and we have no intention of changing it" who suggested that I could use my phone number instead of my SSN if I wanted an easy to remember but "more" secure ID.
On top of that, their passwords are currently alphan
Re:Who needs programmatic security... (Score:3, Insightful)
Re:Who needs programmatic security... (Score:5, Interesting)
eGrades security is far worse than that. It doesn't require a social security number and date of birth, rather it uses the "university id" that at student uses to login to some campus wireless networks, campus e-mail and the uweb/ustorage accounts.
Here's the login interface:
http://www.egrades.sa.ucsb.edu/ [ucsb.edu]
Resetting the password requires:
Last Name, Perm Number (id number), last four of social and birthdate.
Obtaining these, albeit not easy is not that hard at all.
From TFA (Score:4, Insightful)
Like one person getting credit for something they didn't do isn't enough... its got to be mass fraud to care?
"It's believed at this time that [Ramirez] accessed the computer system from her house," Signa said. "There is also a second indication that the computer was accessed at one point from the office where she worked, so its believed [she used eGrades at] both locations."
Idiot!
Professor mistakes (Score:5, Interesting)
Re:Professor mistakes (Score:3, Funny)
I had an instructor who did the same thing. Except his password was 26 characters long. He did denied that it started with the letter 'a' and ended with the letter 'z'. Go figure.
Signature fun (Score:5, Funny)
He was sending out emails with it on for a week before a professor wrote to him telling him to change it to something more appropriate.
Re:Professor mistakes (Score:3, Interesting)
These days, it's a bit more complex (Microsoft would like you believe that it's impossible because of the ctrl-alt-del secure attention sequence, but if you have physical access to the hardware, well, you can just replace the GINA with your evil version), but still very possible
Is this really 'hacking'? (Score:4, Informative)
Re:Is this really 'hacking'? (Score:2)
What is the big deal about hackers? (Score:2)
I happen to think of hackers like a baseball player. They have a greater responsibility to people, they were born with gifts. And if they use them for their own benifit and not society, then why did God give them more?
The Irony is (Score:5, Funny)
War Games (Score:3, Funny)
SSN (Score:4, Insightful)
Signa said Ramirez worked for the Goleta branch of Allstate Insurance, where she had access to the personal information of two UCSB professors who were insured with the company. Ramirez reset their passwords using private information she obtained from her job, Signa said.
SSN stored by University and Insurance company and God knows where else. Yet it is supposed to be a secret between you and the Government.
No, SSN isn't supposed to be a secret (Score:3, Insightful)
So SSNs are a good identifier. Their primary, and orignal, purpose is to track earnings for social security purposes. However congress later authorized its use for lots of other identification things (like tax ID).
Now the problem is that fo
Re:No, SSN isn't supposed to be a secret (Score:5, Insightful)
SSNs are a terrible identifier:
Congress later authorized its use for lots of other identification things (like tax ID).
Congress later authorized its use for one other identification thing (tax ID).
What needs to happen is places like banks, universities, etc need to stop treating it like it's secret.
Until SSNs cannot be used in violation of rule 6 and in spite of rule 5, they must treat it as a secret as important as the combination to your safe.
i wouldn't worry about the people that got caught (Score:5, Interesting)
[*_-]
From TFA (Score:2, Insightful)
"An important distinction in this case, compared to some other instances you've seen reported on around the country, the integrity and security of our grading system is intact and was not compromised," said Paul Desruisseaux, UCSB assistant vice chancellor of public affairs.
If a user forgets their password, they can reset it by entering their Social Security number and date of birth, Schmidt said.
The Security of the grading system is INTACT? Hell yeah!
Universities are centers of excellence (Score:2)
By direct inference, any academic establishment that DOES get hacked by amateurish methods, or by people walking off with laptops holding unsecured data, etc, is clearly NOT a University, or at least not one with any credibility.
The obvious solution is to say that any teaching establishment that suffers loss or distortion of data by techniques that could be expected of that age group (or yo
Open Records (Score:2)
No fault in the software? Yea right (Score:2)
In most cases where you forget your password they send it to your e-mail address. Why do they not do that in this case? If they had done that the girl would not have access to it since she never did know his password.
Saying this is not a fault in the software is to save face, but pe
The smart cheater... (Score:2, Insightful)
No, the smart cheater hacks into the system before the exam, in order to lift the subject (and possibly answers...) from the teacher's homedirectory ;-) Much harder to detect, unless culprits boast about it on Slashdot twelve years after...
Cheaters (Score:5, Interesting)
I remember reading awhile ago when a middle school student changed his grade by creating I believe a macro that increased his grade by 10% by every time the class grades were pulled up. Eventually he was caught when he had a percentage far above 100.
another cheating example that comes to mind. Is when a professor decided to check how many papers turned in were plagiarized with http://www.turnitin.com/ [turnitin.com] and found that a sizable number of students were cheating.
As a university student at a large university, I have noticed that some classes prevent cheating more than others. For example, in my chem class which has over a thousand students four forms are given, empty seats all around you. It is nearly impossible to cheat. My physics class I am taken now there are 2 forms and students are placed directly next to each other. Needless to say after the second midterm a student went from a perfect score to only one out of fifteen correct. But when classes only have 3 exams that make your exam cheating must be delt with extremely harshly. These mild security flaws with technology that keep appearing are usually due to weak passwords anyways. This case a social security number was the lone culprit. I think a levelheaded IT department and some well planned passwords and password recovery processes are what should be focused on now. I feel that cheating is a most urgent program in colleges
Re:Cheaters (Score:5, Interesting)
I never went to college.
However, in high school, my history teacher noticed that a good proportion of the answers given on tests were highly correlated - not exact, per se, but suspiciously close to the exact same answers.
He made up seven different versions of the test, and ensured that the answer key for any version was different enough from the others to cause dramatic test failures in the case of copying. (multiple choice, 5 options, 30 questions - plenty of combinations).
That test, about six to ten people, people, all in a rough blob behind and to the right of me, failed.
I was oblivious to the fact that they were copying me, but it was pretty funny - he'd given me one version of the test and every one else a different version. After that I got rather paranoid about making sure my answers weren't visible to others.
Re:Cheaters (Score:3, Interesting)
Perfect crime? (Score:5, Insightful)
Sadly, she admitted to the crime. One good theory ruined by bumbling criminals not really being criminal masterminds in disguise.
Re:Perfect crime? (Score:5, Interesting)
True. I always thought there was nobility in failing a few classes in college. If you didn't fail a few, you weren't really pushing yourself hard enough. My transcript represented this worldview pretty well.
But the social aspect of the hack is interesting, even if it isn't useful. The best hack is not one that is never resolved, but one that is resolved neatly, definitively, and completely wrong.
I knew someone in High School who was a master keygrabber. He would arrange intricate dances around all of the teachers so that he could grab their key ring for an hour and make copies of everything. This ranged from "intimate talks" about problems that didn't exist, to mundane copier issues, to larger things like students getting "caught" doing things they weren't supposed to be doing.
It was the plausable misdirection that made him a master. Somehow the instructions to change the sprinkler times to 10:30 would be communicated to the gardener as 6:30, and due to this oversite two weeks later all of the people at the homecoming game would freak out and go running for the gardener's shed, where they would cut off the lock, and turn off the sprinklers. There, the typo would be discovered in the instructions, and the case would be closed. Bad typing was to blame. In their rush, nobody noticed that the lock they cut off of the gardener's shed wasn't keyed the same as the lock that originally was on the shed. Nor did they notice that the full set of maintenence keys that were in the gardener's shed was now slightly warm to the touch.
Never try to "get away with it" by being untracable. "Get away with it" by giving people a plausable explanation for the inconsistincies they see... something believeable, easy, and invisibly incorrect. Never leave a case open.
Re:Perfect crime? (Score:3, Interesting)
However, there is a class who is above all. They do what they want to do, and intricately weave a web so convincing, that there is never, ever a chance that anything can be traced back to them. Like in the case you described, the guy did not have to cover his tracks of having rep
Seems a little over the top... (Score:5, Insightful)
Also, charging the girl with four felonies seems a little over the top, given the nature of the crime. What she did doesn't seem any different than cheating on a final exam but cheating usually calls for expulsion rather than a felony criminal charge. It isn't as if the girl vandalized the system, sold grades to others, or used the professor's info to open credit card accounts or something. Do they really want to send people like this girl to prison for several years? For what reason?
I feel real sorry for her (Score:3, Insightful)
Yes i'm careless for having windows made of regular glass instead of tempered. While we're on that note, lets fault me for having a wooden door instead of a steel one, and dirt in my crawlspace someone can tunnel into.
I think the university did the best it could here. No matter how high/tall/hard you build it, folks are always gonna try and break it. It's just a fact of life.
I think the only person careless in this whole shebang is the girl that did the grade changing. I doubt this is the most morally devoid thing that has ever happened in this professors class
I can't recall how many times I had girls that liked me offering to do my homework in school, or how many times I saw someone blatenly fuck another persons report up by checking all the books pertaining to their subject from all the local libraries. I think the worse i've seen is the prefferential treatment some students get, weather it's because of being on the football team, or some other popular school group.
There's a lot worse that goes on in schools, it's just she got caught.
Not a Hack ! (Score:3, Informative)
"Tech savvy?" (Score:3, Insightful)
She did demonstrate some creativity by using her work DB to look up her prof's personal info. However, considering that she did NOTHING to conceal her identity (steal wi-fi, use a proxy, etc), she clearly wasn't a savvy hacker. Smarter than the average user, perhaps, but definitely not a crafty blackhat.
RTFA (Score:5, Informative)
Re:RTFA (Score:3, Insightful)
Female? (Score:3, Interesting)
Re:Female? (Score:5, Interesting)
A person breaks the law and you offer kudos?
Two idiots... HTTPS and Computers for Idiots.... (Score:5, Insightful)
So... uh.... wha???
If she captured packets, then yeah, this idiot might have a valid point but what the hell is this guy talking about otherwise?
And this isn't hacking. It isn't even cracking. It's "I guessed a freaking password! But didn't know jack crap about anything else so I got busted. Oh well. At least that Schmidt guy will give me 'Computers for Idiots" when he is done with it."
The professors' password, of course... (Score:5, Funny)
Felony (Score:5, Interesting)
3 Strikes and you can goto prison for life, its no longer just 3 dangerous felonies see http://en.wikipedia.org/wiki/Felony [wikipedia.org]
http://www.facts1.com [facts1.com] has some good info on how the law is abused. Then put mandatory sentencing on top, you really get ground up in the system...
She can loose her right to vote, her DNA kept on file as a criminal, she is now considered a dangerous criminal in the eyes of the law.
Hey, she could get busted for smoking a joint, or filling out a DMV record incorrect and serve 25 years in prison. Thanks to 3 strike laws.
But hey, you feel safe now, right?
Re:Felony (Score:4, Insightful)
Suppose you decide you really should have that engineering degree but just don't want to study... Now you're in the middle of building a 90-storey office complex and you have about 40% of the knowledge you need
And besides, I had to drudge through college without cheating [which included repeating some classes] why shouldn't she?
Tom
Re:Felony (Score:3, Informative)
"Three strikes laws are a category of statutes enacted by state governments in the United States, beginning in the 1990s, to mandate long periods of imprisonment for persons convicted of a felony on three (or more) separate occasions."
If you're going to use Wikipedia as a source on Three Strikes laws, you could, at least, read the Wikipedia entry on Three Strikes laws.
Re:Felony (Score:3, Insightful)
I don't. Walking your dog without obeying the leash law counts as a felony in some places. If you're doing this with 4 dogs, that would be 4 felony counts. I've never heard of someone getting a life sentence for leash-law violations, or any other trivial thing (except drug posessions).
The flack over the 3-strikes law is pretty ridiculous. It was widely reported that a man
Not a hack at all, a blantant criminal act (Score:3, Informative)
She then logs in to the grading system and changes her grades.
And the computer system worked like a charm. Any grade change resulted in a departmental notification. The professor, realizing that he did not make the change and could not log into the account any more, notified the appropriate authorities.
An investigation occurred and this criminal was discovered. Sounds like an open and shut case to me.
The beauty of triggers (Score:3, Interesting)
I wrote a couple of trading-ish systems that used this when a person placed a trade. Came in very handy when a user called to say that he had lost some major $$$ because we screwed up his order, only to show him in the log that he had in fact placed his order at this time, and then tried to cancel it not a minute later, but a full two hours later, long after the close.
Yes it can be done in a procedure, write to another table, etc., but what I've always liked about triggers is that they're automatic, somewhat hidden, and easy to forget...
Your signature... (Score:2)
Paul B.
Re:More than meets the eye... (Score:3, Interesting)
What was the reason for cheating? What was the consequence of failing the class? What was the risk of getting caught cheating?
I don't think we will kill people for cheating, or sentance them to some lifelong hell. But if someone fails, and gets pushed into the lower class, it is hell. Like George Bush said "Congrats, you have two jobs, something uniquely American"
If soci
Re: (Score:2)
Re:Carelessness ? (Score:5, Interesting)
Needless to say, I would argue, at least at my school, they are not careless. In fact, I would argue that they are erring on the side that someone will try to hack the system. But the school also takes computer issues seriously. The computer use policy is very strict, and makes it clear that abuse of a computer, on or off campus is grounds for getting expelled.
Re:Carelessness ? (Score:3)
Or just lie and say they'll follow the honor code? Why go through all that trouble to safeguard a system that can be circumvented verbally?
And That's Good? (Score:3, Insightful)
It's nice your school is trying to perform steps to prevent cheaters but that's just way too much. A university should be a place where you can live the life you want and the free exchange of ideas with many different types of people from all around the world, not worried if you've sufficiently proven you aren't a cheater to the satisfaction of one of the 70 select individuals.
Re:And That's Good? (Score:3, Insightful)
Does having a person attest to having witnessed you swear to obey the honor code every semester have any more effect than signing a piece of paper at the beginning of enrollment?
Does the massive amount of security focused on making sure that you swore the oath to obey the honor code
Re:Carelessness ? (Score:3, Insightful)
"For some of my volunteer work, I am the clerk for one of these advisors. One of the things the advisor asked me to do was to enter in endorsements into the computer."
They don't, by chance, ask advisors to sign the same affirmation to abide by all the rules, do they?
Re:"Hack"? (Score:5, Interesting)
You can reset your passwd at my college with SSN and DOB too, the extra securfity being that you have to go to a lab (like the one where I work) and use a specific comp that is always at the admin desk and cannot be used without supervision. When you log in with said info to change your password a big picture of you comes on the screen, if the you on the screen doesnt match the you changing the passwd we boot your sorry ass out of the center.
Re:"Hack"? (Score:3, Insightful)
Re:"Hack"? (Score:5, Funny)
Now I'm white, small and not very built at all so naturally the only real option was for me to submit an image of Mr T. A fortnight passed with anticipation and soon my new ID was ready to be picked up. I had this whole bogus "There must have been some mistake here! This isn't me" speech ready or if I felt funny on the day I had the "This is so me, I pitty the foo who be discriminating against my people" speech. I go to pick up the ID, the lady asks for my student number, name, dob etc. Takes a look at the ID to see the details match and hands it over...
nothing.
She didn't even question the fact that there was a huge black man with bulk bling on my ID and it was clearly not me.
I went home with my new souveneer, resubmitted my real photo and got a replacement ID two weeks later. I still bring the thing out for laughs.
Re:Mr. Schmidt rulz (Score:3, Insightful)
That's why that dumb 'geeky https' comment came out.