At Blackboard's Request, Judge Prevents Students From Discussing Security of Debit-Card System

Andrea L. Foster, Tidsskriftet for Universiteternes Efter- og Videreuddannelse, Apr 17, 2003
Commentary by Stephen Downes

The Chronicle covers the recent court action by Blackboard to block a student presentation exposing security holes in the LMS's payment system. Not a lot that's new here, except for an interview with a generally unresponsive (by court order) Billy Hoffman and a Blackboard representative who, not being restrained by court order, felt free to blather on about how bad the students have been. According to the Chronicle, Blackboard spokesperson Michael Stanton "said that Mr. Hoffman's research had reached a low point when he 'vandalized' the laundry-room switchbox. 'If I take a sledgehammer to an automatic teller machine, I'm a vandal. I'm not pointing out inherent security flaws in a system,' Mr. Stanton said." This is a stupid response. It is not possible to rob an ATM with a sledgehammer, and you certainly cannot (as Hoffman did) simply unscrew an insecure casing and derive the unit's complete functionality, emulate it, and create your own cash machine. If Blackboard's security is as flimsy as a screw-plate, then it is inherently insecure, and no amount of bad-mouthing the students who discovered this - and who tried to warn the company - can change this. It seems to me that if Blackboard wants to silence the students' discussion of the case, then they should apply the same logic to themselves. Or get some smarter spokespeople.
Views: 0 today, 83 total (since January 1, 2017).[Direct Link]