So I have created quite a stir from this article. It all started when I got a call from my Mom saying the GATECH Police had called for me. The Cop told me the Buzzcard office was conducting an audit of its system to see if anyone was using my info to compromise the system. I suggested to the cop that I could go talk to them in detail about my article, and help them fill in their holes. I walked over thinking that the Buzzcard folks might be upset, but they would see if anyone could help them do a better job it was me

Boy was I wrong. It was like walking into the lion's den. I basicly got reamed from 2 hours by those folks.

"Do you know what you did?"
"Do you know that you embarrassed the university?"
"I am in charge of training everyone in Georgia to use this system, do you know how I look now?"
"To show the world this happened under our noses, how dare you?"
"You know Someone could read your article and then decide _not_ to buy from Blackboard"
"You didn't really get all that far, you couldn't have gotten very far, you didn't hack Blackboard"
"You may cause us to lose out funding"
"You can cost Blackboard money in sales"
"You know we do a better job protecting the lines than most colleges do"


I have been yelled at because I showed the world that the system is weak. Where the HELL are the people yelling at Blackboard for the weak system? Hello Hello? anyone there? Did I embarrass Tech? Did I hurt peoples reputations? MAYBE THEY DESERVED TO BE HURT OR EMBARRASSED! After all, you did the bad job implementing the system. Not me. I said the emperor had no clothes and its easier for you to attack me than shame yourselves. "We do a better job than most." Thats like saying my boat as less holes than yours does. Yes every system has holes, but that doesn't mean you use that as an excuse not to try and fix things. But thats what was done. "Well every system has holes we can't fix them all, so we'll sit on our hands and maybe nobody will find them." "You could cost Blackboard money." Well, if Blackboard is sending you this system in a box with a little tag on it that says "Plug me in, turn me on, you are ready to go," and doesn't tell you how to properly install the system, the than deserve to have business go to a competitor. Hell, Diebold makes ATMs for gods sake. I bet they do a better job, they have to have some DES hardware units just lying around. If Blackboard doesn't tell its clients how to properly implement the system, than Blackboard deserves to lose potential clients.

The more I think about it the angrier I get. I didn't write an article that said "Cross this wire with this wire to get free stuff." No I didn't. I wrote an article that had roughly the same amount of detail on how to do the exploits that a CERT advisory has. I wrote this article because I was interested in a system that no one seemed to know anything about. I found it had holes, and I call Blackboard, and got Blown off. They didn't want to hear about it. So no I didn't go to tech. I wrote an article, to let everyone know the system has big time flaws, and that the company doesn't care. And you know what. Most universities don't care. They are going to say "Hmm, it will cost X dollars to run pipes, maybe X number of people we hack it, this isn't worth it." Nothing about this will be done until someone jacks a school for a few thousand. And that will happen folks. Believe me. As I have said to the cops, to the Buzzcard office, and to the Dean's office: I'm really not that smart of a guy. At Tech their are people far smarter than I. And On a college campus with smart people who are poor, they might get ideas about ways to advance themselves a little.

Wake up people. the cat is out of the bag. If you can get to the RS-485 cables, the system is by the balls. So all of you, Blackboard, GATECH, everyone: As the old saying goes: Stop your bitchin' and start a fixin', because despite all your yelling at me, the title of my article still stands: CampusWide is Wide Open.

I would love to hear your comments. Acidus