Campus ID News
Card, mobile credential, payment and security

Campus card “hack” overstated but important

CampusIDNews Staff   ||   Apr 01, 2003  ||   ,

In the past week, a flurry of controversy has surrounded the reported “hacking” of the Blackboard transaction system. On April 12, 2003 Blackboard initiated legal action to stop two students from presenting at a hacker’s conference in Atlanta, Georgia. Their presentation, “Campuswide System Vulnerabilities Update,” was promoted as an overview of a means to compromise Blackboard’s transaction system. A Dekalb County, Georgia Judge granted a temporary restraining order prohibiting the men from discussing items relating to the topic–thereby canceling their presentation.

The events that culminated in this legal action began some time ago. Last year, details began circulating that a document had been posted to a hacker web site detailing plans to compromise the Blackboard transaction system. The article was written by a Georgia Tech student who, along with a student from University of Alabama New College, had done a significant amount of research on the Blackboard system and the underlying technology. The research included at least one incident that was deemed “hacking” by the students, but deemed “vandalism” by Blackboard.

This is an extremely difficult issue to weigh. A couple of enterprising young men studied a system and attempted to report issues that they viewed as significant to its continued security. Was their real intent to defraud the Blackboard system? Or to steal soft drinks from the Georgia Tech auxiliary services department? Probably not. Was it purely an altruistic desire to help make a commercial transaction system more secure to the benefit of all? Again, probably not. Chances are it was a bit of a desire to help, coupled with a lot of free time, and big shot of ego. This is a common recipe for hacking… though it is also a common recipe for vandalism.

It is important to remember that the Blackboard system was never actually compromised. It was only theoretically compromised. I have seen theoretical security breaches many times in the technology sector (the breaking of DES, the microwave oven attack on smart cards, the million computer attack on triple DES…). None of them hurt the practical security of the technologies in question–but they did point to potential areas that could be worked on to make a more secure environment. In order for the campus card industry to continue to mature, our response to this event will be crucial. We must learn from it and improve all of our processes and systems–not just the one singled out in this particular attack. The lesson here is twofold: as campuses we need not panic over theoretical attacks and as an industry we need not crucify the messenger–even if their judgement was bad in the end. We will delve into this issue more deeply in next month’s issue. Stay tuned.

Chris Corum, Editor • [email protected]

|| TAGS:
Subscribe to our weekly newsletter


Feb 03, 23 /

Brown campus mailroom adds visual queue

Brown University has added a new visual queue in its campus mailroom that displays the order in which students will be called to pick up their packages. The system is underpinned by the student ID card and a kiosk system in the mailroom.
Feb 02, 23 / ,

East Carolina adds robot delivery with Grubhub, Starship

East Carolina University has joined the growing list of institutions to deploy robot delivery, partnering with Grubhub and Starship Technologies to provide the service. All students, faculty and staff at East Carolina University are able to leverage robot delivery from main campus dining locations.

LEAF on campus: An open standard for access control and identity management

ELATEC's Sean Houchin discusses a solution for campuses seeking an open alternative to traditional access control platforms: LEAF. LEAF is an open, interoperable platform that allows credential holders to use their LEAF ID card, key fob or smartphone to unlock access to various campus applications through any LEAF-enabled reader.
CIDN logo reversed
The only publication dedicated to the use of campus cards, mobile credentials, identity and security technology in the education market. CampusIDNews – formerly CR80News – has served more than 6,500 subscribers for more than two decades.

Join us, @NACCUorg, and @TouchNet to explore how campus card programs can successfully navigate the sales and procurement process. Join the webinar on June 6, 2 pm EDT.

Webinar: Learn how the University of Arizona uses campus cards, mobile ordering, kiosks, lockers, and robots to revolutionize campus dining. April 7, 2-2:30 EDT. Register Now at

As supply chain issues in 2021 persist, identity solutions provider @ColorID discusses ways campuses can to overcome potentially troublesome delays until the situation eases.

A dining services push at the @UBuffalo is reinforcing the utility of self-service checkout. @CBORD is improving the food service experience using the GET app, as well as Nextep kiosks and Oracle’s Micros Simphony POS.

Did you miss our recent webinar? No worries - watch it on-demand. Leaders from @NAU and the @UAlberta joined Ryan Audus, Touchnet, and Andrew Hudson, @CR80News, to discuss innovative mobile services and the future of mobile tech in higher ed. Watch now:

Load More...
CampusIDNews is published by AVISIAN Publishing
315 E. Georgia St.
Tallahassee, FL 32301[email protected]
Use our contact form to submit tips, corrections, or questions to our team.
©2023 CampusIDNews. All rights reserved.