Campus ID News
Card, mobile credential, payment and security
FEATURED
PARTNERS

Campus card “hack” overstated but important

CampusIDNews Staff   ||   Apr 01, 2003  ||   ,

In the past week, a flurry of controversy has surrounded the reported “hacking” of the Blackboard transaction system. On April 12, 2003 Blackboard initiated legal action to stop two students from presenting at a hacker’s conference in Atlanta, Georgia. Their presentation, “Campuswide System Vulnerabilities Update,” was promoted as an overview of a means to compromise Blackboard’s transaction system. A Dekalb County, Georgia Judge granted a temporary restraining order prohibiting the men from discussing items relating to the topic–thereby canceling their presentation.

The events that culminated in this legal action began some time ago. Last year, details began circulating that a document had been posted to a hacker web site detailing plans to compromise the Blackboard transaction system. The article was written by a Georgia Tech student who, along with a student from University of Alabama New College, had done a significant amount of research on the Blackboard system and the underlying technology. The research included at least one incident that was deemed “hacking” by the students, but deemed “vandalism” by Blackboard.

This is an extremely difficult issue to weigh. A couple of enterprising young men studied a system and attempted to report issues that they viewed as significant to its continued security. Was their real intent to defraud the Blackboard system? Or to steal soft drinks from the Georgia Tech auxiliary services department? Probably not. Was it purely an altruistic desire to help make a commercial transaction system more secure to the benefit of all? Again, probably not. Chances are it was a bit of a desire to help, coupled with a lot of free time, and big shot of ego. This is a common recipe for hacking… though it is also a common recipe for vandalism.

It is important to remember that the Blackboard system was never actually compromised. It was only theoretically compromised. I have seen theoretical security breaches many times in the technology sector (the breaking of DES, the microwave oven attack on smart cards, the million computer attack on triple DES…). None of them hurt the practical security of the technologies in question–but they did point to potential areas that could be worked on to make a more secure environment. In order for the campus card industry to continue to mature, our response to this event will be crucial. We must learn from it and improve all of our processes and systems–not just the one singled out in this particular attack. The lesson here is twofold: as campuses we need not panic over theoretical attacks and as an industry we need not crucify the messenger–even if their judgement was bad in the end. We will delve into this issue more deeply in next month’s issue. Stay tuned.

Chris Corum, Editor • [email protected]

|| TAGS:
Subscribe to our weekly newsletter

RECENT ARTICLES

Apex OrderHQ Array modular lockers
Jul 02, 25 /

Modular locker solution streamlines campus order pickup

Apex Order Pickup Solutions launched a new modular system of automated order pickup lockers that can be stacked or setup in custom configurations. The OrderHQ Array Series lockers work in any floor plan without expensive remodeling. In an interview with Food On Demand, Kent Savage, founder and executive chairman of Apex Order Pickup Solutions, compares […]
Amy Surprenant, HID Global
Jun 26, 25 / ,

Effective project management key to GWU mobile credential launch

In a recent interview, HID Global’s Amy Surprenant discusses the project management component of the mobile credential launch at George Washington University (GWU). With 26,000 faculty, staff, and students, the project marked a significant milestone for the institution and its partners, including HID, CBORD, and various on-campus departments and vendors. The deployment of HID Mobile […]
replace allegion reader module
Jun 26, 25 / ,

FIT and Denison both go mobile, but with very different starting points

Denison University and Florida Institute of Technology (FIT) rolled out mobile credentials to students and staff across their campuses. The projects were very different, however, because of the existing reader infrastructure on the two campuses. Each partnered with Allegion and Transact + CBORD to deliver the new digital IDs – stored in Apple Wallet or […]
CIDN logo reversed
The only publication dedicated to the use of campus cards, mobile credentials, identity and security technology in the education market. CampusIDNews – formerly CR80News – has served more than 6,500 subscribers for more than two decades.
Twitter

Attn: friends in the biometrics space. Nominations close Friday for the annual Women in Biometrics Awards. Take five minutes to recognize a colleague or even yourself. http://WomenInBiometrics.com

Feb. 1 webinar explores how mobile ordering enhanced campus life, increased sales at UVA and Central Washington @Grubhub @CBORD

Load More...
Contact
CampusIDNews is published by AVISIAN Publishing
315 E. Georgia St.
Tallahassee, FL 32301
www.AVISIAN.com[email protected]
Use our contact form to submit tips, corrections, or questions to our team.
©2025 CampusIDNews. All rights reserved.