Information Security News
A high school senior in Miami has been arrested on charges claiming he illegally accessed his school's online report card system and changed grades for him and at least four other students, according to a published report.
Jose Bautista, 18, appeared in court Friday, according to WFOR. He reportedly faces charges of intellectual property offense, modifying programs, and an offense against computer users. The student allegedly approached fellow students and asked if they wanted him to change their grades. The principal of Dr. Michael M. Krop Senior High School, the school Bautista attended, said the student gave a written confession detailing the hacking.
Bautista's bond was set at $20,000. He is under house arrest with a GPS monitor. It's unclear if he will be allowed to graduate or if the other students involved will face any punishment.
For more than a decade, the virtues of strong passwords have been lost on most end users, despite frequent sermons from security experts and IT administrators over their importance in locking down accounts. Now, a consultant is proposing a system that provides rewards or penalties based on the passcode choices people make.
For instance, a user who picks "[email protected]#" might be required to change the password in three days under the system proposed by Lance James, the head of the cyber intelligence group at Deloitte & Touche. The three-day limit is based on calculations showing it would take about 4.5 days to find the password using offline cracking techniques. Had the same user chosen "[email protected]##$x" (all passwords in this post don't include the beginning and ending quotation marks), the system wouldn't require a change for three months.
"We spend a lot of time telling the user to 'do this because security experts advise it, or it's part of our policy' but we don't really provide an incentive or an understanding of why we tell them to do this," James wrote in a blog post laying out idea for what he dubs "Pavlovian password management." "Well humans are programmable, and the best way to see the human brain is to look at it like a Bayesian network. It requires training for it to adapt to change and repeated consistent data to be provided."