This presentation outlined two specific vulnerabilities within the eCollege system. The result allowed students to retake tests as many times as they wished (in a specific configuration, sometimes with the answers provided to them), and to spoof their name in the discussion forum. The help desk at eCollege was contacted multiple times to attempt to fix the vulnerability, but to no avail. Eventually, the local network security club, DC480 held their first DC480Convention. This presentation was provided to any who wished to understand the vulnerability, in hopes that the issues were patched. Finally, about six months after the presentation, the developers created a patch for these two specific vulnerabilities.
The credit for finding the vulerability belongs to Eric Huggins. I provided additional research, and development/delivery of the presentation.
The presentation that I created and conducted at DC480 1 is provided in the link above.
This was my first experience in unveiling a vulnerability in a live system. Through developing the momentum behind the presentation, I learned how to (and not to) approach corporations with suggestions regarding software flaws. I was able to examine a little bit of the legalities surrounding software as an intellectual property.