Altered Grades Lead to Student’s Arrest, reads the headline. Upon further reading it is clear to me that naivete in system design combined with unscrupulous behavior are to blame. I am so sick of hearing about systems that have been access by people impersonating authorized users. Many times these systems are protected by passwords and the hole that makes them vulnerable is the utility for resetting the password when a user forgets it.

How can an administrator say, "...illegal access to the computer grading system was not the result of a deficiency or flaw in the program." Of course there was a flaw! The flaw exists in the logic that lead to the procedure to reset a user's password using their Social Security Number and Date of Birth. Two elements of data that are trivial to obtain and never designed to be secret!

“An important distinction in this case, compared to some other instances you’ve seen reported on around the country, the integrity and security of our grading system is intact and was not compromised,