MORE DETAILS

Stories - Hacking at RIT

Stacks Image 20
In the fall of 1983 Scott started on his bachelors at Rochester Institute of Technology (RIT). Scott brought his new TRS-80 model III and his roommate had a TRS-80 Model I, two computers in one dorm room outside of the nerdy Computer Science floor was unheard of at that time. During his first semester at school Scott took FORTRAN, and his teacher was a fan of on-line testing. During one test Scott realized that the accounts they used in class were just executing a login script to jump to the test menu. He then used his own personal account on that system to understand exactly when and how the login script was executed and where the non-atomic weak points were in the program flow.

At community college Scott had take Assembler for the IBM System 370, and he had an understanding of mainframe system programming at the most fundamental level. Scott had also written assembly code for his TRS-80 creating graphics and sound routines callable from BASIC. After some research and testing he found a way to break out of the on-line testing system the professor had used moments before it could finish loading. Low and behold he was now logged into the professor’s account with full access to all his files.

With much trepidation Scott visited the professor, and demonstrated the flaw in the school’s system. He then suggested the teacher use another account for testing. The teacher then setup a meeting for Scott with the director of the IT department who then asked Scott not to tell anyone what he’d done as that’s how all online testing worked. So in his first “white hat” hacking exploit he was told to essentially shut up, security through obscurity.

Scott did get an “A” in Fortran, but it was because he wrote some really awesome code.