Here’s a story from Tarboro, North Carolina in which a 16-year-old student, Tilghmon Wayne Barber III used a key logger program to break into his teacher’s email and the school Moodle. The student allegedly used the admin Moodle access to change student profile pictures (not grades?!?).
Interesting story and more the reason to promote secure passwords and computer usage policies at your school. For more about Moodle security you might check out http://docs.moodle.org/22/en/Security
One Response
The article from two years ago says that the student used a keylogger, the password was not hacked from the server, it was simply downloaded from the keylogger.
No otherwise secure, single factor password remains secure when entered on a compromised device (eg keylogger). These devices are east to fit even for the non-technical.
A physical search would have been needed to spot it, regardless of how careful the Principle was with a good password or however much best practice the Admin was following. Other risks could be a hidden camera above the keyboard. Without another factor (biometric or single use) being needed to login, it is possible to gain a password if someone is intent on so doing.
If someone has physical access to equipment, or the area it is in, or can by social engineering be near someone entering a password that password is not secure regardless of how good the password or server security may be.
It is indeed good to prompt security awareness, but surely this article should prompt, an awareness of locked doors, CCTV, knowing what your computer should look like at the back and what to look out for (Keyloggers etc). Also to look at two factor authorisation. Reccomendations on linked pages would not have protected against this attack.