An 8-year-old con artist ran a brilliant grift to get out of going to school over Zoom

I’m sure Zoom may see this on their end, but the teacher, parent, and school all see her trying to use the correct password AFTER she surreptitiously logs off and uses the incorrect password a few times.

All the adults in the room can tell Zoom is that there must be a glitch as the child logs on successfully before Zoom kicked her off. They SEE her using what is the correct password.

Having been a teacher in CA, I know that they have few tech resources for entire school districts. My high school shared tech support with two other high schools of roughly 2,700 students for each school. My guess is that they sent out another teacher who had familiarity with technology, but who wasn’t the actual school tech support. If the mother’s friend hadn’t caught her logging off Zoom, the district may have eventually figured it out once they got adequate tech support for her.

It’s the USA, so I’m sure they do.

I probably didn’t make it clear but I’m specifically talking about the Zoom tech support. They absolutely should have the data to have been able to figure this one out sooner.

She also noticed that the error that is presented to a user when they are locked is “Incorrect password” and not “your account has been locked”

That sure is an interesting security design tradeoff. It’s really confusing to the account-holder when they try logging in with the correct password. But it gives an attacker the runaround instead of letting them know they’re locked out, and also doesn’t give attackers information about what the rate-limiting on password attempts actually is.

This topic was automatically closed after 5 days. New replies are no longer allowed.