Skip to main content

'Tutor' Who Took Online Tests for 124 Students Jailed for Three Years

2 weeks 2 days ago
A private tutor who charged money to take dozens of exams for students and submit coursework for them "has been jailed for three years," reports the BBC, "after his scam earned him £300,000." Shahid Adnan completed assignments and online tests for more than 120 students at Liverpool John Moore's University, the Crown Prosecution Service said. The 43-year-old, of Lysander Close, Liverpool, was caught in February 2023 after a student handed in a USB drive containing suspicious coursework to Dr Tom Berry of the university's school of computer science and mathematics. Berry's checks revealed the drive was used by Adnan with documents linked to a company he set up called Study Sharp Ltd. Excel spreadsheets containing details of other students, their study modules, coursework due dates, and their personal login credentials were also found. Further checks confirmed suspicions that Adnan was accessing the university's network to submit fraudulent work and sit examinations on behalf of students... [I]nvestigations led police to believe Adnan may have been doing work for 124 students at universities all over the world. The BBC also interviewed detective sergeant Adam Dagnall from Merseyside Police's cybercrime unit, who said Adnan was living a lavish lifestyle "well beyond" his stated occupations as a private tutor and Amazon delivery driver. His bank accounts held more than £2m ($2,645,100 USD).

Read more of this story at Slashdot.

EditorDavid

CodeSOD: When False is True

2 weeks 2 days ago

Lillith was integrating some new tools into an existing Ruby on Rails API. The existing API allowed you to send a dry_run flag along with the request, so that you could have the service calculate its changes without applying them.

The problem was, the new tool Lillith was integrating could send, in the body of the request, {"dry_run": false}, but the service would see it as true. Consistently.

The helper method which checked for "true" parameters looked like this:

def param_true?(param_name) param_value = params[param_name] params.key?(param_name) && (!param_value || param_value.to_s.downcase == 'true') end

The purpose of this function is to handle stringy or nil inputs gracefully. And there's one thing I can say about the function: it will always identify a true value correctly. If your false value is a string, "false", it also works. But that pesky !param_value mean that any actual boolean false value will be seen as true.

This function has been in wide use through the application. Lillith's best guess is that up to this point, no one had set the dry run flag on anything but GET requests, where everything was strings. On POST/PATCH/PUT requests, where the data was passed in the body as JSON, it got parsed into actual boolean values, and thus failed.

That's the WTF, certainly, that this function was lurking and waiting to cause this confusion. But the annoying thing in this function is that it fetches the value from the associative array, then calls params.key? to see if the key exists. That's fine, since Ruby just returns a nil if a key doesn't exist, it's just annoying. I hate to see it. This is, admittedly, more of a "me" problem, but I hate it.

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.
Remy Porter