In the fall of 1983, Scott started on his bachelor’s degree at Rochester Institute of Technology (RIT). Scott brought his new TRS-80 Model III, and his roommate had a TRS-80 Model I, two computers in one dorm room outside of the nerdy Computer Science floor was unheard of at that time. During his first semester at school, Scott took FORTRAN, and his teacher was a fan of on-line testing. At that point, the school had four DEC VAX 11/780 systems. During one test Scott realized that the accounts they used in class were just executing a login script to jump to the test menu. He then used his account on that system to understand exactly when and how the login script was executed and where the non-atomic weak points were in the program flow.
At the community college, Scott took an Assembler for the IBM System 370 class, and he had an understanding of mainframe system programming at the most fundamental level. Scott had also written assembly code for his TRS-80 creating graphics and sound routines callable from BASIC. After some research and testing, he found a way to break out of the on-line testing system the professor had used moments before it could finish loading. Low and behold, he was now logged into the professor’s account with full access to all his files.
With much trepidation, Scott visited the professor and demonstrated the flaw in the school’s system. He then suggested that teachers use another account for testing. The teacher then set up a meeting for Scott with the director of the IT department who then asked Scott not to tell anyone what he’d done as that’s how all online testing worked. So in his first “white hat” hacking exploit, he was told to shut up, “security through obscurity.”
Scott did get an “A” in Fortran, but it was because he wrote some awesome code.