Jun 6, 2026, 00:58

Problems with CBSE Computer Marking System

CBSE 電腦閱卷系統的問題

Introduction

CBSE used a new computer system to mark Class 12 tests. The system had big security problems. Now, CBSE uses its own private system.

CBSE 使用了一套新的電腦系統來批改 12 年級的試卷。該系統存在嚴重的安全性問題。現在 CBSE 已改用自己的私有系統。

Main Body

CBSE bought a system from a company called Coempt. CBSE changed the rules to make it easier for the company to win. They did not test the system in small areas first. They started using it for everyone very quickly.

CBSE 向一家名為 Coempt 的公司購買了系統。CBSE 修改了規則，使該公司更容易贏得標案。他們沒有先在小範圍內測試該系統，而是迅速地推行給所有人使用。

The company gave CBSE wrong security papers. One paper was for a different university. Another paper was for a test version of the software. The papers did not prove the system was safe.

該公司向 CBSE 提供了錯誤的安全性文件。其中一份是屬於另一所大學的，另一份則是該軟體的測試版本。這些文件無法證明該系統是安全的。

Experts found many holes in the system. People could find passwords easily. One person could enter the database and see student marks and bank details. This was very dangerous for the students' data.

專家發現該系統有許多漏洞。人們可以輕易地找到密碼。有人能進入資料庫並查看學生的成績與銀行詳情。這對學生的數據來說非常危險。

Conclusion

CBSE stopped using the company's servers. They now use their own system. The government is checking why this happened.

CBSE 停止使用該公司的伺服器，現在改用自己的系統。政府正在調查此事發生的原因。

Vocabulary Learning

💡 Focus: Describing a Sequence of Events

When telling a story or explaining a problem (like in this article), we use simple verbs in the Past.

The Pattern: Action $\rightarrow$ Result

Look at how the story moves from one step to the next:

CBSE bought a system $\rightarrow$ They changed the rules.
The company gave wrong papers $\rightarrow$ Experts found holes.
The system was dangerous $\rightarrow$ CBSE stopped using it.

🔑 Word Power: Simple 'Change' Words

Instead of complex words, focus on these A2-level action words found in the text:

Bought (get something by paying money)
Changed (make something different)
Found (see or discover something)
Stopped (finish doing something)

⚠️ Grammar Tip: Using 'Own'

Notice the phrase: "CBSE uses its own private system."

Use own when you want to emphasize that something belongs to a specific person or group and not someone else.

Example: I have my own car. (Not a rental, not my father's $\rightarrow$ mine!)
Example: They use their own servers. (Not the company's $\rightarrow$ theirs!)

Vocabulary Learning

security (n.)

Things that keep a person or place safe

Example:The bank has high security to protect the money.

private (adj.)

Something that is only for one person or group; not public

Example:I have a private room in my house.

prove (v.)

To show that something is true

Example:Can you prove that you were at home yesterday?

experts (n.)

People who know a lot about a subject

Example:The doctors are experts in heart health.

database (n.)

A computer system that stores a lot of information

Example:The school keeps student names in a database.

dangerous (adj.)

Something that can hurt you

Example:It is dangerous to swim in this river.

servers (n.)

Strong computers that provide data to other computers

Example:The company's servers crashed during the sale.

Analysis of Security Failures in CBSE's Digital Marking System

CBSE 數位閱卷系統安全性漏洞分析

Introduction

The Central Board of Secondary Education (CBSE) has moved its Class 12 answer script re-evaluation to its own internal portal. This decision follows the discovery of serious security weaknesses in the OnMark platform, which was provided by the company Coempt Edu Teck.

中央中等教育委員會 (CBSE) 已將其 12 年級答題卷的重新評核移至自身的內部入口網站。此決定是在發現由 Coempt Edu Teck 公司提供的 OnMark 平台存在嚴重安全性漏洞後所做出的。

Main Body

The process of buying the On-Screen Marking (OSM) system was marked by a steady decrease in technical requirements. After two failed attempts to find a provider, the August 2025 tender lowered the minimum scanning quality and removed the requirement for robotic scanners. Furthermore, the board ignored recommendations to run small regional tests and instead launched the system nationwide only 74 days after awarding the contract.

採購螢幕閱卷 (OSM) 系統的過程標誌著技術要求的持續下降。在兩次尋找供應商失敗後，2025 年 8 月的招標降低了最低掃描品質，並取消了對機器人掃描器的要求。此外，委員會無視了進行小規模區域測試的建議，而是在授予合約後僅 74 天便在全國範圍內啟動該系統。

Investigations revealed that the security certificates provided by Coempt Edu Teck were incorrect. One certificate belonged to a different university and had already expired. Another certificate was for a temporary version of the software and explicitly stated that the main servers were not yet secure. Consequently, neither document proved that the system was safe for CBSE's specific needs.

調查顯示，Coempt Edu Teck 提供的安全認證是不正確的。其中一份認證屬於另一所大學且已經過期。另一份認證則是針對軟體的臨時版本，並明確指出主伺服器尚未安全。因此，這兩份文件都無法證明該系統能滿足 CBSE 的特定需求且安全性達標。

Later, independent researchers found severe technical flaws. In February 2026, one researcher discovered a master password that allowed users to bypass security checks. In May 2026, another researcher found a 'SQL injection' flaw, which allowed unauthorized access to student marks and evaluator bank details. The researcher emphasized that the company reused passwords across different clients, showing a major failure in how they managed security.

隨後，獨立研究人員發現了嚴重的技術缺陷。2026 年 2 月，一名研究人員發現了一個主密碼，允許用戶繞過安全檢查。2026 年 5 月，另一名研究人員發現了一個「SQL 注入」漏洞，允許未經授權地訪問學生分數和閱卷員的銀行詳細資料。該研究人員強調，該公司在不同客戶之間重複使用密碼，顯示其在安全管理方面存在重大失效。

Conclusion

CBSE has stopped using external hosting for its evaluation process and has switched to an internally managed system. Meanwhile, government investigations into how the contract was awarded are still ongoing.

CBSE 已停止在其評核過程中使用外部託管，並切換至內部管理系統。與此同時，政府對於合約授予過程的調查仍在進行中。

Vocabulary Learning

🚀 Leveling Up: From Simple Lists to "Cause & Effect"

An A2 student says: "The security was bad. The board ignored tests. The system failed."

A B2 speaker connects these ideas to show how one thing leads to another.

Look at this specific transition from the text:

*"Consequently, neither document proved that the system was safe..."

🛠 The Power Word: Consequently

Instead of using "so" (which is very A2), use Consequently. It tells the reader: "Because of the facts I just mentioned, this specific result happened."

The Logic Bridge: Incorrect Certificates $\rightarrow$ Expired Documents $\rightarrow$ $\text{Consequently}$ $\rightarrow$ System not proven safe

💡 Expanding Your Toolkit

To move toward B2, replace your basic connectors with these "Professional Bridges":

Avoid (A2)	Use Instead (B2)	Example from Context
And	Furthermore	"Furthermore, the board ignored recommendations..."
But	Meanwhile	"Meanwhile, government investigations... are still ongoing."
So	Consequently	"Consequently, neither document proved..."

🎓 Pro Tip: The "Passive Shift"

B2 English often focuses on the action rather than the person.

A2 Style: "The board awarded the contract." (Active/Simple)
B2 Style: "...74 days after awarding the contract." or "...how the contract was awarded." (Focuses on the process)

Try this: Next time you describe a problem, don't just list what happened. Use Furthermore to add a detail and Consequently to explain the result.

Vocabulary Learning

re-evaluation (n.)

The process of assessing or examining something again, especially to see if a change is needed.

Example:The student requested a re-evaluation of his exam paper because he believed the grade was unfair.

tender (n.)

A formal offer or bid to carry out work or supply goods at a fixed price.

Example:The city council opened a tender for the construction of the new public library.

expired (adj./v.)

No longer valid because the official period of time has ended.

Example:I couldn't travel because my passport had expired last month.

explicitly (adv.)

In a clear, detailed, and direct way, leaving no room for confusion.

Example:The teacher explicitly told the students not to use their phones during the test.

bypass (v.)

To go around or avoid a system, rule, or obstacle.

Example:The hackers found a way to bypass the security firewall and access the database.

unauthorized (adj.)

Not having official permission or approval.

Example:Unauthorized personnel are not allowed to enter the server room.

ongoing (adj.)

Continuing; still in progress.

Example:The police have an ongoing investigation into the cause of the accident.

Analysis of Cybersecurity Deficiencies in CBSE's On-Screen Marking Procurement and Implementation

CBSE 螢幕閱卷採購與實施過程中的網絡安全缺陷分析

Introduction

The Central Board of Secondary Education (CBSE) has transitioned its Class 12 answer script re-evaluation process to an internal portal following the identification of critical security vulnerabilities in the OnMark platform provided by Coempt Edu Teck.

由於發現 Coempt Edu Teck 提供的 OnMark 平台存在嚴重安全漏洞，中央中等教育委員會 (CBSE) 已將 12 年級答卷的重新閱卷程序轉移至內部門戶網站。

Main Body

The procurement of the On-Screen Marking (OSM) system was characterized by a progressive diminution of technical requirements. Following two unsuccessful tender attempts, the August 2025 tender saw a reduction in minimum scanning resolution from 300 to 200 DPI, the removal of robotic scanner mandates, and a lowering of software maturity certification standards. Despite recommendations from the governing body to conduct regional pilots, the system was deployed nationwide within 74 days of the contract award.

螢幕閱卷 (OSM) 系統的採購過程呈現出技術要求逐步降低的特徵。在兩次招標失敗後，2025 年 8 月的招標將最低掃描解析度從 300 降低至 200 DPI，取消了自動掃描機的強制要求，並降低了軟體成熟度認證標準。儘管管理機構建議進行區域試行，該系統在合約授予後 74 天內便在全國範圍內部署。

Investigation into the security certifications submitted by Coempt Edu Teck reveals significant discrepancies. One certificate, issued by Prime Infoserv LLP in November 2023, pertained to a different client (Biju Patnaik University of Technology) and had exceeded its one-year validity period at the time of submission. A second certificate from A3S Tech & Company concerned a temporary application version ('OneX') in a pre-production environment, explicitly noting that production server hardening remained outstanding. Neither document verified the specific deployment intended for CBSE.

對 Coempt Edu Teck 提交的安全認證進行調查後發現顯著差異。其中一份由 Prime Infoserv LLP 於 2023 年 11 月核發的認證，屬於另一位客戶 (Biju Patnaik 科技大學)，且在提交時已超過一年有效期。第二份來自 A3S Tech & Company 的認證涉及預生產環境中的臨時應用版本 (''OneX'')，明確指出生產伺服器的強化工作尚未完成。這兩份文件均未驗證專為 CBSE 部署的特定版本。

Subsequent technical audits by independent researchers identified severe vulnerabilities. In February 2026, a researcher reported five critical flaws, including a plain-text master password that bypassed two-factor authentication. In May 2026, a second researcher identified a fundamental SQL injection vulnerability. This flaw permitted unauthorized administrator-level access to databases containing student marks, answer scripts, and evaluator banking details. The researcher further contended that hardcoded passwords were reused across multiple client environments, suggesting a systemic failure in client isolation and credential management.

隨後由獨立研究員進行的技術審核發現了嚴重漏洞。2026 年 2 月，一名研究員報告了五個關鍵缺陷，包括一個可用明文主密碼繞過雙因子驗證的漏洞。2026 年 5 月，第二名研究員發現了一個根本性的 SQL 注入漏洞。此漏洞允許未經授權的管理員級別訪問包含學生分數、答卷和閱卷員銀行詳細資料的資料庫。該研究員進一步主張，多個客戶環境重複使用了硬編碼密碼，表明客戶隔離與憑證管理存在系統性失效。

In response to these failures, the Ministry of Education mandated a technical remediation effort involving experts from IIT Kanpur and IIT Madras. While the board has migrated data to its own infrastructure to ensure direct control, it continues to utilize a patched version of Coempt's codebase. Concurrently, CBSE has initiated legal proceedings via the Delhi Police regarding coordinated cyberattacks on its post-result services portal.

針對這些失效，教育部要求由 IIT Kanpur 和 IIT Madras 的專家進行技術修復。雖然委員會已將數據遷移至自有基礎設施以確保直接控制，但仍繼續使用 Coempt 程式碼庫的修補版本。與此同時，CBSE 已透過德里警方，針對其成績公布服務門戶網站遭受的協調網絡攻擊採取法律程序。

Conclusion

The CBSE has effectively terminated the external hosting of its evaluation process in favor of an internally managed, patched system while government investigations into the procurement process continue.

在政府繼續調查採購過程之際，CBSE 已正式停止使用外部託管的閱卷程序，改用內部管理的修補系統。

Vocabulary Learning

The Architecture of Institutional Euphemism & Nominalization

To bridge the gap from B2 to C2, a student must move beyond describing actions and begin describing processes through the lens of high-level abstraction. The provided text is a masterclass in Administrative Obfuscation—the use of precise, cold, and nominalized language to describe catastrophic failure without using emotive adjectives.

⚡ The Pivot: From Verb-Driven to Noun-Driven Prose

At the B2 level, a writer might say: "The board lowered the requirements because they couldn't find a vendor."

At the C2 level, this is transformed into:

"The procurement... was characterized by a progressive diminution of technical requirements."

Analysis: "Progressive diminution" is the surgical replacement of "slowly lowering." By turning the action (diminishing) into a noun (diminution), the author removes the human agent and focuses on the phenomenon. This creates an aura of objective, scholarly distance essential for legal and technical reports.

🔍 Precision Lexis for Systemic Failure

Observe the deployment of specific terminology that replaces generic 'bad' or 'wrong' descriptors:

"Significant discrepancies" $\rightarrow$ Instead of saying "The certificates were fake/wrong," the author uses discrepancies, which implies a logical mismatch and invites a forensic audit.
"Production server hardening remained outstanding" $\rightarrow$ This is a high-level technical collocation. To say something is "outstanding" in this context does not mean it is 'excellent,' but rather 'unresolved' or 'pending.'
"Systemic failure in client isolation" $\rightarrow$ This elevates the critique from a single mistake to a fundamental flaw in the underlying architecture.

🛠 Linguistic Application: The 'C2 Synthesis'

To achieve this level of sophistication, practice The Nominalization Shift. Transform your narrative of an event into a structural analysis of that event:

B2 Approach (Narrative)	C2 Approach (Structural/Abstract)
They didn't check the software properly.	There was a deficiency in the verification protocols.
The password was easy to guess.	The system exhibited a vulnerability via a plain-text master password.
They moved the data to their own servers.	The board migrated data to its own infrastructure to ensure direct control.

Vocabulary Learning

diminution (n.)

A reduction in the size, extent, or importance of something.

Example:The gradual diminution of the company's assets led to its eventual bankruptcy.

discrepancies (n.)

Lack of compatibility or similarity between two or more facts; inconsistencies.

Example:The auditors found several discrepancies between the reported expenses and the actual receipts.

hardening (n.)

The process of securing a system by reducing its surface of vulnerability, such as removing unnecessary software or closing unused ports.

Example:Server hardening is a critical step in preventing unauthorized access to sensitive corporate data.

contended (v.)

Asserted or maintained a position or claim, especially in an argument.

Example:The defense attorney contended that the evidence had been tampered with prior to the trial.

remediation (n.)

The action of remedying something, specifically the process of correcting a fault or deficiency in a technical system.

Example:The cybersecurity firm provided a comprehensive remediation plan to fix the network's security holes.

mandates (n.)

Official orders or commissions to do something.

Example:The new government mandates require all public schools to implement strict data privacy protocols.

Practice All words in a crossword→