Originally published on satyamrastogi.com Canvas outage during finals week reveals critical dependencies in education sector. Analysis of attack surface, credential harvesting potential, and why LMS platforms are high-value targets for threat actors seeking scale. Executive Summary Canvas LMS went offline during peak academic stress - finals week - affecting thousands of schools simultaneously. This isn't random timing. It's a calculated attack vector exploiting institutional vulnerability windows when maximum chaos yields maximum leverage. From an attacker's perspective, education sector infrastructure represents asymmetric value: centralized platforms managing credentials for hundreds of thousands of students and staff, minimal security investment relative to financial institutions, and institutional pressure to restore access quickly - making negotiation favorable.…