funsec mailing list archives
"Varsity website security fails"
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Mon, 20 Feb 2006 14:43:37 +1300
Hi all, Sadly, this is my former employer and where I studied. As reported by the local paper... http://www.stuff.co.nz/stuff/thepress/0,2106,3577780a6009,00.html The university has been grappling with a new student administration system for a while now and its fully-featured (Windows-only, I think) user client software _requires_ local admin privs, so a cock-up of this nature is not entirely unsurprising, regardless of whether the web portal's config allowing any registered user to look at and change any other user's data is a normal, or even necessary, part of the system's implementation... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- "Varsity website security fails" Nick FitzGerald (Feb 19)