funsec mailing list archives

Previous By Date Next
Previous By Thread Next

"Varsity website security fails"

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Mon, 20 Feb 2006 14:43:37 +1300
Hi all,

Sadly, this is my former employer and where I studied.  As reported by 
the local paper...

   http://www.stuff.co.nz/stuff/thepress/0,2106,3577780a6009,00.html

The university has been grappling with a new student administration 
system for a while now and its fully-featured (Windows-only, I think) 
user client software _requires_ local admin privs, so a cock-up of this 
nature is not entirely unsurprising, regardless of whether the web 
portal's config allowing any registered user to look at and change any 
other user's data is a normal, or even necessary, part of the system's 
implementation...


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: