http://www.dailyemerald.com/news/security-lapse-makes-gpas-visible-1.236115 By Alex Tomchak Scott News Editor Oregon Daily Emerald August 3, 2009 The University has fixed a security breach in its DuckWeb system after a student used it to look at three other students’ degree audits. The hole in DuckWeb’s security allowed Web users to view certain other students’ degree audits by changing digits in the URL for a printer-friendly version of their own audits, which contain information about a student’s grades and his or her progress toward a degree. The student who discovered the breach was Daniel Bachhuber, a former Emerald employee, who then called the University to alert officials of the glitch July 22. University registrar Sue Eveland estimated that the breach, which has since been repaired, would have made at most 20 different students’ degree audits visible to those who manipulated the URL. The glitch originated in the system the University uses to upload degree audits. All degree audits for which information has changed on a given day are uploaded simultaneously that night and assigned what Eveland said is a randomly-generated nine-digit number called a batch number. That number is at the end of the URL for the printer-friendly version of the audit and it is the one Bachhuber used to access the degree audits. [...] __________________________ Subscribe to InfoSec News http://www.infosecnews.orgReceived on Mon Aug 03 2009 - 22:08:44 PDT
This archive was generated by hypermail 2.2.0 : Mon Aug 03 2009 - 22:14:01 PDT