[ISN] School Spy Program Used on Students Contains Hacker-Friendly Security Hole

From: InfoSec News <alerts_at_private>
Date: Fri, 21 May 2010 00:33:06 -0500 (CDT)
http://www.wired.com/threatlevel/2010/05/lanrev/

By Kim Zetter  
Threat Level
Wired.com
May 20, 2010

A controversial remote administration program that a Pennsylvania school 
district installed on student-issued laptops contains a security hole 
that put the students at risk of being spied on by people outside the 
school, according to a security firm that examined the software.

The LANrev program contains a vulnerability that would allow someone 
using the same network as one of the students to install malware on the 
laptop that could remotely control the computer. An intruder would be 
able to steal data from the computer or control the laptop webcam to 
snap surreptitious pictures.

The vulnerability was discovered by researchers at Leviathan Security 
Group, who provided Threat Level with a video (see below) demonstrating 
an exploit they developed.

They began examining the program after customers who saw media coverage 
of the Pennsylvania case expressed concern that the program might be 
exposing their employee computers to intrusion from outsiders. The same 
software is used by many businesses to monitor and maintain their 
employee laptops.

[...]


_______________________________________________
Best Selling Security Books and More!
Shop InfoSec News
http://www.shopinfosecnews.org/ 
Received on Thu May 20 2010 - 22:33:06 PDT

This archive was generated by hypermail 2.2.0 : Thu May 20 2010 - 22:40:24 PDT