[Year 12 IPM] OT Security Hole

Andrew Shortell a.shortell at braemar.vic.edu.au
Tue Aug 15 12:01:58 EST 2006


Hi Listers

 

Yesterday I had a student show me a security hole in our network where
he could add print credit to his GAIA account.

The share in which the software is held has read permissions so that the
workstation can access details of the user's account before printing.

The details of the vouchers are kept in that same share. He was able to
access the records of the unused vouchers and give himself -or anyone
else - extra credit. Of course that is traceable but........ You might
like to examine your own to see if you can tighten up. (He is now
working on a challenge to be able to add print credit untraceably!!)

 

As I often say to students, you should always investigate things
thoroughly - especially jobs and always do background checks before you
apply. After all, one doesn't want one's students (or friends) to make
the same mistakes one made one's self !! (when one was younger of
course).

 

Cheers

Andrew

 

 

 

Andrew Shortell

Braemar College

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.edulists.com.au/pipermail/ipm/attachments/20060815/9f43731c/attachment.html


More information about the ipm mailing list