FW: [Year 12 IPM] OT Security Hole

Strachan, Robert L strachan.robert.l at edumail.vic.gov.au
Tue Aug 15 14:54:41 EST 2006


Information back from Gaia

 

Thanks

 

rob

 

________________________________

From: David Atkinson [mailto:david at gaiacomputing.com.au] On Behalf Of
GAIA Support
Sent: Tuesday, 15 August 2006 2:43 PM
To: Padman, Jason S; GAIA Support
Cc: Egglestone, Rhonda M; Strachan, Robert L; Smith, Ian A
Subject: RE: [Year 12 IPM] OT Security Hole

 

Hi Gaia Customers,

 

Yes there was a problem with security of the Recharge Vouchers but it
was fixed in Version 2.7.1 released 1-Nov-2005. See
http://www.gaiacomputing.com.au/gpcrel27.shtml#V271 for the release
notes.

 

Prior to V2.7.1, the recharge voucher codes were stored in plain text in
the database and could be read and stolen by students. The voucher file
is now encrypted and can no longer be read.

 

If you have not upgraded to at least V2.7.1 we would strongly suggest
you to do so immediately.

The current release is version 3.0.1 and can be downloaded from
http://www.gaiacomputing.com.au/download 

 

 

David Atkinson
Development and Support Manager
Gaia Computing Pty Ltd
www.gaiacomputing.com.au <http://www.gaiacomputing.com.au/>  Tel +61 3
5444 9599, Fax +61 3 5443 2847
 

Disclaimer:  This email may contain privileged or confidential
information intended for the named recipients only. If you are not the
intended recipient you are hereby notified that any use, reproduction,
disclosure or distribution of information contained in the email is
prohibited.  If you receive this email in error, please notify Gaia
Computing Pty Ltd immediately on +61 3 5444 9588 and delete the
document.  Although Gaia Computing Pty Ltd takes every measure to ensure
that email are virus free, we still recommend that you check the
contents prior to loading them onto your computer system. No warranty is
made that this material is free from computer virus or any other defect
or error.

 

________________________________

From: Padman, Jason S [mailto:Padman.Jason.S at edumail.vic.gov.au] 
Sent: Tuesday, 15 August 2006 1:51 PM
To: GAIA Support
Cc: Egglestone, Rhonda M; Strachan, Robert L; Smith, Ian A
Subject: FW: [Year 12 IPM] OT Security Hole

 

Hello GAIA Support,

 

I have received this info in regards to a possible security problem with
student's possibly accessing Voucher information in GAIA. Could you
please advise if there is anything we need to do.

 

Kind regards,

 

Jason
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jason Padman
Technical Support for Schools Program
Echuca
m: 0427 846 712
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

________________________________

From: Strachan, Robert L 
Sent: Tuesday, 15 August 2006 12:18 PM
To: Padman, Jason S; Egglestone, Rhonda M; Smith, Ian A
Subject: FW: [Year 12 IPM] OT Security Hole

 

Jason

 

Received this email this morning, Ian has looked at our Gaia setup and
believes this could happen here. Could you please have a look into it.

 

Thanks

 

rob

 

________________________________

From: ipm-bounces at edulists.com.au [mailto:ipm-bounces at edulists.com.au]
On Behalf Of Andrew Shortell
Sent: Tuesday, 15 August 2006 12:02 PM
To: IPM List
Subject: [Year 12 IPM] OT Security Hole

 

Hi Listers

 

Yesterday I had a student show me a security hole in our network where
he could add print credit to his GAIA account.

The share in which the software is held has read permissions so that the
workstation can access details of the user's account before printing.

The details of the vouchers are kept in that same share. He was able to
access the records of the unused vouchers and give himself -or anyone
else - extra credit. Of course that is traceable but........ You might
like to examine your own to see if you can tighten up. (He is now
working on a challenge to be able to add print credit untraceably!!)

 

As I often say to students, you should always investigate things
thoroughly - especially jobs and always do background checks before you
apply. After all, one doesn't want one's students (or friends) to make
the same mistakes one made one's self !! (when one was younger of
course).

 

Cheers

Andrew

 

 

 

Andrew Shortell

Braemar College

 

_______________________________________________ 
http://www.edulists.com.au - FAQ, resources, subscribe, unsubscribe 
IPM Mailing List kindly supported by 
http://www.vcaa.vic.edu.au - Victorian Curriculum and Assessment
Authority and 
http://www.vitta.org.au - VITTA Victorian Information Technology
Teachers Association Inc

*******************************************

Important - This email and any attachments may be confidential. If
received in error, please contact us and delete all copies. Before
opening or using attachments check them for viruses and defects.
Regardless of any loss, damage or consequence, whether caused by the
negligence of the sender or not, resulting directly or indirectly from
the use of any attached files our liability is limited to resupplying
any affected attachments. Any representations or opinions expressed are
those of the individual sender, and not necessarily those of the
Department of Education & Training.



Important - 
This email and any attachments may be confidential. If received in error, please contact us and delete all copies. Before opening or using attachments check them for viruses and defects. Regardless of any loss, damage or consequence, whether caused by the negligence of the sender or not, resulting directly or indirectly from the use of any attached files our liability is limited to resupplying any affected attachments. Any representations or opinions expressed are those of the individual sender, and not necessarily those of the Department of Education & Training.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.edulists.com.au/pipermail/ipm/attachments/20060815/9f4cd2fb/attachment-0001.html


More information about the ipm mailing list