CUEH - BLOG

CUEH Blog

Academics poking things and seeing what happens

news

Comment on the goings-on of the industry. Or whatever news made Dan start ranting recently.

Students Discover Moodle Vulnerability

- Posted in news by with comments

The reporting (http://www.coventrytelegraph.net/news/coventry-news/coventry-university-students-left-vulnerable-12080500) on this suggests a big scary hack at the university, but actually it's more of a good-news story about how vigilent our students are.

Internally, this got quite complicated, but the essence of it is:

  • Students found a potential vulnerability in a Moodle plugin
  • This is a vulnerability that affects any Moodle instance with the plugin - at Coventry or anywhere else.
  • Students also provided a fix, which has since been incorporated into the plugin by the author.
  • Very little data was actually at risk - lecture notes, test scores, but nothing like passwords or personal details.
  • So, this was a potential risk of session hijacking under quite specific conditions.
  • No privilege escalation!

Progress of the conference

- Posted in news by with comments

Concentrating hard Christo ponders

Taking care of the important stuff: Lunch

More violent than I remember...: Angry James

The debrief: Battle of the trees at the Wellington

Professionals, ready for the event.

http://creativecommons.org/licenses/by-sa/4.0/

Proudly powered by HTMLy