Skip to main content
Home

Main navigation

  • Top stories
  • Health
  • Crime
  • Politics
  • Business
  • Tech
  • Culture
  • Sports
  • Weird
  • 1-1-2
Image
University of Amsterdam logo
University of Amsterdam logo - Source: Photo: Wikimedia Commons at
Innovation
University of Amsterdam
cyber attack
Blackboard software
security vulnerabilities
cybersecurity
Bram ter Borch
Auke Zwaan
Annelies van Dijk
IT department
Wednesday, May 24, 2017 - 12:30
Share this:
  • facebook
  • twitter
  • linkedin
  • whatsapp
  • reddit

Cyberattack could target Univ. Amsterdam via customized Blackboard software

The modified version of Blackboard software used by the University of Amsterdam contains major security vulnerabilities that can easily be exploited by cyber attackers, according to two students at the university who researched this as part of their studies, NU.nl reports.

According to students Bram ter Borch and Auke Zwaan, they shared these vulnerabilities with the university's IT department in May last year, but the department did not do enough to fix the problems. So the students decided to make their findings public.

They found that the modified Blackboard version used by UvA students and lecturers to login has some obvious security risks. For example, after logging in, users are redirected to an unencrypted website, which can easily be taken over by hackers. 

Entered passwords are also poorly encrypted and poorly protected. For example, there was no limit on the number of login attempts from one IP address. And you could change your password without entering the old password. 

Using their own Blackboard accounts, the two students managed to get hold of a list of details for 143 thousand accounts - including name, surname and email address. Many of these accounts' passwords were the same as the username. With that knowledge Ter Borch and Zwaan could access almost 11 thousand accounts, including a test account that has access to almost the entire Blackboard environment. 

The students also managed to install malware on popular pages, such as the introduction page for a particular subject, with which they could take over accounts of the visitors. 

In response to the published study, UvA spokesperson Annelies van Dijk said that the Blackboard software was upgraded in the summer of 2016 and regular patches are installed. "With these kinds of updates we try to prevent these kinds of holes", he said accorrding to the enwspaper. Van Dijk acknowledged that not all the vulnerabilities in the study have been fixed, but denies the students' accusation that the university did not take their findings seriously. "It has our continuous attention."

Follow us:

Latest stories

  • Customs officials discover 635 kilos of cocaine within two days in Rotterdam port
  • Job recruiters struggling to convince people to enter job market again
  • 3,737 new coronavirus cases reported; infection number stays above seven-day average
  • Dutch Design Week begins today with focus on sustainability
  • Attacks similar to De Vries and Wiersum cases possible in the future: police chief
  • Schiphol expects peak travel day as fall vacation begins

Top stories

  • Customs officials discover 635 kilos of cocaine within two days in Rotterdam port
  • Job recruiters struggling to convince people to enter job market again
  • 3,737 new coronavirus cases reported; infection number stays above seven-day average
  • Dutch Design Week begins today with focus on sustainability
  • Attacks similar to De Vries and Wiersum cases possible in the future: police chief
  • Schiphol expects peak travel day as fall vacation begins

© 2012-2021 NLTimes.nl, All rights reserved.

Footer menu

  • Privacy
  • Contact
  • Partner content