Skip to main content
Home

Main navigation

  • Top stories
  • Health
  • Crime
  • Politics
  • Business
  • Tech
  • Culture
  • Sports
  • Weird
  • 1-1-2
Image
University of Amsterdam logo
University of Amsterdam logo - Credit: Photo: Wikimedia Commons
Innovation
University of Amsterdam
cyber attack
Blackboard software
security vulnerabilities
cybersecurity
Bram ter Borch
Auke Zwaan
Annelies van Dijk
IT department
Wednesday, May 24, 2017 - 12:30
Share this:
  • facebook
  • twitter
  • linkedin
  • whatsapp
  • reddit

Cyberattack could target Univ. Amsterdam via customized Blackboard software

The modified version of Blackboard software used by the University of Amsterdam contains major security vulnerabilities that can easily be exploited by cyber attackers, according to two students at the university who researched this as part of their studies, NU.nl reports.

According to students Bram ter Borch and Auke Zwaan, they shared these vulnerabilities with the university's IT department in May last year, but the department did not do enough to fix the problems. So the students decided to make their findings public.

They found that the modified Blackboard version used by UvA students and lecturers to login has some obvious security risks. For example, after logging in, users are redirected to an unencrypted website, which can easily be taken over by hackers. 

Entered passwords are also poorly encrypted and poorly protected. For example, there was no limit on the number of login attempts from one IP address. And you could change your password without entering the old password. 

Using their own Blackboard accounts, the two students managed to get hold of a list of details for 143 thousand accounts - including name, surname and email address. Many of these accounts' passwords were the same as the username. With that knowledge Ter Borch and Zwaan could access almost 11 thousand accounts, including a test account that has access to almost the entire Blackboard environment. 

The students also managed to install malware on popular pages, such as the introduction page for a particular subject, with which they could take over accounts of the visitors. 

In response to the published study, UvA spokesperson Annelies van Dijk said that the Blackboard software was upgraded in the summer of 2016 and regular patches are installed. "With these kinds of updates we try to prevent these kinds of holes", he said accorrding to the enwspaper. Van Dijk acknowledged that not all the vulnerabilities in the study have been fixed, but denies the students' accusation that the university did not take their findings seriously. "It has our continuous attention."

Follow us:

Latest stories

  • NL households have about €40 per month less to spend this year
  • Healthy young kids invited to get vaccinated against Covid
  • New Cabinet must defend "bags of money" it plans to spend in parliamentary debate
  • Kidnapped Belgian boy found dead in Zeeland
  • Amber Alert issued for missing Belgian boy; Suspect arrested
  • Growing concern about Omicron's impact on hospital wards

Top stories

  • NL households have about €40 per month less to spend this year
  • Healthy young kids invited to get vaccinated against Covid
  • Kidnapped Belgian boy found dead in Zeeland
  • Amber Alert issued for missing Belgian boy; Suspect arrested
  • 42,472 Covid cases shatters yesterday's record; New hospitalizations at 12-week low
  • 16-year-old shot dead in Amsterdam

© 2012-2021 NLTimes.nl, All rights reserved.

Footer menu

  • Privacy
  • Contact
  • Partner content