Skip to main content
Home

Main navigation

  • Top stories
  • Health
  • Crime
  • Politics
  • Business
  • Tech
  • Culture
  • Sports
  • Weird
  • 1-1-2
Image
University of Amsterdam logo
University of Amsterdam logo - Credit: Photo: Wikimedia Commons
Innovation
University of Amsterdam
cyber attack
Blackboard software
security vulnerabilities
cybersecurity
Bram ter Borch
Auke Zwaan
Annelies van Dijk
IT department
Wednesday, 24 May 2017 - 12:30
Share this:
  • facebook
  • twitter
  • linkedin
  • whatsapp
  • reddit

Cyberattack could target Univ. Amsterdam via customized Blackboard software

The modified version of Blackboard software used by the University of Amsterdam contains major security vulnerabilities that can easily be exploited by cyber attackers, according to two students at the university who researched this as part of their studies, NU.nl reports.

According to students Bram ter Borch and Auke Zwaan, they shared these vulnerabilities with the university's IT department in May last year, but the department did not do enough to fix the problems. So the students decided to make their findings public.

They found that the modified Blackboard version used by UvA students and lecturers to login has some obvious security risks. For example, after logging in, users are redirected to an unencrypted website, which can easily be taken over by hackers.

Entered passwords are also poorly encrypted and poorly protected. For example, there was no limit on the number of login attempts from one IP address. And you could change your password without entering the old password.

Using their own Blackboard accounts, the two students managed to get hold of a list of details for 143 thousand accounts - including name, surname and email address. Many of these accounts' passwords were the same as the username. With that knowledge Ter Borch and Zwaan could access almost 11 thousand accounts, including a test account that has access to almost the entire Blackboard environment.

The students also managed to install malware on popular pages, such as the introduction page for a particular subject, with which they could take over accounts of the visitors.

In response to the published study, UvA spokesperson Annelies van Dijk said that the Blackboard software was upgraded in the summer of 2016 and regular patches are installed. "With these kinds of updates we try to prevent these kinds of holes", he said accorrding to the enwspaper. Van Dijk acknowledged that not all the vulnerabilities in the study have been fixed, but denies the students' accusation that the university did not take their findings seriously. "It has our continuous attention."

Follow us:

Latest stories

  • Hospitals vary widely in when they refer babies to pediatricians
  • The Netherlands has given Ukraine over €1 billion in military aid alone
  • The Netherlands and Morocco look to expand extradition agreement
  • Confidence in Dutch government & central bank has fallen sharply
  • Air France-KLM, Lufthansa could acquire bankrupt Flybe to access landing slots
  • Dutch more worried about natural disasters; Half think country will become uninhabitable

Top stories

  • Netherlands to send a search & rescue team to Turkey after 7.8 magnitude earthquake
  • Dutch employers becoming less critical during hiring process
  • Multiple writers receive threats after defending Pim Lammers, "Unacceptable": Dutch PM
  • Woman killed, 10 hurt in several stabbing incidents over the weekend
  • Regional bus, train staff start 5-day strike; Some Arriva trains running, NS unaffected
  • Police arrest suspect for fatal fire in Arnhem

© 2012-2023, NL Times, All rights reserved.

Footer menu

  • Privacy
  • Contact
  • Partner content