Reported Blackboard Learn security problem fails to hit university
The Blackboard system used by Syracuse University students and faculty may contain dangerous security holes, according to an article published by SC Magazine. But SU has yet to experience any problems from the reported vulnerability.
These security vulnerabilities may ‘allow students to change grades and download unpublished exams, while allowing criminals to steal personal information,’ according to the Sept. 16 article.
An undisclosed Australian university enlisted the services of computer security company Securus Global, who uncovered these glaring holes, in addition to others that allow for the access of students’ personal information, according to the article.
The problem originates from the default configuration setup of the site. This is present in all current versions of Blackboard Learn, which is used by SU and hundreds of other universities across the nation, according to the article. The latest version of Blackboard tightened security measures but did not completely revise them, according to the article.
Annie Duke, senior manager of public relations for Blackboard Inc., said no schools using Blackboard have reported incidents of security holes being exploited. SU uses versions of the Blackboard Learn and Angel software, which have been unaffected by the issue, she said.
A Tuesday blog post from Blackboard referenced the report by SC Magazine, stating the article correctly identified a basis for concern, but also contained information that was factually incorrect.
‘While the exploits could enable access to another user’s account, a successful attack is not highly probable, requires significant user intervention, and even then exposure would be limited to only functions which may be performed by the impacted user,’ the blog post stated. The company also said in the release that it fixed the most serious security issue for Blackboard 9.1 — the version SU uses.
Michael Morrison, manager of academic applications at SU, said he received a bulletin from the company last Thursday detailing a new update that had been released. This update included a few security fixes that rectified some of these known issues.
Morrison said he had not heard any reported breaches related to these vulnerabilities at SU.
‘In a conversation that I had with the security team before, you have to be weary about posts like this on the Internet blowing things out of proportion,’ he said.
Mikaela Kearns, a freshman public relations and information technology management major, expressed concern toward the possibility of other students exploiting the system.
‘I would be worried personally about other people changing their grades, diminishing the work that I put in my classes,’ she said.
But Erin Dalo, a junior sociology major, was more understanding of the situation, as she knows many other students who have had similar issues with Blackboard.
She said: ‘I haven’t heard about that specific issue, but over the years that I’ve been a student here, I’ve had all sorts of problems, so it really doesn’t surprise me.’
Published on September 27, 2011 at 12:00 pm
Contact Dylan: dmsegelb@syr.edu | @dylan_segelbaum