Friday, July 09, 2010

College Web sites using Adobe Flash risk exposing students’ personal data

Computer science lecturers at the University of Worcester scanned 250 college websites and tested them for security risks. 20% of the sites were running applications that contained students' personal information within Flash plug-ins and six had "high-critical" problems as described by the investigators.

The problem arises when individual professors, departments, organizations or even students create separate pages through the main university Web site - sites that are not maintained by the institution's IT department. Some have their own individual servers, which also are not set up through the school’s IT department. These may pose security risks. Mustaque Ahamad, a computer-science professor at the Georgia Institute of Technology, said Flash software contains bugs that may leave the machine vulnerable to hackers.

“From what I understand, hackers have exploited Web-security holes to taint and upload Flash files to university Web sites,” he said.

“Universities need to implement better Web security to ensure that hackers cannot upload tainted content that is hosted by their Web sites,” Mr. Ahamad said. “We are nowhere near achieving perfect security, but the risk can be reduced by being diligent about Web security.”

From The Chronicle of Higher Education.

No comments: