I'm a UMD student, and I had no idea this existed!
I've been hesitant about reporting holes/vulnerabilities in the school's infrastructure until now, but it's reassuring to see that there are official channels for doing so.
Most people will probably be hesitant to post it for obvious reasons here. But it was helpful to me, to find a ransomware url, during the college leak a few weeks ago (https://dorper.me/articles/unileak.aspx) to find out which colleges were impacted because tons of people I know were in it. There are plenty of good reasons to want to have it. But I understand why BBC wouldn't post it...
What surprised me the most is that the public directory of all students and staff really is completely public. Anyone on the internet can use it to get names and emails of students.
University of Toronto has a huge network of these, however after a series of tunnel exploration exploits they pretty much created a gated access system.
I've been too immersed in university happenings recently. It took me clicking on the link and reading until "password reset feature" to realize that this wasn't some bizarre phishing attack involving Masters of Fine Arts degrees.
[campusdata.org member here] - if you're working on something similar at your school and want to join forces, join the mailing list is at campusdata.org.
Harvard had a similar bug - you could modify the url to find out if you had entry. They found out and revoked admission from all students who used the url on ethics violations.
#nmu on csc.nmu.edu My CS department runs an unofficial server that we all SSH into and screen through IRSSI. We get a lot done that way. Makes planning our ACM/LUG meetings easier too since you can scrollback and see the previous discussions.
I've been hesitant about reporting holes/vulnerabilities in the school's infrastructure until now, but it's reassuring to see that there are official channels for doing so.
reply