A security breach in the University of Copenhagen\u2019s e-learning system has allowed computer-sophisticated students access with teacher\u2019s rights, hypothetically letting them change the notes that some teachers use for tallying a final grade. <\/p>\n
The breach, which was open for a full eight months, has just been sealed up, according to Peter Aagerup Jensen of the university\u2019s Education Service. He has just given an update to the University Post after an article broke on the news site Version2.dk.<\/p>\n
With just a small piece of the so-called javascript in the right place in the university\u2019s course administration system Absalon, computer-savvy students would have, technically speaking, been able to gain access to the notes.<\/p>\n
The hole in the system’s security was first found by an enterprising computer science student taking \u2018Advanced Programming\u2019 with PhD student Morten Ib Nielsen at the Department of Computer Science DIKU.<\/p>\n
\u00bbIt was great fun, that a student could change the banner on Absalon to an advert for DIKUs student portal. But we reported the vulnerability, so the hole could be closed,\u00ab Morten Ib Nielsen says to Version2.<\/p>\n
Apparently the official grading is still carried out on paper, but many teachers still use the Absalon notes to tally and subsequently fill out the forms manually in another system, F\u00f8niks.<\/p>\n
The breach was wide open for eight months.<\/p>\n
Only the threat of a critical article got the supplier, the Norwegian company IT\u2019s Learning, to pull its socks up, the Education Service department at the University of Copenhagen explains.<\/p>\n
The breach was finally closed at 9 am Wednesday morning 2 June.<\/p>\n
\u00bbWe now have a patch, and it is no longer possible to the entering new scripts on Absalon,\u00ab says Peter Aagerup Jensen of the university\u2019s Education Service.<\/p>\n
He emphasises that exam systems and other administrative systems are not directly affected by the security breach, as Absalon is an isolated system.<\/p>\n
\u00bbAbsalon does not in itself do grades, but teachers can have noted what grade should be given in Absalon, and it is this note, that can have been changed,\u00ab explains Peter Aagerup Jensen of the Education Service.<\/p>\n
This is the worst case scenario, and he emphasises that there is no evidence that anyone has done so. <\/p>\n
\u00bbWe have been nervous that any publicity would in itself deliver the recipe to anyone who wanted to cheat. But I reckon it is probably only computer science students who would be able to do this, and teachers at DIKU have taken their precautions,\u00ab he says.<\/p>\n
He adds that his office will seek a subsequent general check-up of Absalon now that this breach has been plugged.<\/p>\n
Will you send us the link with a script for our readers, so they can see for themselves whether the plug works?<\/em><\/p>\n \u00bbNo!\u00ab<\/p>\n miy@adm.ku.dk<\/p>\n","protected":false},"excerpt":{"rendered":" For eight months, computer-savvy students have been able to adjust teacher’s notes, and thereby also noted grades, in a system at the University of Copenhagen<\/p>\n","protected":false},"author":12,"featured_media":22714,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[42],"tags":[],"class_list":["post-22713","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education","expression-news_article"],"acf":[],"aioseo_notices":[],"yoast_head":"\n