Sunday, September 25, 2011

Blackboard LEARN security vulnerabilities

Sandra is back after a three week blogging hiatus.

The Australian edition of SC Magazine, which focuses on IT security, reported that Blackboard Learn had serious vulnerabilities. The report revealed that "security vulnerabilities have been found in the world’s most popular educational software - holes that allow students to change grades and download unpublished exams, whilst allowing criminals to steal personal information." Initial concerns reported to Blackboard by Australian university managers were ignored or dismissed, which led to the publication of an advisory by AusCERT, a non-profit security organization funded by Queensland University. Blackboard then responded with its own advisory.

Blackboard Learn is used widely by U.S. universities and by the U.S. military. Inside Higher Ed also reported on the security concerns:
Matthew Maurer, a spokesman for Blackboard, told Inside Higher Ed via e-mail that the article was correct that there was a security flaw, and that this problem was not unique to Australian universities. But he said that the article (which has been circulating among some American IT officials) had an "exaggerated fashion" in describing the problem. "There's not a single reported case of exposure, just the theoretical," he said. Maurer said that many of the issues were very quickly fixed, and that the company is now providing information to colleges and universities so they can see that there are not serious problems remaining.

While there may not have been a single reported case of exposure, there was a significant security flaw. Universities purchasing online learning systems and students paying tuition to access online courses should have assurance that the products do not have this level of security holes to begin with. Security issues affecting other U.S. online education initiatives remain a concern.

Previous postings on this topic:

Student Data Collection: Purpose, Costs, Risks?
Education Reform and Privacy Concerns Collide

No comments:

Post a Comment