After learning of the vulnerabilities in the University of Melbourne website, I contacted the gray hat that discovered them to learn more on the subject and to find out if anything was done in the meantime to patch the holes.
A long chat made me realize that the situation was even more serious than first believed, since 26 government email addresses and passwords could be found in one of the databases.
It turns out that not only did the flaws remain unresolved, but two other domains belonging to the University of Melbourne were also susceptible to the same type of attack.
More worryingly, the hacker fears that someone may have already accessed the databases since some suspicious passwords were among the decrypted logins.
University representatives still fail to answer St0rm's requests to fix the holes, but hopefully, the radio announcement he made and the
interview he gave me will make them treat the issue more seriously.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
