Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
scroach12197yWhy you need wireshark for that? You could see that in your browser if they're not using tls.. or do the switch to http only for the login? 😂
-
scroach12197yOh and you should hack one of your lecturers to show them how bad their systems are. At least that's what we did back in the days when we found a major security bug in 2nd semester ... 😂
-
theuser47817y@GodHatesMe Oh shit, probably should've masked that huh. Let me change my password in case theres some bored devs here
-
theuser47817y@GodHatesMe No big deal, LastPass does it for me. There's around 160 students on the same subnet who's got their rental contracts stored there. I could do a simple ARP spoof, a couple of wireshark filters and I would probably obtain a couple of passwords
-
@lotd this. My university's system is so shitty all browsers warn me before entering any student web, even edge. Thesd guys should have bleeding edge technology but instead they buy everything from yale and harvard for no other reason than "if they do it we should too". Even if the software they buy is 10+ years old and has no sensible security or whatsoever. Last year they wasted a ton of money on a "new" system to take courses just because harvard used it. The thing has crashed constantly ever since as it is not adapted in any way to our reality. But fuck the worse is that the guys taking those stupid decisions are not anything related to engineering or cs, they are just lawyers that got to a high position in the university hierarchy. Fuck them.
-
@lotd It's not that they should be switching, it's that they should be using BOTH. They both have their places.
-
@GodHatesMe jesus christ, I think it's going to take something bad to happen before they change 😕 if you are in the UK you can complain to the information commissioner office other than that I think you might be snookered
-
ganey957y@daarkfall my uni lost a laptop with like 10 years of student data on it... This uni is also teaching students from all over the world networking and security... We had many networking/forensics labs too, so it's not like money was much of an issue.
-
@ganey there is no excuse for not encrypting a laptop drive in this day and age, I'd be making a formal complaint as high in the university as possible about data security standards
-
ganey957y@daarkfall they reported to the ICO and lots of current and expected students kicked up a fuss against them for taking ages to disclose what had happened and the circumstances. The biggest issue discussed was why all the information was allowed on a laptop in the first place.
I don't think they've made any mistakes like that since!
Just discovered that our student housing rental portal transmits our password in plaintext.
WHAT.THE.ACTUAL.FUCK
undefined