Security breach may have let students cheat

02/06-10 kl. 11:35 Education

Photo: Photos.com Students could have altered the teachers notes, used for tallying grades

For eight months, computer-savvy students have been able to adjust teacher's notes, and thereby also noted grades, in a system at the University of Copenhagen

by Mike Young

A security breach in the University of Copenhagen’s e-learning system has allowed computer-sophisticated students access with teacher’s rights, hypothetically letting them change the notes that some teachers use for tallying a final grade.

The breach, which was open for a full eight months, has just been sealed up, according to Peter Aagerup Jensen of the university’s Education Service. He has just given an update to the University Post after an article broke on the news site Version2.dk.

With just a small piece of the so-called javascript in the right place in the university’s course administration system Absalon, computer-savvy students would have, technically speaking, been able to gain access to the notes.

Great fun

The hole in the system's security was first found by an enterprising computer science student taking ‘Advanced Programming’ with PhD student Morten Ib Nielsen at the Department of Computer Science DIKU.

»It was great fun, that a student could change the banner on Absalon to an advert for DIKUs student portal. But we reported the vulnerability, so the hole could be closed,« Morten Ib Nielsen says to Version2.

Apparently the official grading is still carried out on paper, but many teachers still use the Absalon notes to tally and subsequently fill out the forms manually in another system, Føniks.

Now blocked

The breach was wide open for eight months.

Only the threat of a critical article got the supplier, the Norwegian company IT’s Learning, to pull its socks up, the Education Service department at the University of Copenhagen explains.

The breach was finally closed at 9 am Wednesday morning 2 June.

»We now have a patch, and it is no longer possible to the entering new scripts on Absalon,« says Peter Aagerup Jensen of the university’s Education Service.

Worst case scenario

He emphasises that exam systems and other administrative systems are not directly affected by the security breach, as Absalon is an isolated system.

»Absalon does not in itself do grades, but teachers can have noted what grade should be given in Absalon, and it is this note, that can have been changed,« explains Peter Aagerup Jensen of the Education Service.

This is the worst case scenario, and he emphasises that there is no evidence that anyone has done so.

»We have been nervous that any publicity would in itself deliver the recipe to anyone who wanted to cheat. But I reckon it is probably only computer science students who would be able to do this, and teachers at DIKU have taken their precautions,« he says.

Absalon to be scrutinised

He adds that his office will seek a subsequent general check-up of Absalon now that this breach has been plugged.

Will you send us the link with a script for our readers, so they can see for themselves whether the plug works?

»No!«

miy@adm.ku.dk

0 comments

Write a comment

23/05-12 kl. 10:15 Campus

PET tries to soothe spy paranoia with memo

Espionage case against Professor Timo Kivimäki has students and staff confused about what’s legal and what’s not. Head of Danish Intelligence service PET is in correspondence with University of Copenhagen's Rector

See also:: Police: Copenhagen professor spied for Russians; Finnish professor scouted for student spies; 'Spy' professor: Harsh PET methods

23/05-12 kl. 06:00 Culture

Photo Competition: Show us your room

Last chance! Send us a photo of your room before tonight at 24:00 and win tickets to the NorthSide Festival

22/05-12 kl. 11:01 Education

Unskilled jobs: 10 pros and cons

You’ve graduated from uni and you can’t get a job. The local job centre tells you to work in a pizzeria or at the local supermarket. But is it a good move to do what they say? Here’s a qualified list of pros and cons from an expert

See also:: Lucky Spanish girl gets the job; For Greek student, there is just the pizzeria

22/05-12 kl. 06:00 World

Study shows where brains drain, or gain

A new study shows where scientists migrate to, and why. For foreign scientists in Denmark the main motivators are careers and prestige

See also:: Best and brightest consider leaving – for good; Universities struggle in ‘brain game’

20/05-12 kl. 06:00 Culture

The experts: How to make your own job

Entrepreneurship is a field filled with myths: One of them is that it is hard to start up something on your own. The experts have offered to share their tips

See also:: Crisis, what crisis? More student start-ups; Innovator: Don’t be afraid to fail

20/05-12 kl. 06:00 Campus

Innovator: Don’t be afraid to fail

In 2011, Gregory and two friends started the ‘Copenhagen Union’. Deliberately unambitious at the start, the initiative now trains students and organizes high-profile debates