GIFT a SubscriptionGift
HamberMenu
  1. Cricket
  2. Data
  3. Health
  4. Opinion
  5. SEARCH Icon
  1. Cricket
  2. Data
  3. Health
  4. Opinion
  5. SEARCH Icon

To enjoy additional benefits

GIFT a SubscriptionGift
ShowcaseCrossword+

CONNECT WITH US

year
Click here for our in-depth coverage of Lok Sabha and Assembly elections #ElectionsWithTheHindu

It is easy to hack into some varsity websites

April 09, 2014 12:58 pm | Updated May 21, 2016 09:54 am IST - BANGALORE:

K. C. Deepika
Deepa Kurup

One would expect that university websites, which host expansive databases and crucial student information, would be tight on security. But it turns out that the official website of the State’s only health university, the Rajiv Gandhi University of Health Sciences (RGUHS), gives easy access to enter and make modifications even to a student hacker.

There’s enough proof online that the official message board of the university, which serves as an interactive forum, has been breached more than a dozen times by hackers, who have left behind embarrassing messages damning the poor security of a premier university portal.

An “ethical hacker”, a student at a Bangalore college, demonstrated to The Hindu that the online teachers database management system and the online admission student management system are all easy to break in to.

For instance, this “ethical hacker” uses a simple SQL injection to log in to the teachers database management system, and while he’s wary of tampering with too much around the online admissions system — to remain on the safe side of the law, he shows that he can log in as “admin” and freely use the master panel to set up a new user (as a constituent college) and has access to lists of theory and practical marks.

Where did he find the password that enables him to function as “admin”? He didn’t have to look far: the log file, which is directly viewable, simply listed the password.

The student hacker demonstrates that it isn’t just the RGUHS which is lax about its websites controls or security. Even the websites of the Rani Channamma University, Belgaum, and Kuvempu University are easy to enter because, once again, their technology teams haven’t changed the default password.

Universities’ response

Meanwhile, two of the three universities brushed aside the concerns. While B.R. Ananthan, Vice-Chancellor of Rani Channamma University, Belgaum, expressed surprise about the vulnerability of his university website, Sriprakash K.S., Vice-Chancellor of RGUHS, said that they had not come across any problems so far.

S.A. Bari, Vice-Chancellor, Kuvempu University, said that there was no sensitive data stored in the website. H.N. Ramesh, CEO, Logisys, an university automation company that provides services to these universities, admitted that laxity with password was a common problem. He suggested that there should be a dedicated team maintaining the website and the contents must be regularly updated.

Related Topics

cyber crime / university / Karnataka

Top News Today

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.