By Tony DePrato | Follow Me on LinkedIn
I have written before about cloud security and file security. I was doing a simple pentesting job for a school recently and found a service they were using called: Edlio.
I cannot say if Edlio has a security issue, or if what I found was simply based-on clients not following procedures, or if all these schools marked their documents as public.
However, I can say it is generally bad practice for:
- Personal information to be public and openly searchable
- Budget information to be public and openly searchable (aside from summaries and annual reports)
- Versions of documents, that are not the final version, to be public and openly searchable
- Calendars and other data about large group events to be enabled without security
Schools using Edlio, or other services, need to audit their public content. Here is what is accessible on Edlio with a compound search:
I then noticed that the documents seem to be organized by date, and mixed. Meaning, different schools appear to be storing documents in a “common” directory, and then their files are further organized.
Using a search based on the date, I was able to further sort documents from different schools:
Again, there is no evidence this is an issue with the Edlio service. These documents could be available due to schools simply not managing their permission options, or because the schools believed these documents needed to be public.
The takeaway here is that school senior leadership should be aware this information is public, how it can be searched, and there should be some minor threat assessment done to determine if these documents (and posting policies) are creating more risk than reward.
If you want more information on how to do this type of testing and analysis, please email me: firstname.lastname@example.org
If you read my last post with great interests but were unsure of what Google Drive is worry not my loyal readers as I am here to help give you an idea of its features and why it’s pretty cool. Don’t worry folks you don’t need a valid drivers license to participate HA HA HA! (Omar coerced me into adding that lame joke). What you do need is a Google account and willing to read on past the break to see how to install and get the most out of your Google Drive.
Continue reading “What is Google Drive?”
As a computer teacher I often find myself needing to share a file with some of my students. I normally use Edmodo as for this as it is reliable and my students are already on it. Sometimes though these students may be from another class that is not using Edmodo, or even a teacher who is not Edmodo. Then I need another route. I need another way to share these files. GoogleDocs is a great way, but in order to do that I need to log in, upload the file, change the permissions of the file from private to public. There is an easier way my friends. Allow me to introduce you to minus.com. Read on past the break to see what makes minus.com so easy to use and why it is better than some of its competitors.
It’s about time to make some new resolutions for 2012. Dreaming about these resolutions is always fun (check out my three below).
- Build a moon base to hold family reunions and to use as a vacation spot.
- Create the next “Pet Rock” and become a millionaire (if I become a billionaire, that is OK too).
- Create a new educational curriculum that will be implemented by more than 98% of all schools in the world.
However, making realistic ones are not always so to easy to come up with. Have no fear, we here at IT Babble have three easy resolutions that you can fulfill. While these will not lead to riches, they are practical and will make your life easier and will hopefully save your bacon. Read on past the break to see how IT Babble can help.
Continue reading “3 Tech resolutions for the new year”