Featured Research

from universities, journals, and other organizations

Is your flashy school website safe?

Date:
July 5, 2010
Source:
Inderscience Publishers
Summary:
Most educational websites in the US are using Flash applications that fail to adequately secure these pages. This is a growing problem for the Internet as vulnerable sites can be hijacked for malicious and criminal activity, according to a new paper by an expert in digital forensics.

Most educational websites in the U.S. are using Flash applications that fail to adequately secure these pages. This is a growing problem for the Internet as vulnerable sites can be hijacked for malicious and criminal activity, according to a paper published in the International Journal of Electronic Security and Digital Forensics this month.

Related Articles


Joanne Kuzma, Colin Price and Richard Henson of the Business School, University of Worcester, England, have used a simple tool provided by Hewlett Packard (HP), known as SwfScan, to analyze academic websites across the U.S. for security holes in their Flash applications.

Adobe Flash is a proprietary multimedia platform used to add animation, video, and interactivity to countless web pages. It is widely used by sites like Google Youtube and by gaming sites and in advertisements. It has also been positioned as a tool for "Rich Internet Applications." However, although provider Adobe releases regular security patches to address problems as they arise, many sites are not kept up to date and so remain vulnerable. Companies such as Apple, refuse to allow Flash to run on their consumer devices for this very reason.

Kuzma and colleagues point out that it is impossible to make any web application 100% secure, but that academic institutions must implement new policies better secure their sites and to protect their users. In 2008, HP used its SwfScan tool to audit 4,000 Flash applications across the web and found 250 Flash applications that had a login form in which usernames or passwords are hard-coded into the application. Older versions of Flash are rife and more than a third of Flash applications violated Adobe's security recommendations.

The team has now used SwfScan to scan 250 educational websites, with worrying results. "Education sites are increasing the number of their Flash-based pages and applications, especially due to the growth of online learning," the team says, "Yet almost all pages showed at least low-level security vulnerabilities and over 20% of them had medium-level security issues where personal information could be disclosed to attackers." Six of the sites scanned (2.4%) showed critical vulnerabilities. Just two sites had no reported Flash vulnerabilities.

Well-publicized data breaches at Florida and Ohio universities led to the names and social security numbers of hundreds of thousands of students being exposed, which not only affected security for those individuals but led to such negative publicity that Ohio, at least, saw a significant decline in monetary donations. But, there are a variety of technical, legal and procedural methods that institutions could effectively implement to provide a better level of user protection, the team adds.

A serious problem in university security is that professors, colleges, departments and even student organizations regularly create and maintain separate shadow systems. So even if the university does have secure core applications and specific security policies, these shadow systems could open up security vulnerabilities. Moreover, academic departments often operate their own servers that bypass the institution's IT department. "A staff member could create a separate Flash application to collect miscellaneous user information and this application could be developed with minimal thought to security, or could bypass corporate security policies and development procedures," the team explains. "Those staff may be unaware of legal regulations that apply to the industry."


Story Source:

The above story is based on materials provided by Inderscience Publishers. Note: Materials may be edited for content and length.


Journal Reference:

  1. Joanne Kuzma, Colin Price and Richard Henson. Flash vulnerabilities analysis of US educational websites. Int. J. Electronic Security and Digital Forensics, 2010; 3: 95-107

Cite This Page:

Inderscience Publishers. "Is your flashy school website safe?." ScienceDaily. ScienceDaily, 5 July 2010. <www.sciencedaily.com/releases/2010/07/100702100142.htm>.
Inderscience Publishers. (2010, July 5). Is your flashy school website safe?. ScienceDaily. Retrieved March 29, 2015 from www.sciencedaily.com/releases/2010/07/100702100142.htm
Inderscience Publishers. "Is your flashy school website safe?." ScienceDaily. www.sciencedaily.com/releases/2010/07/100702100142.htm (accessed March 29, 2015).

Share This


More From ScienceDaily



More Science & Society News

Sunday, March 29, 2015

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Why So Many People Think NASA's Asteroid Mission Is A Waste

Why So Many People Think NASA's Asteroid Mission Is A Waste

Newsy (Mar. 27, 2015) The Asteroid Retrieval Mission announced this week bears little resemblance to its grand beginnings. Even NASA scientists are asking, "Why bother?" Video provided by Newsy
Powered by NewsLook.com
WH Plan to Fight Antibiotic-Resistant Germs

WH Plan to Fight Antibiotic-Resistant Germs

AP (Mar. 27, 2015) The White House on Friday announced a five-year plan to fight the threat posed by antibiotic-resistant bacteria amid fears that once-treatable germs could become deadly. (March 27) Video provided by AP
Powered by NewsLook.com
Indiana Permits Needle Exchange as HIV Cases Skyrocket

Indiana Permits Needle Exchange as HIV Cases Skyrocket

Reuters - US Online Video (Mar. 26, 2015) Governor Mike Pence declares the recent HIV outbreak in rural Indiana a "public health emergency" and authorizes a short-term needle-exchange program. Rough Cut (no reporter narration) Video provided by Reuters
Powered by NewsLook.com
AAA: Distracted Driving a Serious Teen Problem

AAA: Distracted Driving a Serious Teen Problem

AP (Mar. 25, 2015) While distracted driving is not a new problem for teens, new research from the AAA Foundation for Traffic Safety says it&apos;s much more serious than previously thought. (March 25) Video provided by AP
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:

Strange & Offbeat Stories


Science & Society

Business & Industry

Education & Learning

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins