Blackboard Learn, the course management system used by Northwestern University, has been found to have security flaws and vulnerabilities that, by one report, could give exploiters access to grades, exams and both student and faculty personal information.
Wendy Woodward, director of technology support services for NUIT, said Tuesday that, while NUIT was “very concerned” and “taking this seriously,” the University was protected from many of the holes by its security practices. No vulnerabilities have been found, she said, “that are considered to be serious threats.”
She said NUIT would inform users immediately if they believed there was a security risk.
More worrying for Woodward was how Blackboard informed its customers of the vulnerabilities — or rather, how it failed to inform its customers.
The flaws first became known to the public in a Friday report from the Australian computer-security-centered publication SC Magazine. According to that article, officials from an Australian university had reported the vulnerabilities to Blackboard Inc. as early as July, yet the company did not inform its customers of any flaws until after the magazine published its story Friday.
NUIT officials learned of the issues not through Blackboard, but through SC Magazine’s story and the ensuing coverage.
“We found out through the news, and that is something we are vigorously working with Blackboard to resolve,” said Woodward. “This is not an acceptable response from our vendor because you expect student and faculty privacy and security to be taken as seriously as we do.”
“Student and faculty privacy are absolutely critical,” said Sean Reynolds, the University’s Vice President for Information Technology and Chief Information Officer.
Woodward said the University’s users were protected both because it kept its installation of Blackboard Learn up to date and because the University requires Learn users to authenticate themselves with a NetID and password, which allows activity to be tracked.
The report in SC Magazine said that Blackboard Inc. did not plan to patch all the vulnerabilities in its software until the next upgrade, slated to come out before the end of the year. Woodward said NUIT was talking to Blackboard and that she “can’t yet comment on whether that timeline can be advanced.”
Blackboard Learn is by far the most popular course management software, although its market share has been declining recently, according to the 2010 Campus Computing Survey. Woodward couldn’t remember how long the University has been using Blackboard Learn. She said the University has had a “long” and “very good relationship” with Blackboard Inc., saying they were “the market leader in the space.”
“Hopefully,” she said, “Blackboard will learn a lesson here.”