Security Problems at Colleges

I have several of these projects underway. This page is the directory to them so I can keep track of them.

A: Viagra Sellers

A web page redirector that cleverly hides on servers.

As of 12-4-13, 5/19 colleges are clean

How I cleaned an infected site on 4-22-16
70 Infected Sites (May, 2016)

B: Exposed Student (or Staff) Data

As of 12-9-13, 8/12 colleges have fixed this, 6 days after notification.
The vendor (Jenzabar) has patched the problem, and only 3 colleges remain vulnerable, on 7-19-14. I published the URLs.

C: 55 SQLi Vulns Notified in November

As of 12-4-13, 19/53 colleges have fixed this, 23 days after notification.

D: 59 Vulnerable Colleges Notified in December

As of 12-22-13, 15/59 colleges have fixed this, and the rate of repair has fallen to zero, so I published the complete list of dorks and URLs.

E: Wordpress DDoS: Pingback Vuln (ty Steven Veldkamp)

F: Open DNS Resolvers at Colleges

Seven months after notification, I found a 38% decrease in open resolvers, from a total of 682 to 421.

G: Insecure Logins at 90 Colleges

7 months after notification:
16/57 plaintext login pages fixed or improved (28%)
8/33 mixed login pages fixed or improved (24%)

H: Obsolete SSL Certificates at 19 Colleges

Notified 10-20-14


Posted 12-16-13 5:18 pm by Sam Bowne
Last modified 12-19-13 1:38 pm
Item D updated 7:10 am 12-22-13
Item G updated 10:11 am 12-24-13
Items B, F, & G updated 7-19-14
Item H added 10-20-14
Cleaning an infected site added 4-24-16
60 more schools added 5-12-16