Omnivox is certainly not secure since it exposes network ports 135, 139 & 445 to the internet. Ports 135 and 139 are for netbios, and 445 is for microsoft network DS (NT server directory service)
It's just not good security for a portal to Quebec post secondary institutions to expose these ports.
Once logged in, the portal has the potential to access the user's LAN through ports 13 ad 139. The MS DS port has potential to access both the server's and user's LAN network.
Even though these ports are monitored by Omnivox's maker Skytech, it also means that Skytech also has the potential to access anyone's personal information e.g. to create a consumer list for future spam (ads targeted based on students' age) but usually to report security risks such as portscanning, which is not illegal.
No comments:
Post a Comment