So yeah for a couple of semesters now I've been trying to tell the school that they have content loading from non secure servers. The school is basically using the classic encrypt while logging in then its NOT secure.
Absolutely every form of private information is loading on unencrypted pages. Pair this stupidity with unencrypted wifi and you can gain access to basically everybody in every single class.
I have not actually used the vulnerability but I need to demonstrate it to them very specifically. I already know how to fix it but these people are seriously stupid who run their IT department.
Now for my questions. How do i demonstrate this? willing abductee?
I want to show them how this is done and how to fix it but I don't want to get in trouble while doing so. Do I bother explaining it in great detail or just shame them online and in the local press? My associates with them is done now and they haven't done anything to help me find an internship. Should I go for making a name or just go for getting a job with them? Its like 5 minutes from my house...
Absolutely every form of private information is loading on unencrypted pages. Pair this stupidity with unencrypted wifi and you can gain access to basically everybody in every single class.
I have not actually used the vulnerability but I need to demonstrate it to them very specifically. I already know how to fix it but these people are seriously stupid who run their IT department.
Now for my questions. How do i demonstrate this? willing abductee?
I want to show them how this is done and how to fix it but I don't want to get in trouble while doing so. Do I bother explaining it in great detail or just shame them online and in the local press? My associates with them is done now and they haven't done anything to help me find an internship. Should I go for making a name or just go for getting a job with them? Its like 5 minutes from my house...