BP Moodle Site Hacked
As if BP didn’t have enough trouble to deal with at the moment, it seems they were running a Moodle LMS site that was hacked and private data (or data that was supposed to be private) was compromised. While this is pretty amusing and I’m sure it’s not on the top of anyone’s list at BP, it does point out one thing any organization running Moodle should be aware of…if someone really wants to hack your Moodle site, it’s typically not a difficult thing to do.
This hack was posted on moodle.org and the very first response, from a Moodle Business partner of course, was well, “They must have modified it (Moodle) and screwed it up.” That pretty much sums up the attitude of corporate Moodle toward security. There are several lessons here, but one of the biggest is, if you are a trillion dollar company, then why in the world would you go with web software that has been proven time and time again to have security holes large enough to drive an 18-wheeler trough just because you can get it “free”? Ever hear of Blackboard?
The blog post:
http://praetorianprefect.com/archives/2010/06/going-after-bp/
The Moodle security vulnerability:
Related posts:
- WordPress 3.0.3 Released — Moodle, Are You Paying Attention? Tweet WordPress 3.0.3 is available and is a security update...
- Moodle Security Notice — An Irresponsbile Process! Tweet Moodle released the following security vulnerability notice today following...
I saw this on Twitter and decided to come here to comment. I am not surprised by this at all. About three years ago, or College (community college) switched from Blackboard to Moodle. There were a couple faculty pushing hard for the campus to adopt Moodle and they were able to convince those in-charge of making those decisions to change with the promise of saving money and getting a better system.
During our first semester using Moodle or site was hacked twice and was down for almost a week each time. Later in the year we discovered, by way of a student reporting to his instructor, that our Moodle site contained literally dozens of pages of pornography. At the end of our first year with Moodle, the campus switched back to Blackboard.
I did kind of like the interface, but or experience was enough convince us (with the exception of a couple Moodle lovers) that the Blackboard fee is well worth the cost.
Nothing worth anything is ever really “free”. Buyer beware!