+ Post New Thread
Results 1 to 4 of 4
Virtual Learning Platforms Thread, Frogteacher security announcement in Technical; Because of recent discussions FrogTrade have been in touch with me and have asked me to post the same message ...
  1. #1

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,969
    Thank Post
    1,355
    Thanked 1,814 Times in 1,126 Posts
    Blog Entries
    19
    Rep Power
    600

    Frogteacher security announcement

    Because of recent discussions FrogTrade have been in touch with me and have asked me to post the same message that they have sent to their customers.

    They have been very positive in their efforts to ensure things go smoothly and appreciate the patience of NMs and Techies, but want to make sure that people are aware of the full and correct procedures for securing the FrogTeacher environment.

    ----------------

    Sent: Fri, 11 Aug 2006 16:31:40
    Subject: FrogTeacher Announcement

    Dear Frog Administrators,

    We have been alerted to an incident at one of our schools where a
    disgruntled ex-pupil managed to log in to the school's Learning Platform
    using a staff member's password. They then proceeded to paste links to
    the information found on Internet. This problem has arisen from a
    combination of two factors: insufficient password management and the
    storage of sensitive data in publicly accessible areas of the Learning
    Platform.

    We felt the best approach was to draw attention to this incident to
    ensure that other schools aren't exposed to similar problems.

    We therefore recommend that:

    1. You ensure that your teaching staff have passwords that are not
    obvious (FrogTeacher can now authenticate against your Active Directory
    Server allowing it to pick up the passwords and policies directly from
    there).

    2. Ensure that anything confidential is kept in a password protected
    folder within the FrogTeacher software and NOT in any publicly
    accessible areas. This ensures that the resources are protected
    regardless of how they are accessed.


    If you have any queries about password protection or Active Directory
    integration, please feel free to contact our support team at
    support@frogtrade.com or 01422-250800.

    There is also a PDF explaining password protection attached to this email.

    Best regards,

    --
    - Lee Hardy -- Frogtrade, Halifax
    - lee.hardy@frogtrade.com
    -
    - Frogtrade Customer Support Team
    - Tel: 01422 250800 -- Email: support@frogtrade.com
    Attached Files Attached Files

  2. #2

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,412
    Thank Post
    642
    Thanked 963 Times in 663 Posts
    Blog Entries
    2
    Rep Power
    326

    Re: Frogteacher security announcement

    But wasn't there a problem where supposed secure pages were available to anybody and therefore a technical problem?

  3. #3

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,969
    Thank Post
    1,355
    Thanked 1,814 Times in 1,126 Posts
    Blog Entries
    19
    Rep Power
    600

    Re: Frogteacher security announcement

    My mistake in previous posts due to the way others had explained how FrogTeacher works ... and from the information available. The technical problem is actually the way FrogTeacher works ... most of us are used to session tickets for authentication or for longer authentication we use cookies, or integrated authentication.

    FrogTeacher allows for ACLs to be applied to pages but chunks of security are based round locking out menus ... if you have a direct URL to a page from having previously logged in with the right authentication you can then go back to that page without authentication.

    FrogTrade is saying that if you have *any* information that needs to be secure you should not purely rely on locking the menu page ...

    If you are a FrogTrade customer and have not heard from them yet please contact them on the above details.

  4. #4

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,412
    Thank Post
    642
    Thanked 963 Times in 663 Posts
    Blog Entries
    2
    Rep Power
    326

    Re: Frogteacher security announcement

    Ahhhh I see what you mean now, yes.

SHARE:
+ Post New Thread

Similar Threads

  1. FrogTeacher VLE Questions??
    By sycho666 in forum Virtual Learning Platforms
    Replies: 55
    Last Post: 19th June 2010, 06:36 PM
  2. December Security Announcement
    By john in forum Windows
    Replies: 1
    Last Post: 13th December 2006, 07:48 AM
  3. Frogteacher
    By alan-d in forum Virtual Learning Platforms
    Replies: 4
    Last Post: 13th November 2006, 10:51 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •