Students at New College have labelled their computing system “buggy and insecure” after it was revealed last week that students were routinely hacking into the College meal system.
A Facebook group appeared last Wednesday publicising the insecure nature of the web page, and offering a step-by-step guide on how to hack into the College system.
The group’s fan base increased to nearly a hundred students before College authorities noticed the page and took the meal booking system offline.
Accurate Solutions, who provide New College’s accounting and management software, responded to the reported flaws by releasing a fixed web page the following Friday.
However, further problems ensued as it was discovered that the system could only be accessed by people inside College and that those living out were therefore unable to book in for a Guest Night.
The College IT staff responded by allowing access to the page through the Oxford VPN, while restricting public access for security reasons.
But only later that day the security restrictions placed on the system were removed and the page was made available on the public internet.
New College did not offer comment as to why the vulnerable system had appeared online and therefore been exposed to more malicious users.
Many students are frustrated by their College which they felt had been ineffective and slow in taking action.
One undergraduate complained: “College staff have known about this for months, and it was reported to them multiple times during Michaelmas.
“The responses varied from indifference to an insistence that the issue did not in fact exist.”
Problems with the system also affected battel payments and prevented students from putting cash on their Bod cards. On Monday morning students found that they had been charged money but that this had not been transferred to their accounts.
Michael Burden, Dean of New College, confirmed that the issue has now been resolved stating that “All the delayed transactions have been repayed, and students’ accounts have already been credited.”
However, there is still concern amongst students regarding the insecure nature of the Accurate Solutions system.
New College have stressed that: “There are no private or personal details on the publicly visible system”, adding that “once communications with Secure Hosting can be verified in detail, we will again be securing the site behind the University firewall and VPN system, with a specific exception being made for the Secure Hosting communications that allow on-line payments to proceed.”
The computer system used by New College is provided by Accurate Solutions. Seventeen of Oxford’s other colleges are clients of the company.
Michael Burden admitted that the system’s flaws had been missed by Accurate Solutions’ testing.
When asked whether the company’s contract with New College would be renewed he stated that: “Contracts are commercial decisions, and are always periodically reviewed”.
Seventeen of Oxford’s College are clients of Accurate Solutions.