On Tuesday, July 21 around 11 pm Pacific, I stumbled across a serious information security flaw in DuckWeb, the University of Oregon’s student information portal. For some of the work I’ve been doing with Publish2, I’ve been paying close attention to the composition and beauty of URLs. When printing out my degree audit for a trip down to Eugene the next day, I realised that the print version of the degree audit had a unique string of digits at the end of the URL. Curious, I changed the last two, refreshed, and ended up with someone else’s degree audit.
