One school said the most recent update on the situation from Impero arrived by email on Monday. Impero also offered fixes to schools that were using the software without contractual support, but left it up to those schools to make contact. Three schools and chains using the software that were approached by the Guardian said the company had been slow to deliver promised software patches.
“Impero are crap at communication,” he said. One school IT manager said the response from Impero was vague and required managers to contact the firm for more information. Schools using Impero’s software said the company had notified them of the security flaw in the middle of last month but they were offered few details of its potential scale. “One was that I was against the ‘anti-extremism’ stuff, the other was because not being a customer, I didn’t know where to send it.” He said he had posted it publicly, rather than privately disclosing it to the company, for several reasons. The company said it had released a temporary security patch and was working on a permanent upgrade.Ĭlark said the flaw he found would leave affected schools’ networks “completely pwned”, online slang meaning in this context that the networks’ security would be fully compromised and information on it would be rendered vulnerable. But last month the security researcher Zammis Clark posted extensive details of a flaw in the company’s encryption protocols which could allow almost anyone to gain full access to computers running the Impero software, run software such as spyware on the systems, or access files and records stored on them.
0 kommentar(er)
