My friend made a script that crawls websites and for testing he chose our university: Haaga-Helia University of Applied Sciences. Believe it or not, he actually got over 37000 files in publicly available folders from our universitys’ file server myy.haaga-helia.fi. The records are available at tradenomi.noob.fi.
So what kind of files was found?
Well most of the files are documents, powerpoints and excels containing student work. Nothing really important I guess (I haven’t browsed all of the 37000 files).
How ever what I found the most interesting were the CVs or curriculum vitaes also known as list of achievements of a person. With search
CV you can find three pages of different CVs.
There are very much files of code. If you search for
java you will get 4000 files with java code, so it is kind of database of code examples. Of course alot of the files are in finnish.
Since there are CVs and alot of documents containing personal information, this raises question: is this a security issue? And whos’ is it?
University offers a place for saving documents in public Internet, known as public_html within students personal data folder. When you save a file in there, the file will be in the Internet. I guess university should make some clarifications for some students that their files truly are publicly available when they save a file in their public folder.
After being online for quite some time, my friend released some statistics tradenomi.noob.fi/tophaut.php. These are the top 20 searches done lately. I’ll translate some of them here: cv, programming, mathematics, pictures, businessprocesses and of course porn and sex.
So there have been some proper searches and I guess some good results too.
The site is elegantly build and serves its’ purpose nicely. It caused a lot of discussion in our university and as far as I know it has already been reported to the ICT-security team of the university. The best thing about this site is of course the fact that you can go and search for a file that contains your next deadline homework.
Go check it out at tradenomi.noob.fi.