mPrint is a useful service provided by ITCS of the University of Michigan to allow web-uploaded documents to be printed on campus printers. Unfortunately, the designers of mPrint included several “features” that violate the privacy of its users without their knowledge.
Honeyd is a low-interaction honeypot developed by Niels Provos designed to emulate services and personalities of virtual hosts and networks. As honeypot deployments must remain undetected to maintain their value, the ability of an attacker to effectively and remotely fingerprint Honeyd is a serious issue.
After investigating the security of the Mcard magnetic card system at the University of Michigan, which is used for student and faculty identification cards, I discovered that it is trivial to forge anyone’s Mcard given only their UMID/uniqname.
While arranging my class schedule at the University of Michigan, I discovered a vulnerability in Wolverine Access that allowed unrestricted access to the social security numbers, names, and addresses of every student in the University including recent alumni.
Unless stated otherwise, all material on this site is available under a Creative Commons Share-Alike license. Layout design compliments of Wouter Bolsterlee.