Hi admins,

I'm reviewing the OneClass security alert just posted, and I'm a little stuck on one question. According to the announcement, "If the user clicks this button, OneClass sends messages to all of the other users enrolled in the course via the LMS’s messaging system (for Canvas, that’s Conversations)."

IIRC, the default setting for messaging in classes prevents students from messaging everyone in the same class. So does that mean it's circumventing that? Or is it just cycling through each individual name in the class and sending the message?

(Which is two questions, or three, if you include a question about whether that's detectable in a way that it could be blocked w/in Canvas).

Marc