MSU needs to start thinking about security...
It turns out that my university was keeping private information (including names and ssn's) about over 9,100 of undergraduate students on a publicly accessible server for several months. The information was apparently indexed by google and easily accessible to anyone. This was already covered in Star Ledger, and on 1010 Wins. Way to go MSU!
I never expected much from this school, but this is kinda scary. Our IT sucks, but I believe they do have enough common sense to prevent things like that from happening. I think the problem here is the lack of proper user training. I am willing to bet someone in the administration got a new toy from the IT guys, and decided to use it inappropriately...
At least the grad school has enough sense to train their employees properly to prevent shit like that from happening. Undergrads were not so lucky. I'm very tolerant towards technophobes - I do laugh at them and ridicule them behind their backs, but I am perfectly willing to cater to their needs and fix whatever they break. But at some point, you have to admit that technological illiteracy == lack of competence. If you can't figure out how to properly use a computer, you should not be using it for important work. Period.
But then again who knows - the IT dept never showed much competence anyway. Below is the conversation I had with one of the student-drones sitting in the CSAM IT room:
Me: "Did you guys know that pegasus is an open relay?"
Drone: "A what?"
Me: "The SMTP server... It has no authentication... Anyone can use it."
Drone: "Oh, yeah... That's how it's supposed to be. You can't use it from the outside."
Me: "Okey... As long as you know about this..."
More often than not, they are aware of the security blunders - they just don't care. I can't imagine them not caring about ssn leakage though...
0 Comments:
Post a Comment
<< Home