What to do if you notice...
Results 1 to 6 of 6

Thread: What to do if you notice...

  1. #1

    What to do if you notice...


    At the college I currently attend, they have an E-Portal, which students may use to access there online quizes and checkup on their progress in some of there courses. however, the system is designed to ask you for a user/pass combo before allowing you access to the site.

    the problem is that in order to obtain this user/pass combo, you need to enter in your social security number over an uncrypted connection (no SSL) =(

    My question is simple: How do I get them (the IT department) to take me seroiusly about this security threat?

    To me it would be EXTREAMLY simple to exploit this weakness because they also use a wireless network, with no encrpytion or authentication, thus, allowing any average job the ability to sniff the connection on the schools end.

    Any information would be greatly appricated

  2. #2
    Senior Member
    Join Date
    Nov 2001
    screw the IT dept, they are not going to cover your losses if you get ripped off. look for articles to show the administration what kind of coverage they'll get if it happens to them and a letter explaining the reasons you have for sending them




    <google using 'social security college network hacked'>

    if you get no response gather this info this and print up hand outs to pass out to everyone. find someone (or more) that shares your disdain for this practice to help you

    ...you were expecting maybe i should say "go ahead and hack it"...not a chance
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  3. #3
    Senior Member
    Join Date
    Aug 2003
    You might want to anonymously "tip off" the local press... in light of the current worm traffic, they might be interested...

    Then again, on the other hand, if the paper decides to print the story, it may tip off unscrupilous vermin and actually make the school network more of a target.

    Can you just go into the IT office, or admissions, or wherever, to pick up your user name password combo? That's what they do here.

  4. #4
    Senior Member
    Join Date
    Sep 2003
    Actually they are trying to pass a bill right now in congress which wouldn't allow colleges to use SS numbers so freely. In Alabama, your SS number is dubbed your "Student ID" and you use it for everything. I think it is stupid as hell seeing as your SS number is basically a portal into your information. Who's bright idea was this anyways? Anyways, article here:


    (that isn't the story I read but it is an example)
    You shall no longer take things at second or third hand,
    nor look through the eyes of the dead...You shall listen to all
    sides and filter them for your self.
    -Walt Whitman-

  5. #5
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    In Alabama, your SS number is dubbed your "Student ID" and you use it for everything.
    Same at my college too. They even post the SSN's on grade sheets hanging outside the classrooms! I'd rather someone know what I got in my class, rather than someone knowing which SSN got the 'A'.

    Lets see... there are 4 'A's on this test. (Me sits there with a huge smile along with three others)... someone goes out and looks a the grade sheet. Hmm... they can guess my SSN. Chances are 1 in 4. And seeing that I don't hide the fact that I wasn't born in the same state as everyone else... One of these SSNs don't belong here... which one is it? Duh!

    I request that my professors email me my grade rather than including my info on the sheets they post and for the reason I explained above.

    I really hope that they pass this bill.

    Just like they used to make you put your SSN on your drivers license... How stupid is that?

    Oops! I lost my wallet. Now they have my name, address, and SSN. What more do they need?
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  6. #6
    does anyone know of any articles or press releases of things like this that have been comprised before, such as UT Austin Jan, 2003.

    I'm looking for some technicaly oriented articles and tutorials. Thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts