Hey,

At the college I currently attend, they have an E-Portal, which students may use to access there online quizes and checkup on their progress in some of there courses. however, the system is designed to ask you for a user/pass combo before allowing you access to the site.

the problem is that in order to obtain this user/pass combo, you need to enter in your social security number over an uncrypted connection (no SSL) =(

My question is simple: How do I get them (the IT department) to take me seroiusly about this security threat?

To me it would be EXTREAMLY simple to exploit this weakness because they also use a wireless network, with no encrpytion or authentication, thus, allowing any average job the ability to sniff the connection on the schools end.

Any information would be greatly appricated
Thanks