[plug] Computer insecurity

Steve Vertigan vertigan at bigfoot.com
Mon Aug 6 22:05:14 WST 2001


Bret Busby wrote:
> 
> Someone posted a query about a paper that he is writing about security, and,
> narrowing it down to Internet security.
> 
> I have today found that Mudrock has compromised the security and privacy of
> all of its students, by implementing a change without doing it properly, and,
> without thinking about the consequences.

Seems to me the compromise is in the library system, not the idea of
using student numbers as usernames.  Noone's ever said anything to me
about your student number being confidential and, in fact, we used to
write it down next to our names in one labclasses last semester.  I
suspect the library's decided that the added complexity of needing a
password to access your library account from an internal machine isn't 
justified by the risk of someone cancelling a recalled book or
somesuch.  If it's starts getting abused that'll presumably change.

Steve
-- 
OpenBSD maelstrom.dyn.dhs.org GENERIC#399 i386
 6:00AM  up 5 days, 13:17, 2 users, load averages: 0.73, 0.80, 0.75
A bird in the hand makes it awfully hard to blow your nose.



More information about the plug mailing list