[plug] Computer insecurity
Trevor Phillips
phillips at central.murdoch.edu.au
Tue Aug 7 16:39:32 WST 2001
Bret Busby wrote:
>
> Once again, I prefer to give the benefit of the doubt, here, and, regard it as
> sheer incompetence. After receiving that message from the IT Helpdesk, I
> telnetted to my library account, as previously described.
I think you're going way over the top here. If student numbers were ever
"secure", it was through obsfucation, which is never a good form of "security"
to rely on. If someone wants to know your student number, I'm sure they could
find it out. Numbers next to Names are listed in all sorts of places.
Another common theme of Security-related talks is the sliding compromise
between Security and Useability. The old Murdoch system of student accounts was
cumbersome at best. It was hard to manage, and there were many errors resulting
from the loose rules associated with it. Yes, the new system uses your student
number. It'll also make it a lot easier for multiple systems and labs to use a
common system. Sure, there are some problems, but personally I think it's
amazing that the change-over went as smoothly as it did, and that there weren't
more stuff-ups. You should try doing something like that in a Uni environment,
where everyone wants to do their own thing, and you have many proprietary and
off-the-shelf enclosed systems, that you're suddenly trying to get to
co-operate together.
Anyway, enough off-topic ramblings from me. ^_^;;;
--
. Trevor Phillips - http://jurai.murdoch.edu.au/ .
: CWIS Systems Administrator - T.Phillips at murdoch.edu.au :
| IT Services - Murdoch University |
>------------------- Member of the #SAS# & #CFC# --------------------<
| On nights such as this, evil deeds are done. And good deeds, of /
| course. But mostly evil, on the whole. /
\ -- (Terry Pratchett, Wyrd Sisters) /
More information about the plug
mailing list