[plug] Computer insecurity
Bret Busby
bret at clearsol.iinet.net.au
Wed Aug 8 11:12:28 WST 2001
On Wed, 08 Aug 2001, Trevor Phillips wrote:
> Andrew Francis wrote:
> >
> > I really, really wish Curtin would adopt some sort of serious approch to
> > security in this area. For crying out loud, my student card has my name,
> > date of birth and student number on it in an easy-to-steal form.. all it's
> > missing is my phone number, of which the last four digits are used as a
> > PIN in some situations.
>
> Really? Murdoch's Student PINs were based on Date of Birth.
> One of the driving forces of the changeover to the "insecure" system (as some
> have dubbed it) was to re-issue every student with a new PIN which isn't
> deriveable, to increase security.
>
Since you have again referred to it:
What made, and, makes, the new system insecure at Murdoch, is the
implementation of the system, with the other systems still in place, using the
password of an existing system, as the user name of the new sytem, requiring
users to know other users' passwords on the existing system, and, requiring
users to know the index for finding confidential information about other users,
and, having a helpdesk that completely misrepresents the total situation.
Gross incompetence, or, malfeisance, take your pick.
Certainly not secure.
Bret Busby
..............
More information about the plug
mailing list