Unencrypted password security question. at a major university

From: Ryan (ryantemp@velophile.com)
Date: 04/07/03

• Next message: Kent Smith: "Re: Unencrypted password security question. at a major university"
• Previous message: Alex: "Re: unix passwords"
• Next in thread: Kent Smith: "Re: Unencrypted password security question. at a major university"
• Reply: Kent Smith: "Re: Unencrypted password security question. at a major university"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: ryantemp@velophile.com (Ryan)
Date: 7 Apr 2003 13:18:03 -0700

Hello, I'm student at an anonymous American college and have run into
a problem, I see it as a fairly serious security problem. Here is the
situation:

We have several different accounts around campus for different
reasons, email, class registration, an online class meeting forum, and
a few others. In the different accounts, we can view all of our
personal info, SSN, name, address, grades, etc. We use the same user
name and password for all of these. All the login pages are via the
web, they are all secure (security lock in mozilla, etc.), except for
one. One, for a minor forum, we submit our log and pass unencrypted
across the web.

I've been writing them to explain that by having this one unencrypted,
they all might as well be, since we are sending our login in pass in
the "free and clear" and they need to fix it right away. The responses
I have received from them are ridiculous. They've been to the effect
of, "you don't need to worry about it, just don't give anyone your log
and pass and you'll be fine".

Security certainly is not my forte but this seems very dangerous to me
and I'm just looking for some conformation that this is indeed a bad
situation and something I should keep kicking at these people with
till it gets fixed.

Thanks for any info you can provide.
-- Ryan

• Next message: Kent Smith: "Re: Unencrypted password security question. at a major university"
• Previous message: Alex: "Re: unix passwords"
• Next in thread: Kent Smith: "Re: Unencrypted password security question. at a major university"
• Reply: Kent Smith: "Re: Unencrypted password security question. at a major university"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: why do iceweasel et al have more frequent security issues? ... finding a security problem and reporting it. ... security alerts exist does _NOT_ mean that konq is more secure. ... CAR ANALOGY! ... (Debian-User) Security Advice Wanted! ... What would one do in the event of a security compromise scenario like ... You have a serious security problem. ... After another reboot for installing more security tools you get ... (microsoft.public.security) Re: ISA on DC ... And with SBS is remains a major security problem IMHO. ... Tom and Deb Shinder's Configuring ISA Server 2004 ... If you are configuring a business that would be a popular target ... (microsoft.public.isa) Re: What is the verdict on using Anti Virus software on Solaris? ... >of how he will implement the technics, and that PEBKAC will remain a ... >security problem for ever. ... to opinions held by my employer, Sun Microsystems. ... (comp.security.unix) Re: How to Limit Spotlight Searches? ... Just mark those files (better folders) unreadable by ... With regard to "security" the point is that a file being readable alone ... is only rarely a security problem. ... (comp.sys.mac.system)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint