'PJ Day' not OK

The student body received news from USG president PJ Kim '01 yesterday afternoon that he was going to hold "PJ Day" on Dean's Date. "We will all be so busy worrying over our papers, we will not care about our appearance, and we will all wear Pajamas, or PJs," the e-mail said.

The trouble with the e-mail, titled "My Day," was that Kim did not send it.

"I'm as baffled as anyone else," Kim said after he learned that an unauthorized person had accessed the undergraduate student list. Within minutes of discovering the bogus e-mail, Kim sent another message to the student body explaining what had happened.

The unauthorized message was sent from a computer designated "pubnt56" in the Green Hall psychology library, according to Rita Saltz, a senior technical staff member at CIT.

CIT sleuths

"The message headers did show the machine on campus from where the message was sent," Saltz said. "CIT has talked with the University officials and a couple of appropriate departments about this. There is a suspect in this matter."

The campus-wide USG list is not meant to be used by any student except for Kim or Lee Vartan '00. Vartan uses the list to send a weekly "Active at Princeton" e-mail to the student body.

Nevertheless, the e-list is not completely secure. The unauthorized person would have been able to send the rogue e-mail without using Kim's e-mail account password. Rather, the user may have changed his or her own e-mail profile to simulate Kim's profile, Saltz said.

"I'm reasonably certain that PJ's account was not compromised and this was accomplished by some other means," Saltz said. "The identification coming from his account was falsified. The person sending this note managed to make the list believe that it was coming from PJ's account, even though it was not."

Deputy University librarian Marvin Bielawski said students can send e-mails anonymously from library computers. "To read e-mail you do have to log into CIT's computer, but to send mail you do not. I believe that's possible — to get on anonymously."

Kim said he was relieved that the content of the e-mail was not derogatory. "I'm a little thankful that the message was silly but not offensive or anything," he said.

Saltz said the University is researching more sophisticated methods of electronically verifying a user's identity. One such possibility would be to use digital signature certificates, which would be sent along with an e-mail. "Ultimately, it would provide a better level of protection," she said.

She added that she does not know if the incident will result in changes to CIT security protocol to prevent similar violations in the future. "Certainly I think all of us will be a little less trusting in the future," she said. "That's one of the sad spinoffs of this. It may seem funny to the perpetrator, but it creates a level of distrust. That's a tragic thing."