OIT blocks flaw in Frist e-mail kiosk

Students who used the new kiosk computers in the Frist Campus Center before yesterday afternoon may have left their email accounts vulnerable to prying eyes.

Users who did not correctly log out of the kiosk computers remained fully connected to the email system, enabling others to read or send messages from the logged-in account.

OIT officials were unaware of the problem until The Daily Princetonian contacted them yesterday morning. By 1 p.m., they had put in place a temporary solution — simply a freeze on the "back" button at the top of the screen.

Now OIT "will be working with the kiosk software vendor, wKiosk, to see if there is another solution to the problem," said Steven Sather, support services manager.

Sather said that despite the security problem, the majority of students did log out correctly, keeping their accounts private.

To protect themselves, users should always click the "Logout" button within Webmail, he said.

The Frist kiosk machines are the most frequently used public access machines on campus.

One senior who had not logged out properly expressed concern after learning about the glitch.

"I think it's unfortunate others would be able to access my email, but I'm glad they're taking measures to remedy the situation" Marcos Gonzales '04 said.

The newly updated kiosk, which has been up and running for a week, includes two more computers than in the past.