As technology develops, so does the desire to exploit it. University computers, as well as networks around the world, must brave increasingly crafty and frequent attacks. With 40 new viruses each day and the rising stakes of security breaches, which could lead to crimes like identity theft, securing University systems and databases is a growing concern.
Security concerns
Whereas students' academic, financial and health information is guarded by firewall software, other student information is accessible through the public directory.
"Universities tend to be more open than commercial businesses," said Anthony Scaturro, the University's information technology security officer.
Though this openness is necessary for the functioning of the University, it allows outsiders to obtain student email addresses from the public directory to use for spam emailing.
Under the circumstances, "the University is doing all that it can," Scaturro said.
The University's technology security staff are concerned with ensuring that students' passwords are reasonably strong and that students are cautious in receiving attachments, browsing the web and sharing files.
"There was one recent case where a copy of our password file was on the Internet," Scaturro said. "The passwords were encrypted, but potentially easy to crack."
In response, OIT contacted the thousands of students whose passwords were vulnerable and urged them to change them to stronger passwords.
According to OIT, weak passwords contain words that can be found in a dictionary and can be easily cracked by using a hacker's dictionary, a resource that contains the encrypted form of recognized words. Passwords with a combination of letters, symbols and numbers are the least vulnerable.
"To our knowledge, there have been no recent instances of anyone inappropriately accessing and using data from protected University databases," Lauren Robinson-Brown '85, director of communications, said in an email.
An attack from the outside
Recent security breaches have not targeted University databases or specific information, but just "created trouble," Scaturro said.
Like the worm that infiltrated University systems this summer, greeting some unfortunate students upon their arrival to campus, most viruses indiscriminately attack vulnerable systems.
"The hacking attacks do not seem to be targeted," OIT staff member Mary Ng said. People usually hack to send out spam email, to simply prove that they can take down systems or to attack perceived evils, like the government or Microsoft.
An inside job
Yet when a series of inappropriate letters were recently mailed to the Class of 1994, questions arose about how someone could have accessed alumni information.
The mailings consisted of two letters: the first contained images of members of the Class of 1994 pasted on to figures in pornographic poses; the second was a forged letter on letterhead from the University's Alumni Counsel office. These letters were sent to many members of the Class of 1994, although the extent of the mailing has not yet been fully determined.
Robinson-Brown suggested that the person responsible for the illicit mailings may not have used TigerNet, the online community of the Alumni Association, to obtain the addresses of members of the Class of 1994.
Though TigerNet features an online directory where alums can post their home and work contact information, TigerNet imposes a limit of 50 searches per 24 hours for each username, making "the creation of lists of alumni more difficult for unauthorized use," according to the TigerNet website.
It is possible that the author of the letters obtained the alumni addresses from another source, Robinson-Brown said in an email.
"There is no easy way to extract data from TigerNet and doing so would be a painstaking process," she said. "The same information is available in printed alumni directories and other sources, such as yearbooks and reunions books."
Though TigerNet was created to "generate a sense of community" and is open to alumni as well as current students and faculty, the website has adopted policies to curtail abuse of the system.
"For example, information from TigerNet cannot be used for political or commercial solicitations," Robinson-Brown said in an email.
When users occasionally do abuse these policies, "the offending party is notified and immediately ceases and desists such activity," Robinson-Brown said in an email. "We have never had to take legal action against a TigerNet user."
Read More
USG leaders present on upcoming elections, votes on proctoring, mental health initiative
Gray CollinsUndergraduate Student Government (USG) leaders presented on the spring election cycle, the Mental Health Committee's 'One Too Many' initiative, and the upcoming faculty vote on proctoring at Sunday's Senate meeting.
Undergraduate Student Government (USG) leaders presented on the spring election cycle, the Mental Health Committee's 'One Too Many' initiative, and the upcoming faculty vote on proctoring at Sunday's Senate meeting.
Jewish communities on campus celebrate Passover, host Seder dinners
Danielle BurkeJewish communities across campus celebrated Passover through numerous celebrations, including hosting Seder dinners.
Jewish communities across campus celebrated Passover through numerous celebrations, including hosting Seder dinners.
N.J. Governor to move to Princeton mansion with ties to the U.
Luke GrippoGovernor of New Jersey Mikie Sherrill will be moving to Drumthwacket Mansion in Princeton. She will be the first governor in 22 years to reside in the mansion and is expected to change her voter registration to Princeton.
Governor of New Jersey Mikie Sherrill will be moving to Drumthwacket Mansion in Princeton. She will be the first governor in 22 years to reside in the mansion and is expected to change her voter registration to Princeton.