<%@ page contentType="text/html; charset=iso-8859-1" language="java" import="java.sql.*" errorPage="" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><!-- InstanceBegin template="/Templates/article_news.dwt.jsp" codeOutsideHTMLIsLocked="false" -->
<head>
<!-- InstanceBeginEditable name="doctitle" -->
<title>Collegian &#8226; News &#8226; Security</title>
<!-- InstanceEndEditable -->
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<link href="../../../../../stylesheets/collegianstyle.css" rel="stylesheet" type="text/css">
<link href="../../../../../stylesheets/links.css" rel="stylesheet" type="text/css">
<!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable -->
</head>

<body>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="575">
  <!-- fwtable fwsrc="thecollegian.png" fwbase="thecollegian.jpg" fwstyle="Dreamweaver" fwdocid = "742308039" fwnested="0" -->
  <tr>
    <td colspan="3"><a href="../../../../../default.html"><img name="banner_main" src="../../../../../images/banner/banner_main.jpg" width="575" height="58" border="0" alt="The Collegian"></a></td>
  </tr>
  <tr>
    <td width="10" valign="top"></td>
    <td width="343" valign="bottom"><p class="date"><!-- InstanceBeginEditable name="date" --><a href="default.html">12/05/03 &#8226; Vol.
            127, No. 41</a><!-- InstanceEndEditable --></p></td>
    <td width="222" valign="top"><a href="../../../../../default.html"><img name="banner_rtcorner" src="../../../../../images/banner/banner_rtcorner.jpg" width="222" height="17" border="0" alt=""></a></td>
  </tr>
</table>
<table width="575" border="0" align="center" cellpadding="0" cellspacing="0" id="topnav">
    <tr>
      <td id="topnav"><p><a href="../../../../../default.html">Home</a>&nbsp;&nbsp;<!-- InstanceBeginEditable name="sections" --><jsp:include page="../../../../nav/news.jsp" flush="true" /><!-- InstanceEndEditable -->&nbsp;&nbsp;<a href="../../../../../gallery">Gallery</a>&nbsp;&nbsp;<a href="../../../../../advertise">Advertise</a>&nbsp;&nbsp;<a href="../../../../../archive">Archive</a>&nbsp;&nbsp;<a href="../../../../../aboutus">About
            Us</a></p>
      </td></tr>
</table>
  
<table width="575" border="0" align="center" cellpadding="0" cellspacing="0" class="storyText">
  <tr align="left" valign="top">
    <td>
      <table width="150"  border="0" cellpadding="5" cellspacing="0" id="storiesnav">
        <tr>
          <td align="left" valign="top" id="storiesnav"><a href="default.jsp">News</a> </td>
        </tr>
        <tr>
          <td align="left" valign="top"><!-- InstanceBeginEditable name="sectionheadlines" -->
            <p><a href="web.jsp">Web Security holes fixed, techs say</a></p>
            <p><a href="britney.jsp">Britney Spears plans March stop in Fresno</a></p>
            <p><a href="quilt.jsp">A view of AIDS</a></p>
            <p><a href="children.jsp">Childrens books head to library</a></p>
            <p><a href="students.jsp">Students gov't approves idea of 'quiet
                room'</a></p>
          <!-- InstanceEndEditable --></td>
        </tr>
      </table>
    <!-- InstanceBeginEditable name="storybody" -->
      <h1>Web security holes fixed, techs say</h1>
      <p class="subhead">Student reported unprotected pages on campus web sites</p>
      <p class="byline">By Tracey Robertson</p>
            <p>A glitch in the Fresno State computer system made it possible for anyone
        with some computer savvy and the right software to tap into confidential
        information such as student grades and financial aid records, said a
      Fresno State computer science student who wishes to remain anonymous.</p>
      <p> Officials say the problem has been fixed, adding that it is very unlikely
        that any records were compromised. The student said he reported the breach
        to University President John Welty&#8217;s office more than a month ago.
        He added that he is not sure if unauthorized users had accessed any information
        during that time but that the problem was commonly known among students
      in his department.</p>
      <p> A computer engineering senior, who also asked that his name not be
      used, backed The Collegian source. </p>
      <p> &#8220;
        I realized there were security problems when the system came online,&#8221; he
        said. &#8220;I reported the problem to the information technology department
      but nothing was done.&#8221;</p>
      <p> California Senate Bill 1386, dealing with state privacy and security
          laws, states that covered parties must disclose any breach of the security
          of personal data to any resident of California whose unencrypted personal
          information was, or is reasonably believed to have been, acquired by
        an unauthorized person.</p>
      <p> John Briar, interim director of campus information systems, said he
        became aware of the problem because of the student&#8217;s report to Welty.
        He said that the university&#8217;s staff started looking at how to fix
        it the very next day, and that a new, secure login page has remedied
      the problem.</p>
      <p> Until the login was moved Nov. 6, students and staff were prompted
        to enter their username and password on a non-secure page. Using a network
        troubleshooting program, the student said it was possible to access usernames
        and passwords from various campus and remote locations. With that information,
        someone could tap into a student&#8217;s financial aid information, manipulate
      grades and ultimately commit fraud, he said.</p>
      <p> Briar and Campus Information Security Manager Rafael Villegas both
        said it would have been virtually impossible for people to access the
        information
        unless they were on the school&#8217;s network in the library, or at
      another shared location on campus.</p>
      <p> Briar blamed the security hole on an update to PeopleSoft, the university&#8217;s
        main software system, for the security problem but added that he is not
      sure when the breach occurred.</p>
      <p> &#8220;
        I thought the information was going to be encoded,&#8221; Briar said,
        describing how passwords and user identifications are transmitted in
        code, rather than clear text, to protect user information. Briar admitted
      that in the wrong hands, there could have been major ramifications.</p>
      <p> The mycsufresno.edu part of the system was launched using existing
        usernames and passwords to simplify the transition, and to use one common
        directory,
          Briar said. To prevent security pop-up messages, he said it was easier
        to start the login on a non-secure page. </p>
      <p> Several areas of the campus system use the same directory, Briar said.
          Other programs that use the same identifications and passwords include:
          PeopleSoft, Blackboard, the wireless access program, and campus e-mail
        systems.</p>
      <p> According to Briar and Villegas, security problems with those sites
      have been fixed. </p>
      <p> As part of the university&#8217;s effort to keep up with online security
        issues, Villegas and others, including Briar, initiated a security assessment
        program about five months ago. He said the group is charged with identifying
        the school&#8217;s resources, figuring out how to protect them, and preventing
      unauthorized people from using the system.</p>
      <p> &#8220;
        I believe we are making every attempt to keep up with security,&#8221; Villegas
        said. &#8220;We know that the process is integral to campus and that
        it&#8217;s a never-ending cycle.&#8221; Villegas and his group expect
        to finalize a security report for Welty, including recommendations for
      the future, by the beginning of next semester. </p>
      <p> Computer users, including students and staff, can aid the university&#8217;s
        security effort by doing their part, Villegas said. He reminded online
        users to update their operating and virus protection systems regularly,
        abstain from opening unknown attachments, change their passwords often,
        and use strong passwords that contain a combination of letters and numbers.
        Additional concerns about online security can be directed to: security@csufresno.edu,
      Villegas said.</p>
      <p> The Collegian&#8217;s anonymous source has some additional advice: &#8220;Students
        should avoid logging into their school accounts from anywhere but at
        home,&#8221; he said. &#8220;This will decrease the likelihood that their
      password and information could be compromised.&#8221;</p>
    <!-- InstanceEndEditable --></td>
  </tr>
</table>

<table width="575" border="0" align="center" cellpadding="0" cellspacing="0" id="footer">
  <tr align="center">
    <td colspan="2">&nbsp;</td>
  </tr>
  <tr align="center">
    <td id="footer" colspan="2"><p><a href="javascript:history.go(-1);">Back</a>&nbsp;&nbsp;<a href="../../../../../aboutus/disclaimer.html">&nbsp;Disclaimer</a>&nbsp;&nbsp;<a href="../../../../../aboutus/policy.html">Policy</a></p>
    </td></tr>
</table>
</body>
<!-- InstanceEnd --></html>