Campus IT: PeopleSoft not to blame for security
breach
By Inga Lukaviciute
The Collegian
Cookies were most likely to
blame for the online security problem discovered by The Collegian staff
in late August, campus Information Security Manager Rafael Villegas said.
As reported on Aug. 24, one staff member logged onto her “My Fresno
State” account to check her weekly schedule, and brought up the
schedule of the previous user.
Concerned about online security, The Collegian staffers conducted an experiment.
They logged onto the “My Fresno State” portal from different
computers in The Collegian office and the Peters Building computer lab
and found the same security problem occurred on other Macintosh computers.
“We do testing on our system (PeopleSoft) all the time and this
shouldn’t have happened,” said John Briar, interim director
for Campus Information Systems.
If the first user did not log off and close all the browser windows, it
was possible that some information from the user was still stored on the
computer and got accessed, Briar said.
“I don’t believe this is a PeopleSoft issue,” Villegas
said. “It has to do with cookies.”
Cookies are the files where some Web sites store information on a computer.
There are different kinds of cookies, and they may or may not be a privacy
concern, Villegas said.
The Collegian reporters used
the same browser window to log on to their campus accounts. Even though
the first user logged out of the application after using it, it was not
enough to guarantee online security, Villegas said.
“If the browser window is still open you can pick up on any information
left behind,” he said. Temporary cookies store information for a
current browsing session and get deleted from the computer only after
the browser window is closed.
The problem occurred only on Macintosh computers and not on the personal
computers in the Peters lab. However, the problem on Macintosh computers
was eliminated after the browser window was closed in between the users.
“It is not a Macintosh versus a PC problem,” Villegas said.
“The same could happen on a PC computer as well if the user forgot
to log out and close the browser window. It depends on which Internet
browser is used and the cookie settings on the computer.”
People using public or shared computers usually cannot change cookie settings
to make online activity safer.
“It is important,” Villegas said, “to follow the browser
directions to sign out, and make sure to always close all the browser
windows to prevent being tracked down.”
“When I log in and log out I worry if other people can get in and
change stuff,” sophomore chemistry major Foua Vang said. She uses
the computer lab frequently, and has encountered instances when she goes
online to check one of her accounts and someone else’s account opens
up. To be safe, Vang said, she always closes everything and then goes
back to double-check that she is logged out.
Many browsers come with security systems asking users to log out, but
it is equally important to close all the browser windows after using a
shared or public computer, Villegas said.
Technicians in campus computer labs update the security systems on the
computers periodically. In case of big security vulnerability, the Information
Technology Systems office sends out notices explaining what the problem
is and how to fix it, Villegas said.
|
