From: Debra Bartling (debrab_at_uclink.berkeley.edu)
Date: Wed Aug 27 2003 - 10:03:28 PDT
I'm forwarding a message from one of our staff members. Sorry to bring up
blu again, but I am REALLY CONCERNED! Is anyone doing a security audit on
applications like this?
>I don't know whether you've tried this yet, but I just set myself up on
>our spiffy new site called blu (blu.berkeley.edu), having no choice, as
>there are several things I can't access without it. This evidently uses
>the same authentication as CalNet, since your CalNet ID is used to get you
>in to your "personal" page.
>
>Well, so I clicked on "personal information," and what to my wondering
>eyes appeared but my SS# and DOB. Among other things that I DON'T NEED TO
>BE TOLD, and don't want to see unnecessarily, no matter how "secure" the site.
>
>I am going to send a note to that effect to the blu people, and I wanted
>to know whether you and your security maven friends were aware of this
>latest item, and whether there's a movement yet to stamp it out.
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
This archive was generated by hypermail 2.1.5 : Wed Aug 27 2003 - 11:21:49 PDT