USC library offers students computer locks for rent

Students working at the University of Southern California’s Leavey Library now have the option of renting computer locks for their laptops at the circulation desk, as part of a pilot project started by USC Libraries to counter theft, reports the Daily Trojan. Students can rent locks and secure their laptops to stations on the second floor to prevent theft, said Hugh McHarg, executive director of communications and public programming at USC Libraries. “The idea came out of speaking with the Undergraduate Student Government. It wasn’t in response to any particular increase in theft,” McHarg said. The lock will reduce the risk of laptop theft if a student has to leave his laptop unattended while using the bathroom, taking a break, or getting some water or coffee, he said. Students will be able to rent the lock for four hours at a time, but if they want to use the locks for a longer period of time, they can go to the circulation desk and renew their rental. So far, about 30 students have already rented locks, McHarg said, and student reaction to the initiative has been positive…

Click here for the full story

…Read More

Michigan students prove vulnerability of online election site

University of Michigan students hacked a prototype voting web site and programmed it to play their fight song, prompting election officials to take the site down temporarily, reports the Associated Press. For the past week, the D.C. Board of Elections and Ethics has encouraged outsiders to try to find faults in the system, which was designed to allow some 950 military and overseas voters to cast ballots online. The system had not yet been put into effect, but officials had hoped to use it for the November election. A scaled-back version of the site was relaunched Oct. 5. The students had rigged the site to play the Michigan fight song “The Victors” after a ballot was submitted on a “Thank You” page.
Paul Stenbjorn, the board’s director of information services, said he didn’t bother listening—but the hack was exactly why officials asked for help testing the system. “This is why we did this. This was one of the objectives,” Stenbjorn said. Officials discovered the hack on Sept. 29 and pulled down the site Oct. 1. It went back up after the vulnerability was fixed. The relaunched site will allow voters to download ballots, but not cast them online as originally planned. Instead, they’ll have to mail, fax, or eMail them in. The system is still an improvement over past years, when overseas voters were sent their ballots by mail. Stenbjorn said he hopes to restore the ballot-casting feature in 2011…

Click here for the full story

…Read More

A strong password isn’t the strongest security

Elaborate requirements for account passwords might sound invincible, but experts say Americans aren’t paying enough attention to other online security threats, reports the New York Times. Make your password strong, with a unique jumble of letters, numbers, and punctuation marks. But memorize it—never write it down. And, oh yes, change it every few months. These instructions are supposed to protect us—but they don’t. Some computer security experts are advancing the heretical thought that passwords might not need to be “strong,” or changed constantly. They say onerous requirements for passwords have given us a false sense of protection against potential attacks. In fact, they say, we aren’t paying enough attention to more potent threats. Here’s one threat to keep you awake at night: Keylogging software, which is deposited on a PC by a virus, records all keystrokes—including the strongest passwords you can concoct—and then sends it surreptitiously to a remote location. “Keeping a keylogger off your machine is about a trillion times more important than the strength of any one of your passwords,” says Cormac Herley, a principal researcher at Microsoft Research who specializes in security-related topics. After investigating password requirements in a variety of settings, Herley is critical not of users but of system administrators who aren’t paying enough attention to the inconvenience of making people comply with arcane rules. Donald A. Norman, a co-founder of the Nielson Norman Group, makes a similar case. In an essay published last year, he noted the password rules of Northwestern University, where he then taught, was a daunting list of 15 requirements. He said unreasonable rules can end up rendering a system less secure: Users end up writing down passwords and storing them in places that can be readily discovered…

Click here for the full story

…Read More

Schools beef up security for web applications

Colleges are using web apps for more than just eMail.
Schools and colleges are using web apps for more than just eMail.

K-12 schools and colleges are adding extra layers of security to web applications that are being used for everything from eMail service to group assignments. The extra security is particularly desired as administrators use the applications to store sensitive information that could compromise student and faculty privacy.

Google Apps has risen to prominence in education’s move toward web-based tools that store massive amounts of data and allow for collaboration. Google announced in February that 7 million students—about half of all college students in the U.S.—now use the company’s applications, such as Google Sites, Google Docs, and Gmail.

With invaluable information stored online and vulnerable to any hacker who can figure out a single password, administrators are looking for ways to ensure that student and educator data are kept safe with more complex security methods.…Read More

Botnets continue to threaten campus networks

A network of more than 70,000 botnets were recently discovered in government and business computers.
A recently discovered botnet of more than 70,000 machines included many government and business computers.

Web security experts say campus IT officials should stop using students’ Social Security numbers as identifications, because about 5,900 known botnets have stolen valuable information from computers in many sectors, including higher education.

Shadowserver, an organization that tracks botnet incidents in governments, education, and the private sector, unveiled the running tally of botnets days before security firm Symantec released a report March 2 showing a 5.5 percent hike in spam eMail last month, spurred mostly by botnets. Spam now accounts for 90 percent of all eMail sent within the U.S., Symantec said.

A single botnet, called Grum, is responsible for 26 percent of worldwide spam, according to the Symantec report. The harmful spam messages were mostly disguised as pharmaceutical eMails.…Read More