FRIDAY,FEBRUARY7,2003
NEWS
THE UNIVERSITY DAILY KANSAN 3A
Hacking experts say KU computer systems easy to crack
By Henry C. Jackson
cjackson@kansan.com
kansas staff writer
Cory Bosley isn't surprised the University of Kansas is having hacking problems.
In fact, he said last month's hacking of the personal information of 1,450 international students from a University test file would not have been too hard to pull off.
"I could have probably done this," Bosley, Topeka sophomore, said.
Bosley has dabbled in hacking and worked as a systems administrator at Harvard University. He now monitors security for a Michigan Web hosting company.
But Bosey is confident that even people without his level of expertise could have hacked into the University's systems.
Perry Alexander, associate professor in electrical engineering and computing services, said that using Microsoft systems absolutely made KU's network more susceptible to hacking.
"Microsoft systems have a high level of usability, functionality." Alexander said. "Securing their systems take away from their functionality."
KU officials attributed last month's hacking incident to the Microsoft operating system.
David Molnar, Harvard University student and security consultant for several Web companies, said Microsoft systems didn't necessarily have more holes than other operating systems such as Macintosh or Linux. Rather, the problem is in the popularity of Microsoft systems. Molnar said. Because more people use Microsoft systems, more people can hack into them.
In waging war against hacking, universities typically struggle to meet a balance between protecting files and keeping computer systems open for academia, Bosley said.
"From my experience, systems administrators at universities are wary of taking extra security measures — like firewalls — that might better protect them," Bosley said. "Academic environments are typically more open. You'd have to give something up for more security."
Alexander said systems used by the federal government didn't typically face hacking incidents like KU's because they did not have to keep their networks as open.
"Government networks leave no way to get from the network we use to the network they use," Alexander said.
Jeff Lanza, special agent in the FBI's Kansas City office, said the investigation was progressing.
At universities, the desire to share information often takes precedence over the need to secure data, Alexander said.
"We're following on the trail and awaiting information that has been requested." Lanza said. "Everyone is cooperating."
While the FBI is optimistic about finding who was behind KU's hacking, Alexander said he
was unsure a balance between security and accessibility could be found.
Bosley said balancing how open to make a system with security concerns was an age-old battle that could be both time consuming and arduous. The correct balance between system security and system access has not been found, he said.
"You can stop all the car accidents in the world by taking away everyone's keys," Alexander said. "It's always going to be a question of what you're willing to give up."
Edited by Michelle Burhenn
Senate bill aims to prevent identity theft
Measure seeks more identification when applying for driver's license
By JJ Hensley
jhensley@kansan.com
kansan staff writer
The Kansas Senate passed a bill last week to help authorities prevent identity theft.
The bill would require state residents applying for a driver's license to provide a social security number or taxpayer identification number.
After July 2004, the bill would require a color photograph of the applicant be taken and verified before it is put on the license.
All of the information will be stored in a Department of Motor Vehicles database.
The bill is awaiting approval in the state house before being sent to the governor for ratification.
Now residents can prove their
identity by providing a document such as a birth certificate or expired license along with one other form of identification ranging from a diploma to a hunting license to a KUID.
"I supported it because people need to prove evidence of a social security number in light of what's been going on the last few years," said Sen. Mark Buhler, (R-Lawrence). "This is just another way to confirm that you are who you say you are."
Although the bill is intended to make identity theft more difficult, the bill's opponents think storing all that information in one system could be a target for identity theft like the test files that were hacked into last month at the University of Kansas.
Sen. Kay O'Connor (R-Olathe) said she was concerned that more people could access the information.
But the potential for hacked identity thefts isn't the only part of the bill that causes concern for O'Connor and other opponents.
"I supported [the bill] because people need to prove evidence of a social security number in light of what's been going on the last few years,"
Mark Buhler State Senator
A provision in the Senate version would allow the state Child Support Enforcement Office access to the social security numbers of driver's license applicants to track down those who owe child support.
Janet Schalansky, secretary of the Department of Social and Rehabilitation Services, told senators that Kansas was already out of compliance with federal child support legislation because that office doesn't currently have access to the social security numbers.
If Kansas remains out of compliance, the state risks losing $31
million a year in federal funding. Schalansky said.
"I don't like being blackmailed by the federal government who are threatening to withhold aid from us if we don't comply on this," O'Connor said. "Ninety percent of the population who aren't deadbeat dads don't need this information out there for the SRS and people besides the SRS to see. But we don't need a national ID card."
Although those federal dollars are a lucrative draw in these tight economic times, finances weren't the final straw in making Buhler one of 32 senators who voted in favor of the amendment. It was making Kansas more secure.
"Nationally there's obviously a heightened interest in these issues," Buhler said.
"Locally it maybe doesn't apply as much right now, but it could help prevent something like that from happening here in the future."
Edited by Michelle Burhenn
University launches new security Web site
By Jessica Hood jhood@kansan.com Kansan staff writer
The recent hacking of student files at the University of Kansas has spurred the early launch of a new Web site on information security.
The site, www.security.ku.edu, is an effort to help students protect themselves against identity theft and other security attacks. The Web site was launched Jan. 29.
The Web site includes information on what to do if there is reason to suspect identity theft and 10 tips to protect against identity theft.
"This site is one aspect of a security awareness program," said Jenny Mehmedovic, coordinator for information technology policy. "We're trying to position it as the central resource on the subject."
The site also includes a link to the University's site about identity theft. The identity theft Web site provides resources and a contact list for students who think their identities may have been stolen.
Melanie Curtis, Pratt senior, is unsure of how effective a Web site
will be in helping students in the area of identity theft.
"It's a good first step for the University." Curtis said. "But a Web site can only provide so much information. A resource office on campus maybe be a good direction for KU to look toward."
Mehmedovic said the University had been planning to create the Web site since last fall. Because of the hacking, she said, the University moved up the launch date about a month.
"We wanted to go ahead and roll it out let students know that materials were coming," she said.
The Web site is still under construction,but, once completed,it will contain information on security information,the rules of computer usage at the University and tools for protection of a computer.
Students should check the site frequently during the next month to see what has been added, Mehmedovic said. The Web site will continue to be updated over the next few months, she said.
Edited by Michelle Burhenn
CUT IT OUT!
---
Campus coupons coming soon to a Kansan near you
Red Lyon Tavern
944 Mass.
832-8228
Burn those Bulges!
Check out Herbalife products and don't worry about showing your blubber to the boys on the beach this spring break.
842-8201 toll free: 1-888-570-5460 ex. 601
- Mention This ad for 15% off=
Herballife, it's more than just weight loss www.thinimage.com
- UNDER NEW OWNERSHIP -
COME SEE OUR NEW DANCERS!
WEDNESDAY: $2 EVERYTHING WE MEAN EVERYTHING
SUNDAY: $2 WELLS
$2 DOMESTIC BOTTLES
MONDAY: SERVICE INDUSTRY NIGHT
$1 WELLS ALL NIGHT
TUESDAY: 2 FOR 1 TUESDAY
2 FOR 1 COCKTAILS ALL NIGHT
WHATEVER YOUR FLAVA
THURSDAY: BOTTOMLESS WELLS
PAY $25 AT THE DOOR AND
DRINK ALL NIGHT ON US!
NEW WEEKLY SPECIALS
FRIDAY: $2 SHOTS ALL NIGHT
SATURDAY: $2 SHOTS ALL NIGHT
NOW HIRING: EARN UP TO $500 A NIGHT!
913 N 2nd St Lawrence, KS 785-841-4122 Free cover with this ad! (21 & over)