Educause Security Discussion mailing list archives
Re: NCAA ?!
From: "Christopher E. Cramer" <chris.cramer () DUKE EDU>
Date: Tue, 24 Jan 2006 12:12:32 -0500
Interesting. It looks like you can use SSL and the link for student login/registration does use https. Have you tried contacting them? Perhaps they're willing to redirect all requests to the SSL encrypted version. Given the sensitivity of the data and that they have SSL available and even use it for the student login suggests that they might be willing to make that change. -c -- Christopher E. Cramer, Ph.D. University Information Technology Security Officer Duke University, Office of Information Technology 334 Blackwell St., Suite 2106, Durham, NC 27701 PH: 919-660-7003 FAX: 919-668-2953 CELL: 919-210-0528 On Tue, 24 Jan 2006, Chad McDonald wrote:
Are any of you using NCAA Clearinghouse? An audit of our athletic department revealed that the site does not use ssl or any other mechanisms for security other than username and password. I find this disturbing and hope that one of you has already crossed this bridge and has a solution. The URL in question is http://ncaaclearinghouse.net . For those of you who are unfamiliar with NCAA, this site is the data mart for high school and college athletes. They track SSNs, grades, and other such info needed to ensure eligibility to play sports. Chad McDonald, CISSP Chief Information Security Officer Georgia College & State University Phone 478.445.4473 Cell 478.454.8250 Fax 478.445.1202 Email chad.mcdonald () gcsu edu
Current thread:
- NCAA ?! Chad McDonald (Jan 24)
- <Possible follow-ups>
- Re: NCAA ?! Christopher E. Cramer (Jan 24)
- Re: NCAA ?! Kevin Shalla (Jan 24)
- Re: NCAA ?! H. Morrow Long (Jan 24)