Educause Security Discussion mailing list archives
Re: University credentials used by third parties
From: Martin Manjak <mm376 () ALBANY EDU>
Date: Wed, 18 Aug 2010 09:50:19 -0400
Many public institutions have a prohibition against commercial use of campus resources. That should provide sufficient justification to block any access on the part of Ultrinsic to course management systems or other repositories of educational records. Marty On 8/17/2010 1:12 PM, Justin Sherenco wrote:
Hello, Recently a local on-line news site (http://www.annarbor.com/news/university-of-michigan-students-can-wager-on-grades-via-website/) wrote an article about a new website that lets students bet on their own grades. The betting aspect aside I was intrigued by this line “they have to register and upload their schedules to grant the site access to school records.” To investigate further I went through the account set up process and found that the student has the option to allow the site to automatically download their student records (see attached ultinsic2.jpg). It actually asks for their academic user name and password! EMU is currently not on their list of supported schools but they mention will be rolling out nationally. We have policies and standards in place that say don’t give out you password and in my opinion giving credentials to this site would violate them. Are there any other Universities investigating the use of usernames and passwords used by third party web applications not sanctioned by the University? Any talk on actually blocking a site like this from automatically logging in (system stability/privacy/security issues?) or is this more of users choice? Regards, Justin ------------------------------------- Justin Sherenco, CISSP Easten Michigan University Security Analyst http://it.emich.edu/security
-- Martin Manjak Information Security Officer University at Albany CISSP, GSEC, GCWN
Current thread:
- Re: Back on topic.... Re: [SECURITY] Universitycredentials used by third parties, (continued)
- Re: Back on topic.... Re: [SECURITY] Universitycredentials used by third parties Adam Carlson (Aug 25)
- Experience with EPO and endpoint encryption David Grisham (Aug 25)
- Re: Experience with EPO and endpoint encryption Gibson, Nathan J. (HSC) (Aug 25)
- Re: Back on topic.... Re: [SECURITY] University credentials used by third parties Jesse Thompson (Aug 25)
- Re: Back on topic.... Re: [SECURITY] University credentials used by third parties Mike Porter (Aug 25)
- Re: Back on topic.... Re: [SECURITY] University credentials used by third parties Darren Fallis (Aug 24)
- Re: University credentials used by third parties Greg Schaffer (Aug 17)
- Re: University credentials used by third parties Flynn, Gary - flynngn (Aug 17)
- Re: University credentials used by third parties Paul Kendall (Aug 18)
- Re: University credentials used by third parties Bradley, Stephen W. Mr. (Aug 18)
- Re: University credentials used by third parties Bristol, Gary L. (Aug 18)
- Re: University credentials used by third parties Ken Connelly (Aug 18)
- Re: University credentials used by third parties Guy Pace (Aug 18)
- Re: University credentials used by third parties Nate johnson (Aug 18)
- Re: University credentials used by third parties Allison Dolan (Aug 18)
- Re: University credentials used by third parties Mark Boolootian (Aug 18)
- Re: University credentials used by third parties Becker, Gerald D (Aug 18)
- Re: University credentials used by third parties Joel Rosenblatt (Aug 18)