Re: University credentials used by third parties

[Martin Manjak <mm376 () ALBANY EDU>]

Many public institutions have a prohibition against commercial use of
campus resources. That should provide sufficient justification to block
any access on the part of Ultrinsic to course management systems or
other repositories of educational records.
Marty

On 8/17/2010 1:12 PM, Justin Sherenco wrote:
> Hello,
>
> Recently a local on-line news site
> (http://www.annarbor.com/news/university-of-michigan-students-can-wager-on-grades-via-website/)
> wrote an article about a new website that lets students bet on their own
> grades.  The betting aspect aside I was intrigued by this line “they
> have to register and upload their schedules to grant the site access to
> school records.”  To investigate further I went through the account set
> up process and found that the student has the option to allow the site
> to automatically download their student records (see attached
> ultinsic2.jpg).  It actually asks for their academic user name and
> password!  EMU is currently not on their list of supported schools but
> they mention will be rolling out nationally.  We have policies and
> standards in place that say don’t give out you password and in my
> opinion giving credentials to this site would violate them.  Are there
> any other Universities investigating the use of usernames and passwords
> used by third party web applications not sanctioned by the University?
>  Any talk on actually blocking a site like this from automatically
> logging in (system stability/privacy/security issues?) or is this more
> of users choice? 
>
>  
>
>  
>
> Regards,
>
> Justin
>
>  
>
> -------------------------------------
>
> Justin Sherenco, CISSP
>
> Easten Michigan University
>
> Security Analyst
>
> http://it.emich.edu/security
>
>  
>
>  
>
>  

-- 
Martin Manjak
Information Security Officer
University at Albany
CISSP, GSEC, GCWN