Google
 

Internet Security in a Public Computer Site

(9/13/2006)

    Today I was in shock when I accidentally discovered a serious security flaw with the computer system of Hale Library, the main library of Kansas State University. I use USA Datanet at home. Because the speed of my computer is not as fast as the computers on campus, I often check my e-mail at school. Sometimes I also check my stock brokerage account at the library. This month both my refrigerator and my copier broke. They were too old to be worth repairing, so I had to buy new ones. Thus, I had to sell some stocks to pay my credit card bill. The due date of my bill was still a month away, but I wanted to consider which stock to sell. At first, I chose Company A. After I logged out of my brokerage account, a second thought inspired me to check Company B. So I tried to log in again. Before I finished typing the web address of my brokerage company, I found that my computer history appeared in the URL dropdown box. I clicked one of these web addresses and discovered that by clicking my computer history I could access my brokerage account and my e-mail without using my password. I was shocked. This security flaw is equivalent to a bank leaving its cash on the street. I desperately tried to erase my web history, but I found I did not have the authority to do so. The access management is controlled by the Computing Network Services. Therefore, I chose the start button and logged off the Workstation. After I logged in as a library guest, I finally found my history was erased. This incident prompted me to think about internet security. A public library should do its best to protect its patron's security. Of course, this was an instance of negligence by CNS. Although the computer field is very broad, the staff in CNS should at least understand the important features that have the potential to cause security problems. I am not against the history feature. Actually, I always access my favorite music websites through my computer history at home because I cannot remember their long web addresses. However, the U.S. government should not permit a web browser to retain the history of any secured web address (https). Otherwise, the browser will endanger public security. Any e-mail should be put under a secured web site. After a computer user exits from the internet, KSU Library should warn him or her with a message box: "You should either shut down or log off the Workstation. Otherwise, other people may access your e-mail or your bank account."The negligence that occurred at Kansas State University can also happen at other public computer sites. A bank or a brokerage company should warn its clients to be careful in accessing their accounts in a public computer site. An ounce of prevention is worth a pound of cure.