Today I was in shock when I accidentally discovered a serious security flaw
with the computer system of Hale Library, the main library of Kansas State
University. I use USA Datanet at home. Because the speed of my computer is not
as fast as the computers on campus, I often check my e-mail at school. Sometimes
I also check my stock brokerage account at the library. This month both my
refrigerator and my copier broke. They were too old to be worth repairing, so I
had to buy new ones. Thus, I had to sell some stocks to pay my credit card bill.
The due date of my bill was still a month away, but I wanted to consider which
stock to sell. At first, I chose Company A. After I logged out of my brokerage
account, a second thought inspired me to check Company B. So I tried to log in
again. Before I finished typing the web address of my brokerage company, I found
that my computer history appeared in the URL dropdown box. I clicked one of
these web addresses and discovered that by clicking my computer history I could
access my brokerage account and my e-mail without using my password. I was
shocked. This security flaw is equivalent to a bank leaving its cash on the
street. I desperately tried to erase my web history, but I found I did not have
the authority to do so. The access management is controlled by the Computing
Network Services. Therefore, I chose the start button and logged off the
Workstation. After I logged in as a library guest, I finally found my history
was erased. This incident prompted me to think about internet security. A public
library should do its best to protect its patron's security. Of course, this was
an instance of negligence by CNS. Although the computer field is very broad, the
staff in CNS should at least understand the important features that have the
potential to cause security problems. I am not against the history feature.
Actually, I always access my favorite music websites through my computer history
at home because I cannot remember their long web addresses. However, the U.S.
government should not permit a web browser to retain the history of any secured
web address (https). Otherwise, the browser will endanger public security. Any
e-mail should be put under a secured web site. After a computer user exits from
the internet, KSU Library should warn him or her with a message box: "You should
either shut down or log off the Workstation. Otherwise, other people may access
your e-mail or your bank account."The negligence that occurred at Kansas State
University can also happen at other public computer sites. A bank or a brokerage
company should warn its clients to be careful in accessing their accounts in a
public computer site. An ounce of prevention is worth a pound of cure.