Wednesday, October 14, 2009

Wile E. Wireless

Wile E CoyoteThe State Press recently released the article "Official: ASU wireless network open to hackers" in its October 9, 2009 edition. The article makes some good points on the importance of knowing how to protect yourself and your personal information online but may lead readers to believe that ASU's wireless network isn't safe to use. I'd like to re-assure the ASU community that every precaution is taken to ensure the safety of users on ASU's wireless network.

ASU's wireless network allows students, faculty and staff to connect to the Internet, My ASU, Blackboard and other ASU resources from anywhere, anytime. Because ASU's wireless network doesn't require a password, it is considered "unsecure," but this is no different than any other public Wi-Fi spot like your favorite coffee shop or cafe.

In general, wireless networks are typically less secure than wired networks, so there are precautions users should take with any wireless connection, even in one's home.

There will always be a Wile E. Coyote looking for a way to outfox users online, and this is true at just about any Wi-Fi location. The important thing to remember is that instead of getting scared, you simply need to use wireless networks safely while keeping your best interests in mind, which means knowing when and where to access personal information online and knowing how to avoid common trickery like phishing and email scams.

For more on information security at ASU, visit http://getprotected.asu.edu

As always, your comments and suggestions are welcome.

2 comments:

Chris Kurtz October 15, 2009 at 3:39 AM  

Good response here, Adrian! Any machine on a wireless network is vulnerable to others on the same network and should be protected by anti-virus, anti-malware/spyware, and above all decent firewall software.

Of course, the same should be true of any machine on *any* network!

Ryan Adams October 30, 2009 at 8:51 AM  

The original State Press article quotes Deputy University Technology Officer Max Davis-Johnson several times. For example the article state “Davis-Johnson said a program called Virtual Private Network (VPN) is available for free to students and staff on MyASU.” Anyone who has ever taken a CIS class at ASU should recognize that "VPN" refers to a technology, not a specific software product.
The article also states, "Scottsdale Community College student Jude Cross, 21, said he has successfully hacked into at least 15 to 20 Facebook accounts with relatively no difficulty," which in the context of the article would seem to imply that he is gathering FaceBook passwords by sniffing wireless traffic. FaceBook (like almost all major sites that require a login) uses SSL encryption for the login process. That means that even if a "hacker" (I hesitate to use that term when referring to Cross) was sniffing the wireless data, he still would not be able to just "see" a FaceBook user's password. On a side note, I find it curious that a person has admitted to using ASU's network to "hack" into private data on multiple occasions and none of the law enforcement agencies with jurisdiction have taken action.
The article above (Wile-e-wireless) does a good job of pointing out some common security measures, but perhaps the UTO should request the State Press publish a correction to the original article and straighten out the facts.