Information Technology Services has identified a security vulnerability that may occur when users log into websites via an unsecured wireless network. The vulnerability allows a malicious person to easily capture your personal logon information over Wi-Fi. It is important to note that this risk is not related to the PSU network only. The vulnerability can be exploited on any unsecured wireless network around the globe. It is a serious security risk and proactive steps should be taken to secure your personal information anytime you use Wireless.
Here is how it works: If a website is not secure, it keeps track of who you are through a “cookie” which contains identifying information for that website. The vulnerability is exploitable via an easy to use tool that allows a malicious person to grab these cookies over the wireless network and then masquerade as you.
Think about this a minute – Anytime you’re using an unsecured Wi-Fi connection, anyone can quickly access some of your most private, personal information and correspondence (i.e. direct messages, Facebook, Twitter, mail/chat) at the click of a button, and you will have no idea it is happening — Once they have access to your account information, they could make posts as you, read and change personal/privacy settings, send messages or log you out. Some example websites that the exploit watches for are: Amazon, Basecamp, Cisco, Dropbox, Facebook, Flickr, Foursquare, Google, Gmail, Windows Live, Twitter, WordPress, and Yahoo.
ITS recommends that you begin using only Secure Wi-Fi connections immediately. On campus, there are secure Wi-Fi connections available for both Students and Faculty & Staff.
- Students should use the PSU Secure Student connection, which will require an access code upon first logon. That access code is: plymouth
- Faculty & Staff should use the PSU Secure Wireless connection; and will be asked to authenticate with their PSU username and password.
ITS takes your personal data security very seriously. The establishment of these secure Wi-Fi networks is just our first step in helping you secure your data. Our next steps include working to secure other PSU based services both on and off the campus.
If you have questions or require assistance, please contact the Help Desk at 603-535-2929 or drop by the main Information Desk in Lamson Library.