School server.

[Construct]

I was interested to see how secure my information is on my school network. So I run nslookup on my school's webmail domain, and proceed to run a port scan with nmap. I have found a number of services running on this server. Well over 12 ports are open ranging from finger to msrpc and is even opened up wide for the gnutella network. This is extremely unerving considering the shear amount of sensitive data that they hold on their network. Our SS# is our student ID on the computer database. All new passwords are set to your birthday which also inherintly insecure.

I was going to share the name of the server with you but now that I think about it, I'm going to keep that info to myself. But what should I do? There is no contact information on the webmail site. No feedback options what so ever.

Any help is greatly appreciated.

[sarumont]

What type of school is it? Public? University?

I'd head up to the administration building and talk to someone about it. Basically express your concern at their apparant lack of security on their servers.

[Construct]

It's a community college. I think I'll bring it up with the head of the Computer Engineering department and see what he thinks.

I've yet to see how much he really knows about computers, so my efforts may still remain fruitless. At that point I will probably seek out some one in the school administration.

Thanks for your response.

[sarumont]

It's a community college. I think I'll bring it up with the head of the Computer Engineering department and see what he thinks.

I've yet to see how much he really knows about computers, so my efforts may still remain fruitless. At that point I will probably seek out some one in the school administration.

Thanks for your response.

I've found that even CS proffessors can know little about computers in general as long as they know CS theory. It pisses me off (I ranted about it on the forums last fall ), but it's very common.

Good luck with it!

[jledhead]

might be hard, but you could try and ask the head of the department in front of someone else important, so they can't just brush you off

[adrenaline]

This is extremely unerving considering the shear amount of sensitive data that they hold on their network. Our SS# is our student ID on the computer database. All new passwords are set to your birthday which also inherintly insecure.

Any help is greatly appreciated.

If I were you I wouldn't ever give out that information as passwords. I would lie or tell them that they can't have that information because that is very dangerous. You are saying that all the students that know each other knows the username and passwords, or can be figured out very easily. I would bet though that if this is a M$ server you could probably go in and change your passwords or call someone. I am with you that sucks.
I think I would close my account or see if you could forward your school email to your more secure mail at home.

Good Luck
Mike