Citi, Tony Blair, and the Senate have all been hacked. Don’t let the women of Barnard be next! We already told you why it was important that you use encrypted WiFi, back when Columbia launched its secure network. Directions on how to log in to “Barnard Secure” are included in the e-mail to students below. Columbians on the Barnard campus can also log in using their UNIs.

Dear members of the Barnard community,

As part of our ongoing efforts to make critical technology simpler and more straightforward to use, BCIT is making changes to our wireless network. You will need to change your configuration if you are currently using any of the Barnard wireless services. We ask you to bear with this change in light of the overall benefit it will bring to the community as a whole.

As of Tuesday, June 7th, here are the changes you should be aware of:

* Current faculty, staff, and students should connect to the new, single secure wireless network, which will identify itself to your wireless device as “Barnard Secure.” You will still use your Barnard account username and password to authenticate to it. Instructions to set up a profile for this network can be found at: http://www.barnard.edu/wireless. (After you have set this up, you may remove any old profiles such as “Barnard Quad,” “Barnard Main Campus,” etc.)

* Members of the Columbia community who are on the Barnard campus may also follow these directions, but should log in with their full Columbia email address and their UNI password.

Read more…

If you didn’t get a chance to pick up a copy of the May issue of The Blue & White on campus, you can still peruse the highlights on Bwog. The interview with Brian Greene and musings on metabolism are only the beginning, there’s much more to come! This month, senior editor Sylvie Krekow recounts her shockingly fictional run-in with the elite forces at a local grocery store—sampling cheese at Westside will never be the same.

Illustration by Liz Lee

“It’s something you have to train for,” said Nick. His dark, hard eyes were fixed on me from under his hat. Beneath his chiseled chin was a uniform that seemed just a little too crisp. I nodded, puzzled by the seriousness—I was just there to ask him a few questions about supermarket security. It’s not like I was asking about CIA secrets.

“Uh huh,” I replied, jotting down notes. “So… you have to train your employees? Is it a big problem?”

Nick’s eyes narrowed. “Shoplifting is a $30 billion a year business, and kids will take anything and everything. A girl once tried to walk out with $350 worth of cheese samples. Unbelievable. Westside is a family place,” he growled. This was turning from a Food Network special into a Sopranos episode. I ogled the bank of security camera monitors out of the corner of my eye. Cameras are a normal part of supermarkets, right?

“About this training process—what happens?” I stammered. “I heard about this kid—he got really drunk, and I heard he came here and used the same puffed rice cake to sample two cracker spreads. And, my point is, he got tackled and arrested 20 seconds later. That must take some serious training!”

Nick didn’t flinch. “We’re no different from any other store. We protect our merchandise. We watch it carefully, but that’s all. We’re a family place. Any more questions?”
Read more…

The Attack is Trivial

If you don’t switch over to using Columbia’s new secure wireless, you will be hacked. Accept that as a simple definitive statement. Breathe it; live by it; tattoo it onto your upper thigh. Security is a real issue, and until recently, hackers with a fairly limited skill-set could trivially camp out in Butler with an ordinary laptop and read your messages, emails, see some of your passwords, and hijack your Facebook account. To stress again: if you do not use secure Wi-Fi, hackers will mess with you.

So what’s the big deal? Well, while some websites use encryption of their own through a protocol suite called HTTPS (which you should have been using with Facebook already), the reality is that most websites fail to protect your account after you’ve logged in. This allows hackers to fire up programs like Wireshark and execute what’s called a “cookie hijacking attack.” In fact, the entire hack can be automated using novice tools like Firesheep.

The University has in the past offered another form of encryption called a virtual private network, which encrypts all your traffic and sends it through a central server, but this was only offered to faculty and staff. Over the past week, Columbia finally began offering wireless encryption using the WPA2 protocol, which allows all Columbians with UNIs to receive proper wireless encryption. This encrypted network isn’t available all over campus yet, but we’ve found it in Butler, Mudd, Schermerhorn, and a few dorms. It will presumably also be campus-wide soon. It’s protection—use it where you got it.

If you can’t figure out how to connect to the clearly marked “Columbia U Secure” network with your UNI and password, CUIT has put together a nice little automated wizard web page.

It’s about time.

Update 5/3: If you’re still having troubles connecting to the network, CUIT asks that you to let them know so they can help at askcuit@columbia.edu.

Hacking via Firesheep

More playlists from Columbia’s most beloved figures. This week, Raph Debenedetti got fist-bumping, jammin’ Carman security guard Michael Layne, aka Sir Mike‘s, Top 10.

1. Kind of Blue – Miles Davis
2. Blowin’ In The Wind – Bob Dylan
3. My Girl – Jackson 5
4. Buffalo Soldier – Bob Marley
5. For What It’s Worth – Buffalo Springfield
6. Here Comes The Sun – The Beatles
7. People Get Ready – Rod Stewart
8. Unchained Melody – Righteous Brothers
9. I Heard It Through The Grapevine – Marvin Gaye
10. Norwegian Wood – The Beatles

There’s a line of black SUVs spanning College Walk. Which one do you think he’ll choose?

Photo by DH

Three laptops containing the personal information of 1,400 Columbia affiliates were stolen Monday from university offices, administration sources tell Bwog.

Though details of the thefts are not yet being released, university officials confirm that Social Security numbers are among the sensitive data contained on the laptops. The computers were protected with passwords, but because the security of the laptops may have been breached, administrators are taking steps to inform affected undergraduates, alumni, employees, and prospective students about the incident via e-mail today. One undergraduate who received an email noted: “I’m not terribly surprised, given that it’s happened before, but at the same time, I can’t believe they let it happen again.”

“Because of the importance to affected individuals, I felt it was crucial that I, as dean, signed the letter,” Dean Michele Moody-Adams said to Bwog. “I take responsibility for ensuring that we respond effectively. An effective response requires strengthening the physical security of our spaces and continuing the process of encrypting data.”

Moody-Adams says the university has arranged for two years of credit monitoring for those individuals whose data was on the laptops. She adds that several other steps are being taken, including more encryption of sensitive information, establishing new security safeguards in administrative offices, and intensifying its scanning of computer equipment for security threats. An investigation into the thefts has also been opened by the NYPD, so details about how the thefts occured, what building the laptops were stolen from, and the exact number of affected undergraduates are not yet being revealed.

This is not the first breach of sensitive information for Columbia: Social Security numbers of some 5,000 Columbians were accidentally posted on publicly on a Google-hosted site accessible parts of the university’s Web site in February 2007. Student Services discovered the leak in June 2008, removing the sensitive data and offering credit monitoring services to those affected.

If you have been affected by this latest breach and wish to share your story, please contact the Editor (eliza@bwog.net). All efforts will be made to ensure your privacy, and to that end, Bwog will also be deleting comments that reveal personal information about anyone affected, including names, addresses, and UNIs. Updates and insight to come as information materializes.

In the first Security Alert about a robbery in just over a month, a Columbia “affiliate” was robbed while “walking along the foot path on the lower level of Riverside Park adjacent near W. 116th Street.” Two males–one wearing a mask, the other described as Hispanic–approached the affiliate; the male with a mask brandished a handgun and demanded property while the other acted as a lookout. Fortunately, no injuries were reported. Full email below a more recent Public Safety alert after the jump.

UPDATE (Wed 1:31pm): The second Public Safety email in as many days has hit your Inbox. Another robbery was committed on Halloween night around 9:30pm at 114th and Morningside, though without use of a weapon. No injuries reported. Full email appears first after the jump. Read more…

Thanks to an anonymous tipster, Bwog brings you the latest update from Public Safety: room keys lie scattered on the curb of Amsterdam. Is yours among them? (Cue suspenseful music.)

In the highly likely case that you don’t read your emails to COLUMBIACOMMUNITY, here at Bwog we’d like to relay some helpful tips for getting around campus tomorrow during tomorrow’s madness.  Secret Service has already been sighted at the 117 st. gates, on College Walk, and at the Med School (?), so be ready with these handy tips:

•  Have your University ID with you all day. Duh.
  
• Avoid Lerner at all costs.  The entrance from Broadway, Mail services and Tasti-D will close at 2:00 p.m.  Get your fake yogurt fixes elsewhere (or take on a second job to eat at Pinkberry.)
• After 2:00 p.m., you won’t be able to enter campus from John Jay or Carman gates.  After 5:00 p.m., you need an ID to get into any of the other gates.
• Sit on the Low Steps to watch the Jumbotron.  You probably will want to get there well before the 7:00 p.m. start time if you want to actually sit, though.  Remember that 15,000 people signed up for seats and they’ll be itching to watch.
  
• Otherwise just watch on CTV. According to a University spokesperson, “CUTV service is available to students in the individual rooms of 600 W 113, Broadway, Carman, Furnald, John Jay, McBain, River, Ruggles, Schapiro, Watt, Wien, Woodbridge, and the two-person flats in East Campus. In Hogan and the East Campus suites and townhouses, service is offered only in the common areas.”
  

For all the thrilling details about Your Safety, the complete email is after the jump. 

Read more…

Bwog snuck into Roone to see all the exciting preparations for tomorrow’s Service Spectacular. There are about 20 people inside working on installing cameras, television screens, and mysterious black sercrecy curtains shrouding the Broadway entrance to Lerner. There are also a few important looking people on stage discussing logistics of the chairs and American flag paneling. More fairly passable cameraphone photos after the jump.

Read more…

Columbia security guards have been going all vigilante of late, patrolling the neighborhood (or at least Broadway and Amsterdam between 111th and 116th) on foot.  Apparently, the new security protocol is a response to two recent muggings at 112th and Amsterdam.  One tipster reports seeing ten police officers and security guards on a single walk on Broadway from 114th to 106th.  If the plethora of patrollers isn’t making you paranoid yet, Barnard is alerting its students to neighborhood crime through ubiquitous posters.

A search of the Spec’s archives shows only one report of a mugging in the past five months, but a Public Safety account reveals a spate of crime in the new year.  It’s starting to feel a little early ’80s here on the Upper West Side, don’t you think?

Edited, 5:30pm: Apparently the Spec has quite a bit of coverage of recent crimes in the neighborhood.  Sorry, Spec!

 

As the weather warms and the tumbleweeds jangle their way down College Walk, a question remains: what’n the hell are all these people still doing here? In what could very well turn out to be the first (or, perhaps, last) of a series, Bwog attempts to answer this question–one interloper at a time. Our first subject is non-interloper Michael, who’s been valiantly guarding the vertical ghost-town known as Carman Hall.

Why are you here?

I’m doing what I do all year round–security. I act as a deterrent.

At this point yes, but international students will be moving in over the next few days.

No. Trust me, when it’s fully occupied it’s hard enough. It’s like a relief for us now.

Interaction between me and the students. I see them when they come straight from high school and I watch them grow. I try to be like a guiding light for them.

The noise. When you get five, six hundred people passing in and out it’s hard to concentrate.

Enlightening! More hard-hitting journalism as the summer progresses…

While Public Safety clamps down on Columbia’s physical security, some students were alerted today to a breach in the university’s virtual defenses. According to an email they received, Housing and Dining accidentally exposed information from students’ housing files online for a period on April 2nd. “Exposure was limited,” the email goes on to say, ”because there were no links to the files on any Columbia website and because the files could only be viewed with a Columbia University UNI and password and a specific type of software.” Still, many students’ Social Security Numbers were among the bits of information placed online.

In the wake of the incident, Housing and Dining has, it claims, attempted to limit further exposure of student SSNs. The files were, of course, removed from the website, and students affected were offered a year of free credit monitoring, or the ability to file fraud reports or run credit checks with various agencies free of charge, if they so choose. The administration is clearly doing much to ensure no further damage to students results from this incident. Though it has been attempting to move away from the use of SSNs, however, their presence on student datasets is still prevalent, and the security precautions needed to secure them clearly have some way to go.

The full email from Lisa Hogarty to affected students appears below the jump.

-CJS

Read more…

Following the Virginia Tech shootings, Public Safety has announced that all Student Aides, who help man dorm security desks, are to be replaced with regular security guards for the rest of the semester. In an email sent today by Student Aide Coordinator Andrew Ness (provided after the jump), students who work at the desks were told to pick up their paychecks and not to report for duty again.

Some who wrote to Bwog questioned the move, especially because students were invited to apply again for the same positions when Fall semester came around. “They did not provide a correlation between the shootings and exactly why we should lose our jobs,” said one of the students affected. “It’s only bad if we’re randomly killed now, but not in September?”

Bwog posed this question to Mr. Ness, who wrote that he was not at liberty to discuss Public Safety’s plans in further detail. He simply confirmed that, following “the events at Virginia Tech[,] the University is reexamining its security policies to ensure the continued safety of the University community and to maintain our position as the safest Ivy League School.”

UPDATE, Wednesday, 11:12 AM: Assistant VP for Strategic Communications and Planning Rosemary Keane assures us that no students will lose their jobs–all will be reassigned to jobs in Housing and Dining.

- CJS

Read more…

Bwogger Katie Reedy overheard the phone conversation of a dorm security guard…



“I know. I know, I was like ‘oh damn’ too… Yea, and so I asked her, I said, ‘Girl, how do you know it’s mine.’ And she said, ‘I didn’t ever do it with anyone else.’ And I was like, ‘What?! Girl, I need to know this is for real – I need to know that this is not just some Maury shit.’ I said, ‘I am not a statistic!!’”

Just make sure that at Thanksgiving dinner 20 years from now, you don’t let him know he was an accident. Bwog knows that hurts.