The Harvard Crimson CAMBRIDGE, Mass. (U-WIRE) -- Due to increased security measures, students activating their Harvard computer accounts yesterday took a 32-question quiz and tried to think of nonsensical new passwords hackers would have trouble deciphering. The quiz, which was intended to increase awareness of the university's network use guidelines, asked true-false questions in a random order. Students were allowed one mistake and could take the quiz as many times as needed until they passed. The program then asked students for a new password, but would not accept words resembling those in dictionaries. Suggestions were given for students unable to come up with passwords of their own. One request generated passwords such as "16ilut" and "k9tig5." Less word-like passwords will help prevent dictionary attacks in which a "malicious user" uses combinations of words to hack into another student's account, said Harvard computing official Rick Osterberg. In the past, only new students were required to take the quiz, but all returning undergraduate and graduate students need to take it this year, Osterberg said. Some of the true and false statements on the quiz included: "There's nothing wrong with forwarding chain letters, as long as no money is involved," "Harvard's computers may not be used for pranks or practical jokes" and "A computer Systems Administrator or User Assistant may ask me for my password in order to provide assistance." The answers to these questions are false, true and false, respectively. Osterberg said the quiz, modeled after one developed at the University of Delaware, was an effective way to reach students. While "dictionary attacks" on students' passwords do occasionally occur, the most common way passwords get out is when students share them, an act that violates Harvard computer policy, Osterberg said. "By restating the rules in the form of a simple, interactive quiz, we hope to make the text more compelling and to engage students to think about the issues of appropriate computer use," he said. Attention was drawn to the issue of network misuse last year when Garrick Lau, the CEO of Omicron Technologies Corporation, used his Harvard Web page to distribute computer software. Over a 14 month time span, downloads from Lau's page accounted for 12 percent of all data transmitted over the server. The volume of server use drew the ire of Harvard network administrators who said Lau was violating a policy prohibiting commercial use of Harvard's network.
The Daily Pennsylvanian is an independent, student-run newspaper. Please consider making a donation to support the coverage that shapes the University. Your generosity ensures a future of strong journalism at Penn.
Donate
