When Information Technology Services (ITS) switched Wesleyan’s e-mail to Gmail in January of this year, students were able to log into other students’ e-mails for about a month by typing in a username and leaving the password field blank. This glitch has been but one of a multitude of issues facing ITS recently: issues that some employees say could be avoided through more thorough program testing and greater efforts to alert the campus community to technical problems.
According to Ganesan Ravishanker, the associate vice president for ITS, the student Helpdesk received a call on Feb. 26 from a student who claimed it was possible to log into other students’ e-mails without a password.
“Within an hour we closed the loop and gathered everyone to find out if this is a wide spread problem and whether they had heard from others,” Ravishanker said.
The flaw was only accessible through a log-in link on the Wesleyan Google Apps blog— found at http://mail.gapps.wesleyan.edu—not by logging in through E-portfolio. According to Ravishanker, the one report that ITS received was the first instance they had heard of the problem. When the Helpdesk was alerted to the problem, they immediately reported it to Ravishanker. According to Ravishanker, although ITS checks for a number of things while testing a program, this particular flaw happened to be one that was not checked. Others, however, say that testing for such a flaw is standard procedure, and the fact that ITS did not catch it points to larger issues in the Google Apps release on campus.
“Google Apps was released without enough testing,” said an ITS employee who wished to remain anonymous. “The login page would accept any student’s username with the password field left blank, and would take you to the student’s e-mail. When an engineer writes a proper authentication page, it is routine to test that blank passwords do not bypass security.”
The problem was quickly remedied, but ITS decided not to alert students. Although the e-mail accounts—the personal information stored in the e-mails—of all Wesleyan students were technically accessible by anyone on campus, ITS believed that individuals had not taken advantage of the flaw.
“This breach of trust was a direct result of ITS’s failure to properly test their services,” the anonymous ITS employee said. “Testing is all the more important on an application that safeguards personal information such as e-mail, and the lack of testing to me indicates a serious failure in judgment.”
ITS had another Gmail-related problem on its hands earlier in the semester, when Google Apps began marked e-mail from ResLife and WesWell as spam. ITS solved the issue as soon as administrators complained that students were not receiving their e-mails.
“Basically we needed to tell Google Apps that any e-mail being sent from our constituents through our servers to you, don’t make them spam, no matter what,” Ravishanker said.
However, ITS has been contending with a variety of other technical problems throughout the year: from delayed online teaching evaluation to compatibility issues with Macs; from malfunctioning public computers in Usdan to a mysterious computer virus attacking student USB drives in computer labs.
Ravishanker said that some students reported difficulties this past semester in submitting their online teaching evaluations. Students discovered the system was shut down from around 9:30 p.m. to 11 p.m. on the night evaluations were due. As it turned out, the database that stores teaching evaluations ran out of space. ITS increased the amount of space within the database as soon as the problem was reported.
Working with the Office of Academic Affairs, ITS extended the time the evaluations were due to 2 a.m. the next morning so that students would not be penalized and receive their course grades late. Students were informed of the time extension on the evaluations page, and those who had not known of the extension received additional time.
Ravishanker admits that some technical issues will occur regardless of ITS testing.
“[We] try to test things under all different conditions,” Ravishanker said. “Unfortunately there are some bugs that get in the way and what we try to do is react as quickly as we can and solve problems.”
Other students may have experienced difficulty in using Cisco Clean Access Agent (CCA), a relatively new program that asks students to identify themselves when logging onto the on-campus wireless internet network, which is now required by federal law. It also checks computers to make sure they are in compliance with Windows updates.
However, between 60 and 65 percent of students own Mac computers, which do not have Windows update. In these cases, CCA finds the system noncompliant and does not work properly. Students running foreign versions of language operating systems often experience problems using CCA for similar reasons. According to Ravishanker, ITS is fully aware of the problem. Since the Mac operating system is not prone to the same security problems as Windows, the absence of the security-checking aspect of CCA is not as much of an issue.
Before using CCA, however, ITS was not aware of this issue. Nevertheless, Ravishanker feels that CCA is still a valuable program.
“[We are] confident that when Macs have an issue, Cisco Clean Access will have caught up,” Ravishanker said. “Cisco is a company that we trust. They are the premier network company. They are the best that’s out there.”
Many students have also likely found the Usdan kiosk machines out of order at some point.
“ITS installed a proprietary web browser on Usdan’s new computers which frequently crashed,” the anonymous ITS employee said. “After the computers were setup, ITS did not regularly verify that they were still running properly. As a result, computers which crashed remained unusable for weeks or even months at a time.”
According to Ravishanker, ITS now works more closely with Usdan staff so that problems can be fixed more efficiently.
Finally, ITS has struggled with viruses on lab computers. According to Ravishanker, this problem surfaced in February. ITS discovered a virus, whose origin was traced to Facebook, that places a screen on the computer with text reading, “I am your friend” and a phrase written in Arabic. This virus would copy itself onto USB drives that were inserted into lab computers.
Ravishanker claims that ITS does not have numbers of how many people were affected by the virus. Although computers were re-imaged, or wiped clean, ITS was not able to find much information on the virus and struggled to find either a solution or method of prevention.
“Now that we are hearing more and more, we just logged a call with Symantec [a company specializing in anti-virus computer software] on how best to take care [of the problem],” Ravishanker said. “We don’t have a sense of how many people have been affected, but the numbers we are hearing is more than a few in the last couple of weeks.”
According to Ravishanker, ITS technical staff thought they had found a solution to the problem, but student hard drives continue to contract the virus.
While the virus still remains an issue, ITS has yet to officially report this problem. Ravishanker admits that ITS did not, but should have, alerted students to viruses in the lab computers.
“We should have communicated, saying be careful using your USB drive or don’t use them,” Ravishanker said. “I am still trying to find out why we didn’t. We should do that stuff.”
Besides performing proper testing of systems before implementing them, the anonymous ITS employee claims that it is necessary for ITS to report these issues to the student body.
Ravishanker, however, feels ITS works sufficiently to address the technical problems of the Wesleyan campus.
“With so many different and complex systems to support, we do our best to proactively solve problems,” Ravishanker said. “However, in some cases, we are reactive and we rely on our users to tell us where the problems are. But the important thing is that once we become aware of these problems we solve them as soon as possible.”