Colorado State University’s Directory: A Nightmare Waiting to Happen
Like many universities and colleges, Colorado State University has a directory. Unlike many universities, the CSU directory also contains the full legal name, college, department, major, mailing address, and phone number of every student enrolled on campus that hasn’t opted-out via RAMweb, the university’s student dashboard.
From a privacy and a security standpoint, this is a distressing concern. From potential stalkers and attackers to web spammers are able to find identifying personal information about a potential target with as little as a student’s name. The search does fuzzy matching on any input, making it not only possible to locate a specific person enrolled, but a collection of individuals with matching names instantaneously.
Their directory clearly appears to be developed for the purpose of locating students, indicating that this was surely not a case of “inclusion by...
Continue reading →