November 12, 2018

(Continuation of Records at risk By NICOLE JOBES)

By: NICOLE JOBES

HTTPS works in conjunction with SSL, which then takes that data and encrypts it. SSL uses a mathematical algorithm to hide the true meaning of the data, making it prohibitively difficult to crack.

“HTTPS is secure because it uses SSL to move data,” Dotson wrote.

Because mystudentplan.ca does not use HTTPS or a SSL certificate, identifying information including first and last name, student number, date of birth, address, email, telephone number, health insurance plan,  provider information and banking information is transmitted over the Internet without any encryption.

Michael Abraham of Computer Services at Conestoga’s Doon campus said when a website does not employ proper HTTPS, anyone “sniffing” can intercept information in transit. This means any third party, including hackers, could potentially access any information you send via HTTP.

Jennifer Smola, a representative from Gallivan & Associates, said in an email that there is no reason to be concerned about the lack of HTTPS.

“There is no known breach of student information,” said Smola. “While all data in transit online is vulnerable, all available measures are being taken with the service provided through the website to protect individual information. An additional measure is to include a SSL certificate on the website to show the site meets security and encryption standards; this is currently being established.”

According to Smola, the website did not have a SSL certificate.

The opt-out website closed on Sept. 29, a day early, and is no longer functional, but not before thousands of students had entered their information.

Leave a Reply