As the March 20 close of the E-Rate filing window for FY 2012 approaches, a problem has surfaced with the randomly generated PINs used to electronically file forms.
Some PINs contain character sequences that appear to be malicious when entered into the form. An example from another state:
“One of our libraries actually printed out and faxed to us a copy of the error message they were receiving when they tried to enter their PIN. It was not something from USAC. It was a Microsoft.net error message, specifically ‘A potentially dangerous Request.Form value was detected from the client (PIN=”Lx2″.’
(Lx2′ is the library’s E-rate PIN.)”
The combination “&#” can be interpreted as a hacking attempt, which causes it to be blocked.
Because it requires entering the old PIN (which just initiates the error again), the option on the USAC site to change the PIN (https://slpin.universalservice.org/Pin/PinArea.aspx) won’t solve the problem.
Linda Schatz, retained by COSLA (Chief Officers of State Library Agencies) for E-rate consulting, has this from USAC, the E-rate program administrators:
“Applicants can request a new PIN if they call CSB (but keep reading). The SLD confirmed that CSB does not need the old PIN to regenerate a new one (unlike submitting a request for a new PIN online.) That’s the good news.
The bad news is there isn’t time for that process to play out before the close of the window. It is also advisable to wait until we learn from the SLD that the system is fixed so that any new PINs that are generated don’t have the same problem.
Therefore, if you have applicants who have the &# sequence in their PIN number, it would be advisable to allow sufficient time to mail in their Form 471 certification. Since we haven’t had to think about this for awhile given the PIN system, just a reminder to keep proof of ‘postmark.’”