Kevin Poulsen, SecurityFocus 2004-10-19
The FBI is investigating the penetration of a university research system that housed sensitive personal data on a staggering 1.4 million Californians who participated in a state social program, officials said Tuesday.
Colapse all |
Post comment
"Known vulnerabilities"
2004-10-20
Obviously not known by them
Obviously not known by them
When will people responsible for data security start taking vulnerability scans seriously. You can download and configure Nessus yourself or get a website to scan you on a regular basis (www.ipxray.com for example).
I bet the new guy in charge of security scans himself until so often he goes b...
[ more ] [ reply ]
I bet the new guy in charge of security scans himself until so often he goes b...
[ more ] [ reply ]
WIndows? Linux? Unix? (maybe Minux)? What OS?
2004-10-20
Anonymous (3 replies)
Anonymous (3 replies)
The article fails to say what OS was the problem from the start?
Does anyone know?
Systems like these should, by law, be not hooked up to an external network. Not ever!
The government should create a law that would make putting a system like this on a network that was facing the internet a cr...
[ more ] [ reply ]
Does anyone know?
Systems like these should, by law, be not hooked up to an external network. Not ever!
The government should create a law that would make putting a system like this on a network that was facing the internet a cr...
[ more ] [ reply ]
WIndows? Linux? Unix? (maybe Minux)? What OS?
2004-10-21
SeabH (1 replies)
SeabH (1 replies)
How is this any different than your credit report (on any of the three credit bureaus - if you live in the USA).
The bigger issue here is privacy. To obtain personal information such as a SSN requires an acknowledgement (signature on a form) by the person.
That is much bigger than a bunch of ...
[ more ] [ reply ]
The bigger issue here is privacy. To obtain personal information such as a SSN requires an acknowledgement (signature on a form) by the person.
That is much bigger than a bunch of ...
[ more ] [ reply ]
WIndows? Linux? Unix? (maybe Minux)? What OS?
2004-10-22
Anonymous (1 replies)
Anonymous (1 replies)
Here's an idea... How about the government comes up with it's own Firewall/OS and don't release it to the public... don't cha think that, that's a little bit more secure than using things that already have massive security holes and the entire world knows about them the second they are discovered?
...
[ more ] [ reply ]
...
[ more ] [ reply ]
WIndows? Linux? Unix? (maybe Minux)? What OS?
2004-10-24
Anonymous
Anonymous
That's exactly how we handle material the government has marked "classified" (including secret, top secret, etc). Any computer with any classified data whatsoever is physically disconnected from any network touching the internet. Totally separate routers, hubs, racks, the works. "No-touchy!"...
[ more ] [ reply ]
[ more ] [ reply ]
WIndows? Linux? Unix? (maybe Minux)? What OS?
2004-10-26
Anonymous
Anonymous
Since this is a "social cause" computing system odds are whoever is running this is not employing *NIX. Perhaps they are because of the old "low cost" argument since such organizations have limited funds, this may implicateopen source, but I doubt it.
Almost every time I've read about a massive ...
[ more ] [ reply ]
Almost every time I've read about a massive ...
[ more ] [ reply ]
California reports massive data breach
2004-10-21
Anonymous
Anonymous
It?s hard to believe that the state would allow this information out but what is really interesting is that they allowed the personally identifiable information out. If the research was valid (needed) then fine, do it, but make sure you take steps needed to protect the data and the identities of th...
[ more ] [ reply ]
[ more ] [ reply ]
Cryptography Ignored?
2004-10-23
Drew Miller (1 replies)
Drew Miller (1 replies)
How very interesting this is. Encrypting data would at least have protected some of the data, forcing the criminals to independantly brute force each of the pieces of data... oops on their part.
Did the criminal get away with names, numbers and addresses?
Or did the criminal get away with encr...
[ more ] [ reply ]
Did the criminal get away with names, numbers and addresses?
Or did the criminal get away with encr...
[ more ] [ reply ]
Cryptography Ignored?
2004-10-27
Anonymous (1 replies)
Anonymous (1 replies)
Why bother hacking the systems technically at a credit bureau when you can socially obtain the information or have false information put into their systems with much less effort.
Would it be a nusance if some "kid" (i.e. non-organized criminal) hacked into a bureau and obtained a huge # of cred...
[ more ] [ reply ]
Would it be a nusance if some "kid" (i.e. non-organized criminal) hacked into a bureau and obtained a huge # of cred...
[ more ] [ reply ]
Its a University!
2004-10-27
Anonymous
Anonymous
One very disappointing aspect is the fact this was a University system. Aren't Universities supposed to be sources of information and knowledge? Furthermore, this wasn't some middle Cal-state school or community college...THIS WAS BERKELEY! It's one of the most admired and respected schools aroun...
[ more ] [ reply ]
[ more ] [ reply ]
California reports massive data breach
2004-11-01
Anonymous
Anonymous
Universities have ALWAYS been the worst when it came to having security put in place!!!!!
Academia is notorious for this as once someone is tenured there they act as though nobody can touch them, that they don't have to follow the same rules...
Lets put those in charge (not the poor IT schmuck...
[ more ] [ reply ]
Academia is notorious for this as once someone is tenured there they act as though nobody can touch them, that they don't have to follow the same rules...
Lets put those in charge (not the poor IT schmuck...
[ more ] [ reply ]
The researchers had a responsibility as well as the administrators of the host that was exploited. This is not ok and the university obviously did not report in...
[ more ] [ reply ]