Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Why security matters at universities

1 view
Skip to first unread message

Matt Curtin

unread,
Jul 3, 2002, 9:56:48 AM7/3/02
to

Universities, including our own, are historically deficient when it
comes to security, believing that the charter of an educational
facility is to share information, not to restrict it. The fact is,
however, that a great deal of information being handled by the
university is a target. Thus, organizing the entire infrastructure
around the concept of sharing everything and fixing exploits as
they're encountered is flawed.

In particular, the handling of social security numbers, credit cards
numbers, and other sensitive data needs to be taken seriously, and the
university would be well-advised to stop the ridiculous and possibly
illegal practice of using social security numbers to identify
students.

The news clip below shows that the Russian Mafia has an active
interest in student information. This is serious business.

Russian mob may have infiltrated university computers. Russian
Mafia may have tapped into the computer system at Arizona State
University and at least four other universities in the United
States. A program was apparently installed that allows the
students' credit card numbers, passwords and e-mail to be stolen,
though it wasn't known if any student accounts had been
compromised, according to campus police. The software secretly
records keystrokes, so that every action taken on a computer can be
accessed by a remote hacker. Criminals could use the system to
commit financial crimes, identity theft and sabotage. Programs
apparently were installed on student-access computers at
universities in Florida, Arizona, Texas and California.
(Associated Press, 18 June)

--
Matt Curtin Interhack Corp +1 614 545 HACK http://web.interhack.com/
Author, Developing Trust: Online Privacy and Security (Apress, 2001)
Beer is proof that God loves us and wants us to be happy. -B. Franklin

Jonathon Isaac Swiderski

unread,
Sep 20, 2002, 4:08:42 AM9/20/02
to
On 3 Jul 2002, Matt Curtin wrote:

>The news clip below shows that the Russian Mafia has an active
>interest in student information. This is serious business.

No, it doesn't. Assuming it's true (I hadn't previously heard about it,
but that doesn't necessarily mean anything), it shows that organised crime
groups have an interest in capturing passwords and credit card information.
The fact that the five believed-known targets were American public
universities is probably more a coincidence of the dangerous lack of
security of university systems you mention than a specific, directed
targeting --- it seems more likely that the people who are interested in id
theft and the other crimes mentioned are not so much interested in
accessing student bank accounts and identities specifically --- i don't
know about you, but my bank account doesn't have anything in it to steal
--- but simply in getting into whatever they can get into.

It also doesn't seem terribly relevant that the attackers were Russian,
beyond that they are likely to be harder to track and punish than those
based in white Western-European suburban America.

The need for universities to better control access to their systems and
better monitor what gets put on them, however, is, as you mentioned, very
real.

> Mafia may have tapped into the computer system at Arizona State
> University and at least four other universities in the United
> States. A program was apparently installed that allows the

> students' credit card numbers, passwords and e-mail to be stolen...
> (Associated Press, 18 June)


--
Jonathon Isaac Swiderski \\ danger...@dangercat.net
cs.oberlin.edu/~jswiders \\ www.dangercat.net/?id=mt

Consultant: Someone who knows 101 ways to make love,
but can't get a date.

0 new messages