[BLUG] The "security breach"
Poland, Andrew J.
Sun, 25 Feb 2001 01:54:31 -0500
This was on Channel 13 news in Indy this evening. Not a lot of specific
info was given but they did say that the names and SSNs of approximately
3000 students were downloaded by an unknown entity from the bursar's office
computer. From what I can infer it sounds as though a file share or NFS
mount was left open for some period of time, and some random scanner
happened to find it. The news report said that IU didn't think that the
cracker was particularly looking for student information, he/she just
scanning around and found it. A couple of students who received the same
letter you did were interviewed. They were most upset that IU had not given
out any details of the incident, including the date and time it occurred or
the depth or the specific data that was stolen and why.
From: great shamer [mailto:greatshamer_at_hotmail.com]
Sent: Saturday, February 24, 2001 9:19 PM
Subject: [BLUG] The "security breach"
I arrived home from work today (it is tax season after all) and found a
letter from IU in the mailbox. We were expecting a refund check...that
isn't quite what came. A quote:
"We need to inform you that because of a security breach, your name and ID
number were downloaded from a departmental computer in the Office of the
Bursar by unknown and unauthorized individuals. System log entries indicate
that this information was transferred to various Internet sites. Therefore,
it is possible that the information remains accessible to unauthorized
"The University's computer security experts were notified as soon as we
became aware of the problem. They have examined the computer and made
recommendations; based on those recommendation, we have taken steps to
significantly increase the level of security on theis computer."
Does anyone know how extensive the crack was? Was it all students, just
certain campuses, or did it include anything other than names and social
security numbers? Surely one could be cynical.
Get your FREE download of MSN Explorer at http://explorer.msn.com
BLUG mailing list