[BLUG] The "security breach"

Poland, Andrew J. ajpoland_at_iupui.edu
Sun, 25 Feb 2001 01:54:31 -0500 

This was on Channel 13 news in Indy this evening.  Not a lot of specific
info was given but they did say that the names and SSNs of approximately
3000 students were downloaded by an unknown entity from the bursar's office
computer.  From what I can infer it sounds as though a file share or NFS
mount was left open for some period of time, and some random scanner
happened to find it.  The news report said that IU didn't think that the
cracker was particularly looking for student information, he/she just
scanning around and found it.  A couple of students who received the same
letter you did were interviewed.  They were most upset that IU had not given
out any details of the incident, including the date and time it occurred or
the depth or the specific data that was stolen and why.

Andrew

-----Original Message-----
From: great shamer [mailto:greatshamer_at_hotmail.com]
Sent: Saturday, February 24, 2001 9:19 PM
To: blug_at_cs.indiana.edu
Subject: [BLUG] The "security breach"


Hi all,

I arrived home from work today (it is tax season after all) and found a 
letter from IU in the mailbox.  We were expecting a refund check...that 
isn't quite what came.  A quote:

"We need to inform you that because of a security breach, your name and ID 
number were downloaded from a departmental computer in the Office of the 
Bursar by unknown and unauthorized individuals.  System log entries indicate

that this information was transferred to various Internet sites.  Therefore,

it is possible that the information remains accessible to unauthorized 
individuals."

"The University's computer security experts were notified as soon as we 
became aware of the problem.  They have examined the computer and made 
recommendations; based on those recommendation, we have taken steps to 
significantly increase the level of security on theis computer."

Does anyone know how extensive the crack was?  Was it all students, just 
certain campuses, or did it include anything other than names and social 
security numbers?  Surely one could be cynical.

Until Thursday,
Ethan


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com


_______________________________________________
BLUG mailing list
BLUG_at_linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug