Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Full-disclosure] What is wrong with schools these days?
From: Mike Iglesias (iglesiasuci.edu)
Date: Mon Apr 24 2006 - 16:04:16 CDT
CrYpTiC MauleR wrote:
> Already 2 school breaches on the news this week and my school will soon be
> added to the ever growing list, is this a trend? I mean how hard is it to
> protect some data. Allocate all the sensitive data on a select few servers
> and harden the hell out of them. Do these schools have info scattered
> around on various servers and sites and don't know what is where? I mean
> Jesus Christ just this week 477,000 personal records have been possibly
> breached. Does anyone know of any federal law being made or in discussion
> to prevent these from being an everyday thing and enforcing policies like
> California has?
Many universities do not have a central IT organization running every computer
on campus as you would in a commercial enterprise. They have a decentralized
model where each school, department, or research group runs their computers.
In addition, you have many students, faculty, and staff with personally owned
laptops that they take care of (or not) themselves. So you have many little
fiefdoms running computers, some with more of a clue than others. The
clueless ones have untrained students running the computers, and most of them
don't know much about security. They're told to setup a computer and put this
data on it so the professor can do his research.
Central entities in universities, like the registrar, should know what they
are doing if they are setting up ways to remotely access information.
Not responding to emails and/or phone calls to the security/abuse/etc group is
irresponsible, if you ask me.
Mike Iglesias Email: iglesiasuci.edu
University of California, Irvine phone: 949-824-6926
Network & Academic Computing Services FAX: 949-824-2069
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/