Information Security News mailing list archives
Re: Hacker hits Duke system
From: InfoSec News <isn () c4i org>
Date: Mon, 6 Jun 2005 11:22:12 -0500 (CDT)
Forwarded from: Mark Bernard <Mark.Bernard () TechSecure ca> Dear Associates, fyi... if the hacker picked off employee information, which is likely better protected than the master database, than what about clinical patient records? I don't buy the story that those systems weren't touched. Most of these systems are network together and if anything mainstream data used by most organizations is more readily available than executive salary information. As hackers get smarter you can bet that they'll target more of the identity management systems such as Microsoft's Active Directory and Kerberos with its known weaknesses. Lots of people use the same user ids and passwords for both work and personal systems. So although the hackers may get no further with Duke they might start testing online banking systems or other such systems with their new found illegal information assets. Furthermore, aggregated data found on public systems such as Monster and Workopolis may help to further refine potential targets of economic opportunity from these illegally new found assets. Best regards, Mark. Mark E. S. Bernard, CISM, CISSP, PM, Principal, Risk Management Services, e-mail: Mark.Bernard () TechSecure ca Web: http://www.TechSecure.ca Phone: (506) 325-0444 Leadership Quotes by Kenneth Blanchard: "The key to successful leadership today is influence, not authority." ----- Original Message ----- From: "InfoSec News" <isn () c4i org> To: <isn () attrition org> Sent: Saturday, June 04, 2005 3:23 PM Subject: [ISN] Hacker hits Duke system
http://newsobserver.com/business/story/2471894p-8875992c.html By JEAN P. FISHER Staff Writer Jun 4, 2005 A hacker broke into the Duke University Medical Center computer system last week, stealing thousands of passwords and fragments of Social Security numbers, Duke officials said Friday. Duke is notifying about 14,000 people, roughly 10,000 of whom are medical center employees, that their information may have been compromised and is advising people to change passwords if they use the same one for multiple purposes. Other individuals affected include alumni of the Duke University School of Medicine, physicians and other clinicians who registered online for some types of continuing medical education at Duke and others who accessed certain Web pages maintained by the medical school. The incident is the latest in a series of security breaches nationally at banks and other major organizations that store personal information. This is one of the largest yet to hit the Triangle.
_________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com
Current thread:
- Hacker hits Duke system InfoSec News (Jun 04)
- <Possible follow-ups>
- Re: Hacker hits Duke system InfoSec News (Jun 06)