nanog mailing list archives
Re: Stanford Hack Exposes 10,000
From: Edward Lewis <Ed.Lewis () neustar biz>
Date: Thu, 26 May 2005 13:29:06 -0400
Yes, that seems obvious, but it doesn't happen. Considering the sort of free wheeling environment prevalent in University networks, you would think they would be a bastion of high security. Sadly, this isn't the case.
This isn't meant to be a bashing session on universities and other educational systems, just an observation. I would think, and I may be wrong, that a educational network would be subject to - stakeholders (students, faculty, alumni) that turn over quickly, calendar-tied fluctuations in activity, and a user base that tends to be more liberal and risk-tolerant than a typical end user network. I would think that these traits would work against the accumulation of tested operational techniques, appreciation of the time and cost of a reliable service, and stiff enough penalties for anti-cyber-social behavior. Also working against this is the availability of time (like between semesters) when major upgrades can be done, because in the rush to do so sound techniques can be over looked.
I don't mean to cast dispersions on educational campus IT functions. There is a lot of good security research and energy available in those environment. I'm just saying the environment is harsher than for other end users. No - I'm not leading up to a suggestion to quarantine them from the rest of the Internet.
Stories like this just serve as the example headlines of why any organization ought to take preventative measures when it comes to this kind of data. Hopefully, whatever vulnerabilities that were exploited will be patched, even if there is no public disclosure. (Word will get around when it needs to.)
PS - I was more surprised by the case of identity data that was lost when a laptop was stolen. Why was something so valuable left in such a mobile form?
http://informationweek.com/story/showArticle.jhtml?articleID=159907962 An example of following bad practices. Is the solution "more consultants?" ;) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar If you knew what I was thinking, you'd understand what I was saying.
Current thread:
- Re: Stanford Hack Exposes 10,000, (continued)
- Re: Stanford Hack Exposes 10,000 Mark Newton (May 25)
- Message not available
- Re: Stanford Hack Exposes 10,000 Jay R. Ashworth (May 25)
- Re: Stanford Hack Exposes 10,000 Michael . Dillon (May 26)
- Re: Stanford Hack Exposes 10,000 Jay R. Ashworth (May 26)
- Re: Stanford Hack Exposes 10,000 Jon Lewis (May 26)
- Re: Stanford Hack Exposes 10,000 Florian Weimer (May 26)
- Re: Stanford Hack Exposes 10,000 Bob Vaughan (May 27)
- Re: Stanford Hack Exposes 10,000 Nicole (May 31)
- Re: Stanford Hack Exposes 10,000 Mark Newton (May 25)
- Re: Stanford Hack Exposes 10,000 Stephen Sprunk (May 26)
- Re: Stanford Hack Exposes 10,000 Daniel Golding (May 26)
- Re: Stanford Hack Exposes 10,000 Edward Lewis (May 26)
- Re: Stanford Hack Exposes 10,000 Joel Jaeggli (May 26)
- Re: Stanford Hack Exposes 10,000 Adam McKenna (May 25)