lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <444D3D50.9020101@uci.edu>
Date: Mon Apr 24 22:04:38 2006
From: iglesias at uci.edu (Mike Iglesias)
Subject: What is wrong with schools these days?

CrYpTiC MauleR wrote:
> Already 2 school breaches on the news this week and my school will soon be
> added to the ever growing list, is this a trend? I mean how hard is it to
> protect some data. Allocate all the sensitive data on a select few servers
> and harden the hell out of them. Do these schools have info scattered
> around on various servers and sites and don't know what is where? I mean
> Jesus Christ just this week 477,000 personal records have been possibly
> breached. Does anyone know of any federal law being made or in discussion
> to prevent these from being an everyday thing and enforcing policies like
> California has?

Many universities do not have a central IT organization running every computer 
on campus as you would in a commercial enterprise.  They have a decentralized 
model where each school, department, or research group runs their computers. 
In addition, you have many students, faculty, and staff with personally owned 
laptops that they take care of (or not) themselves.  So you have many little 
fiefdoms running computers, some with more of a clue than others.  The 
clueless ones have untrained students running the computers, and most of them 
don't know much about security.  They're told to setup a computer and put this 
data on it so the professor can do his research.

Central entities in universities, like the registrar, should know what they 
are doing if they are setting up ways to remotely access information.

Not responding to emails and/or phone calls to the security/abuse/etc group is 
irresponsible, if you ask me.


-- 
Mike Iglesias                          Email:       iglesias@....edu
University of California, Irvine       phone:       949-824-6926
Network & Academic Computing Services  FAX:         949-824-2069

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ