Archive for the ‘security examples’ Category.

Wi-Fi Flapping in the breeze

Dann Sheridan’s Weblog:

I don’t think most people understand the implications of running wireless networks. While sitting here in Starbucks, I have access to the shares on the CVS pharmacy file server next door containing their POS system, prescription system, and a database server containing who knows what. I also have access to ten workstation on the network who are sharing the c-drives. I probably even have access back into their corporate network…
This is a perfect example of how, as things are becoming more open, individuals can keep up and protect themselves while organizations languish in the wake.

Slammer worm crashed Ohio nuke plant network

SecurityFocus News: Slammer worm crashed Ohio nuke plant network:

“The reports paint a sobering picture of cybersecurity at FirstEnergy.”

Student’s Web site hacked by al-Qaida

Student Charged With Hacking at U-Texas

Student Charged With Hacking at U-Texas (

“Federal prosecutors today charged a University of Texas student with breaking into a school database and stealing more than 55,000 student, faculty and staff names and Social Security numbers in one of the nation’s biggest cases of data theft involving a university.

Christopher Andrew Phillips, 20, a junior who studies natural sciences, turned himself in at the U.S. Secret Service office in Austin. He was charged with unauthorized access to a protected computer and using false identification with intent to commit a federal offense.”

55,000 names and SSNs stolen at UT Austin

United Press International: Hackers strike at University of Texas:
“Authorities Thursday sought computer hackers who stole the names and Social Security numbers of 59,000 current and former students, faculty and staff last week at the University of Texas at Austin.

UT Austin: Data Theft and Identity Protection:
“The malfunction was assessed to be the result of a deliberate attack from the Internet. Subsequent analysis revealed that a security weakness in an administrative data reporting system was exploited by writing a program to input millions of Social Security numbers. Those SSNs that matched selected individuals in a UT database were captured, together with e-mail address, title, department name, department address, department phone number, and names/dates of employee training programs attended. It is important to note that no student grade or academic records, or personal health or insurance information was disclosed.

Computer logs indicate the information was obtained by computers in Austin and Houston over a five-day period that began last Wednesday, according to UT officials. They don’t know yet if the identification information was used for any illegal purposes… Approximately 55,200 individuals had some of the above data exposed. This group includes current and former students, current and former faculty and staff, and job applicants.”

Surplus Computer Had Confidential Info

Surplus Computer Had Confidential Info
“A state computer put up for sale as surplus contained confidential files naming thousands of people with AIDS and other sexually transmitted diseases, the state auditor said Thursday.”

The worm that turned: A new approach to hacker hunting

Shane Harris:
The worm that turned: A new approach to hacker hunting:
About the dissection of the Leaves worm, leading to the arrest of its author.
A bit breathless, but entertaining nonetheless.

South Koreans launch cyber attack on US over schoolgirls’ deaths

South Koreans launch cyber attack on US over schoolgirls’ deaths

“South Korean activists have attacked the White House computer server with electronic mail bombs to protest the acquittal of two US soldiers accused of killing two schoolgirls in a road accident… The activist says a second attack will be launched.”

Princeton demotes officer for hacking

Back to School, re Yale SSN fiasco

Back to School:
“Now let’s move on to the other criminally dumb figure in this fiasco. That Yale Web site was designed by a self-promoting Yale sophomore who brags that he has worked for Microsoft since he was 14. He’s the genius who decided that birth dates and Social Security numbers would make the perfect passwords because of their “personally identifiable nature,” according to the Yale Daily News, the student newspaper that broke the story late last month before it was picked up by The Washington Post and the wire services…. Outside audits of security still matter, too. Yale actually has an Information Security Office that investigates cases such as identity theft – but apparently no one talked to the office until after the site had been up for six months and had already been hacked. “