Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: What is wrong with schools these days?
From: Mike Iglesias <iglesias () uci edu>
Date: Mon, 24 Apr 2006 14:04:16 -0700

CrYpTiC MauleR wrote:
Already 2 school breaches on the news this week and my school will soon be
added to the ever growing list, is this a trend? I mean how hard is it to
protect some data. Allocate all the sensitive data on a select few servers
and harden the hell out of them. Do these schools have info scattered
around on various servers and sites and don't know what is where? I mean
Jesus Christ just this week 477,000 personal records have been possibly
breached. Does anyone know of any federal law being made or in discussion
to prevent these from being an everyday thing and enforcing policies like
California has?

Many universities do not have a central IT organization running every computer on campus as you would in a commercial enterprise. They have a decentralized model where each school, department, or research group runs their computers. In addition, you have many students, faculty, and staff with personally owned laptops that they take care of (or not) themselves. So you have many little fiefdoms running computers, some with more of a clue than others. The clueless ones have untrained students running the computers, and most of them don't know much about security. They're told to setup a computer and put this data on it so the professor can do his research.

Central entities in universities, like the registrar, should know what they are doing if they are setting up ways to remotely access information.

Not responding to emails and/or phone calls to the security/abuse/etc group is irresponsible, if you ask me.


--
Mike Iglesias                          Email:       iglesias () uci edu
University of California, Irvine       phone:       949-824-6926
Network & Academic Computing Services  FAX:         949-824-2069

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]