nanog mailing list archives
Re: Stanford Hack Exposes 10,000
From: Daniel Golding <dgolding () burtongroup com>
Date: Thu, 26 May 2005 13:01:24 -0400
People are missing the point a bit. Most schools HAVE switched over to new numbering systems. Most student ID's have school-specific ID numbers. The problems are: 1) Older student records are indexed by SSN and they must be retained. 2) Some information is still indexed by SSN out of necessity - student financial aid for example That means you have a translation database somewhere, with all those SSNs and the new student index numbers. SSNs are already forbidden going forward at pretty much all school. For example, they can't be used to post grades. However, the need to retain them for backwards compatibility remains. Education institutions need a clear set of guidelines for handling sensitive data like that. A good start would be that such data can only be stored in an encrypted format in a physically secure facility. Yes, that seems obvious, but it doesn't happen. Considering the sort of free wheeling environment prevalent in University networks, you would think they would be a bastion of high security. Sadly, this isn't the case. - Dan On 5/26/05 6:10 AM, "Michael.Dillon () radianz com" <Michael.Dillon () radianz com> wrote:
Around about whenever the US Federal Government gets the hint and passes a bill which makes it illegal to use social security numbers for any purpose other than the administration of social security.Wrong answer. Federal laws do not stop people from doing stupid things and they do not stop people from doing illegal things. What we need is a Hollywood blockbuster in which some highschool hackers wreak havoc by aquiring SSNs from gradesheets and using mother's maiden names to steal lots of money and identities. Then, pointy-haired bosses will ask their sysadmins to make sure that it can't happen in their department. Hollywood movies change people's behavior. Federal laws do not. --Michael Dillon
-- Daniel Golding Network and Telecommunications Strategies Burton Group
Current thread:
- Re: Stanford Hack Exposes 10,000, (continued)
- Re: Stanford Hack Exposes 10,000 Adam McKenna (May 25)
- Re: Stanford Hack Exposes 10,000 Mark Newton (May 25)
- Message not available
- Re: Stanford Hack Exposes 10,000 Jay R. Ashworth (May 25)
- Re: Stanford Hack Exposes 10,000 Michael . Dillon (May 26)
- Re: Stanford Hack Exposes 10,000 Jay R. Ashworth (May 26)
- Re: Stanford Hack Exposes 10,000 Jon Lewis (May 26)
- Re: Stanford Hack Exposes 10,000 Florian Weimer (May 26)
- Re: Stanford Hack Exposes 10,000 Bob Vaughan (May 27)
- Re: Stanford Hack Exposes 10,000 Nicole (May 31)
- Re: Stanford Hack Exposes 10,000 Mark Newton (May 25)
- Re: Stanford Hack Exposes 10,000 Stephen Sprunk (May 26)
- Re: Stanford Hack Exposes 10,000 Adam McKenna (May 25)
- Re: Stanford Hack Exposes 10,000 Daniel Golding (May 26)
- Re: Stanford Hack Exposes 10,000 Edward Lewis (May 26)
- Re: Stanford Hack Exposes 10,000 Joel Jaeggli (May 26)
- Re: Stanford Hack Exposes 10,000 Adam McKenna (May 25)