Failure to patch flaw exposes data on 60, 000 at Antioch

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9075098

By Jaikumar Vijayan
April 4, 2008
Computerworld

Windows systems may be the most frequently attacked by malicious hackers, 
but they certainly are not the only targets.

Serving as the latest reminder of that fact is Antioch University in 
Yellow Springs, Ohio, which recently disclosed that Social Security 
numbers and other personal data belonging to more than 60,000 students, 
former students and employees may have been compromised by multiple 
intrusions into its main ERP server.

The break-ins were discovered Feb. 13 and involved a Sun Solaris server 
that had not been patched against a previously disclosed FTP 
vulnerability, even though a fix was available for the flaw at the time of 
the breach, university CIO William Marshall said today.

The university was alerted to the breach while IT officials were 
investigating a separate virus that had also infected the system and was 
broadcasting obscene material from it, Marshall said. That particular 
virus was programmed to broadcast the material on the 13th of every month 
and was detected by the university's antivirus software, when it started 
doing so on Feb. 13, he said.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml