Universities urged to tighten computer security

[InfoSec News <alerts () infosecnews org>]

http://www.azstarnet.com/metro/244816

By Howard Fischer
Capitol Media Services
Tucson, Arizona 
06.21.2008

PHOENIX - The computer systems at all three state universities are 
vulnerable to online attacks and hacking, the state Auditor General's 
Office has concluded.

In a report released Friday, Auditor General Debbie Davenport said her 
staff was able to access sensitive information in university computers 
by exploiting weaknesses in their security systems.

Davenport said auditors selected 35 of 205 significant Web-based systems 
for testing. All of those applications, she said, had commonly found 
security weaknesses.

 From that list, auditors checked six to find out exactly what someone 
with unauthorized access could do.

In one case, Davenport said, her staffers were able to obtain more than 
10,000 records that included names and Social Security numbers. They 
also accessed other records with student and employee identification 
numbers, addresses, phone numbers and e-mail addresses. "These flaws 
could also be used to modify and delete data in the databases," 
Davenport reported.

In two other cases, she said auditors were able to access "high-level 
accounts" in which someone could not just view, but also change, 
sensitive student and employee information.

[...]


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com