Ouch - an unpatched bug in so-called SECURITY software? Isn't such software supposed to work against issues that lead to data breaches?<br><br><div><span class="gmail_quote">On 5/25/07, <b class="gmail_sendername">security curmudgeon
</b> <<a href="mailto:jericho@attrition.org">jericho@attrition.org</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
---------- Forwarded message ----------<br>From: InfoSec News <<a href="mailto:alerts@infosecnews.org">alerts@infosecnews.org</a>><br>Subject: [ISN] University Blames Security Breach On Un-patched Symantec Bug<br><br>
<a href="http://www.informationweek.com/news/showArticle.jhtml?articleID=199701978">http://www.informationweek.com/news/showArticle.jhtml?articleID=199701978</a><br><br>By Sharon Gaudin<br>InformationWeek<br>May 24, 2007<br>
<br>The University of Colorado at Boulder said sensitive information on 44,998<br>students was exposed because a worm attacked the network through an<br>un-patched bug in Symantec's anti-virus software.<br><br>A server in the university's College of Arts and Sciences' Academic
<br>Advising Center held the names and Social Security numbers of students<br>enrolled at CU-Boulder from 2002 to the present, according to an online<br>advisory.<br><br>On May 12, the university's IT security investigators discovered that the
<br>worm entered the server through the vulnerability, which the IT staff had<br>failed to patch, the university reported. Investigators said they did not<br>believe the hacker behind the worm was after the personal information, but
<br>instead was using the flaw as an entryway to other computers on the<br>university network.<br><br>"The server's security settings were not properly configured and its<br>sensitive data had not been fully protected," said Bobby Schnabel,
<br>CU-Boulder vice provost for technology, in a written statement. "Through a<br>combination of human and technical errors, these personal data were<br>exposed, although we have no evidence that they were extracted."
<br><br>A Symantec spokesman told InformationWeek that they have been trying to<br>get in touch with the university's IT team but have not yet talked to them<br>to get details about the attack or even to find out what vulnerability was
<br>involved. "We hate to see any customer with a problem," he said. "We<br>encourage customers to post patches as soon as possible."<br><br>Todd Gleeson, a dean CU-Boulder, said in a statement that he wants the
<br>College of Arts and Sciences IT operations to be placed under the direct<br>control of the university's larger IT department. He said all of the<br>students affected by the breach are being notified through letters mailed
<br>to their homes.<br><br>"We have also taken steps to ensure that all sensitive personal data has<br>been removed from our Academic Advising Center servers," said Gleeson. "I<br>want to assure our past and present students that we have taken strong
<br>measures to protect our advising center computers and our students'<br>personal information."<br><br>Students who are looking for more information about protecting themselves<br>following a data exposure can go to the advisory Web site.
<br><br><br>_______________________________________________<br>Dataloss Mailing List (<a href="mailto:dataloss@attrition.org">dataloss@attrition.org</a>)<br><a href="http://attrition.org/dataloss">http://attrition.org/dataloss
</a><br>Tracking more than 208 million compromised records in 670 incidents over 7 years.<br></blockquote></div><br><br clear="all"><br>-- <br>B.K. DeLong (K3GRN)<br><a href="mailto:bkdelong@pobox.com">bkdelong@pobox.com</a>
<br>+1.617.797.8471<br><br><a href="http://www.wkdelong.org">http://www.wkdelong.org</a> Son.<br><a href="http://www.ianetsec.com">http://www.ianetsec.com</a> Work.<br><a href="http://www.bostonredcross.org">
http://www.bostonredcross.org</a> Volunteer.<br><a href="http://www.carolingia.eastkingdom.org">http://www.carolingia.eastkingdom.org</a> Service.<br><a href="http://bkdelong.livejournal.com">http://bkdelong.livejournal.com
</a> Play.<br><br><br>PGP Fingerprint:<br>38D4 D4D4 5819 8667 DFD5 A62D AF61 15FF 297D 67FE<br><br>FOAF:<br><a href="http://foaf.brain-stream.org">http://foaf.brain-stream.org</a>