Forwarded from: Adam Shostack <adam@private> On Wed, Mar 30, 2005 at 12:36:35AM -0600, InfoSec News wrote: | Forwarded from: Mark Bernard <Mark.Bernard@private> | | Dear Associates, | | I'm sorry but Universities and Colleges aren't very good gages on the | growth of identity theft. The incident is more likely to be a measure | of stupidity. | | These institutions are high risk for attacks because they need to be | open to share information, so I wouldn't even consider it a good | measure of some student hacker's skills. I hope that whoever | perpetrated this crime doesn't think that s/he's accomplished | something. Open to share financial and administrative information? Are the registrar's offices also open? There are substantial differences between research and academic needs and the operational/business needs of a university. | What I would like to see is students take more responsibility and | control over their private information. I know the thought that the | words 'student' and 'responsibility' are in the same sentence doesn't | make sense to some of us. I also think that student bodies need to | step up to the plate here and show some leadership by helping their | constituency protect themselves. Huh? The students are legally mandated to provide the information that's stolen. That information is verified at several different steps: Financial aid, foreign student tracking, tax payments, etc. What, precisely, would you suggest a student do to take more responsibility? Choose not to go to school at UC Berkeley, Harvard, Stanford, or any of the other schools hit by hackers/who exposed their admissions data via careless use of Apply Yourself software? Adam | ----- Original Message ----- | From: "InfoSec News" <isn@private> | To: <isn@private> | Sent: Tuesday, March 29, 2005 8:54 AM | Subject: [ISN] Stolen UC Berkeley Laptop Exposes Personal Data of Nearly | 100,000 | | | > http://www.washingtonpost.com/wp-dyn/articles/A7653-2005Mar28.html | > | > By MICHAEL LIEDTKE | > AP Business Writer | > March 28, 2005 | > | > SAN FRANCISCO (AP) -- A thief has stolen a computer laptop | > containing personal information about nearly 100,000 University of | > California, Berkeley alumni, graduate students and past applicants, | > continuing a recent outbreak of security breakdowns that has | > illustrated society's growing vulnerability to identity theft. | > | > University officials announced the March 11 theft on Monday under a | > state law requiring that consumers be notified whenever their Social | > Security numbers or other sensitive information has been breached. | > | > Notifying all of the 98,369 people affected by the UC Berkeley | > laptop theft could prove difficult because some of the students | > received their doctorate degrees nearly 30 years ago, university | > officials said. | > | > The laptop -- stolen from a restricted area of a campus office -- | > contained the Social Security numbers of UC Berkeley students who | > received their doctorates from 1976 through 1999, graduate students | > enrolled at the university between fall 1989 and fall 2003 and | > graduate school applicants between fall 2001 and spring 2004. Some | > graduate students in other years also were affected. _________________________________________ Network Security - http://www.auditmypc.com Free vulnerability test - How secure is your computer?
This archive was generated by hypermail 2.1.3 : Thu Mar 31 2005 - 05:47:43 PST