Re: [ISN] Stolen UC Berkeley Laptop Exposes Personal Data of Nearly 100,000

From: InfoSec News (isn@private)
Date: Wed Mar 30 2005 - 22:38:29 PST


Forwarded from: Adam Shostack <adam@private>

On Wed, Mar 30, 2005 at 12:36:35AM -0600, InfoSec News wrote:
| Forwarded from: Mark Bernard <Mark.Bernard@private>
| 
| Dear Associates,
| 
| I'm sorry but Universities and Colleges aren't very good gages on the
| growth of identity theft. The incident is more likely to be a measure
| of stupidity.
| 
| These institutions are high risk for attacks because they need to be
| open to share information, so I wouldn't even consider it a good
| measure of some student hacker's skills. I hope that whoever
| perpetrated this crime doesn't think that s/he's accomplished
| something.

Open to share financial and administrative information?  Are the
registrar's offices also open?  There are substantial differences
between research and academic needs and the operational/business needs
of a university.

| What I would like to see is students take more responsibility and
| control over their private information. I know the thought that the
| words 'student' and 'responsibility' are in the same sentence doesn't
| make sense to some of us. I also think that student bodies need to
| step up to the plate here and show some leadership by helping their
| constituency protect themselves.

Huh?  The students are legally mandated to provide the information
that's stolen.  That information is verified at several different
steps:  Financial aid, foreign student tracking, tax payments, etc.

What, precisely, would you suggest a student do to take more
responsibility?  Choose not to go to school at UC Berkeley, Harvard,
Stanford, or any of the other schools hit by hackers/who exposed their
admissions data via careless use of Apply Yourself software?

Adam

| ----- Original Message ----- 
| From: "InfoSec News" <isn@private>
| To: <isn@private>
| Sent: Tuesday, March 29, 2005 8:54 AM
| Subject: [ISN] Stolen UC Berkeley Laptop Exposes Personal Data of Nearly 
| 100,000
| 
| 
| > http://www.washingtonpost.com/wp-dyn/articles/A7653-2005Mar28.html
| >
| > By MICHAEL LIEDTKE
| > AP Business Writer
| > March 28, 2005
| >
| > SAN FRANCISCO (AP) -- A thief has stolen a computer laptop
| > containing personal information about nearly 100,000 University of
| > California, Berkeley alumni, graduate students and past applicants,
| > continuing a recent outbreak of security breakdowns that has
| > illustrated society's growing vulnerability to identity theft.
| >
| > University officials announced the March 11 theft on Monday under a
| > state law requiring that consumers be notified whenever their Social
| > Security numbers or other sensitive information has been breached.
| >
| > Notifying all of the 98,369 people affected by the UC Berkeley
| > laptop theft could prove difficult because some of the students
| > received their doctorate degrees nearly 30 years ago, university
| > officials said.
| >
| > The laptop -- stolen from a restricted area of a campus office --
| > contained the Social Security numbers of UC Berkeley students who
| > received their doctorates from 1976 through 1999, graduate students
| > enrolled at the university between fall 1989 and fall 2003 and
| > graduate school applicants between fall 2001 and spring 2004. Some
| > graduate students in other years also were affected.



_________________________________________
Network Security - http://www.auditmypc.com
Free vulnerability test - How secure is your computer?



This archive was generated by hypermail 2.1.3 : Thu Mar 31 2005 - 05:47:43 PST