Forwarded from: Mark Bernard <Mark.Bernard@private> Dear Associates, fyi... if the hacker picked off employee information, which is likely better protected than the master database, than what about clinical patient records? I don't buy the story that those systems weren't touched. Most of these systems are network together and if anything mainstream data used by most organizations is more readily available than executive salary information. As hackers get smarter you can bet that they'll target more of the identity management systems such as Microsoft's Active Directory and Kerberos with its known weaknesses. Lots of people use the same user ids and passwords for both work and personal systems. So although the hackers may get no further with Duke they might start testing online banking systems or other such systems with their new found illegal information assets. Furthermore, aggregated data found on public systems such as Monster and Workopolis may help to further refine potential targets of economic opportunity from these illegally new found assets. Best regards, Mark. Mark E. S. Bernard, CISM, CISSP, PM, Principal, Risk Management Services, e-mail: Mark.Bernard@private Web: http://www.TechSecure.ca Phone: (506) 325-0444 Leadership Quotes by Kenneth Blanchard: "The key to successful leadership today is influence, not authority." ----- Original Message ----- From: "InfoSec News" <isn@private> To: <isn@private> Sent: Saturday, June 04, 2005 3:23 PM Subject: [ISN] Hacker hits Duke system > http://newsobserver.com/business/story/2471894p-8875992c.html > > By JEAN P. FISHER > Staff Writer > Jun 4, 2005 > > A hacker broke into the Duke University Medical Center computer system > last week, stealing thousands of passwords and fragments of Social > Security numbers, Duke officials said Friday. > > Duke is notifying about 14,000 people, roughly 10,000 of whom are > medical center employees, that their information may have been > compromised and is advising people to change passwords if they use the > same one for multiple purposes. > > Other individuals affected include alumni of the Duke University > School of Medicine, physicians and other clinicians who registered > online for some types of continuing medical education at Duke and > others who accessed certain Web pages maintained by the medical > school. > > The incident is the latest in a series of security breaches nationally > at banks and other major organizations that store personal > information. This is one of the largest yet to hit the Triangle. _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Mon Jun 06 2005 - 16:29:14 PDT