http://www.insidebayarea.com/trivalleyherald/localnews/ci_2982853 By Katy Murphy STAFF WRITER 08/29/2005 HAYWARD Every morning, Thomas Dixon goes into his office at California State University, East Bay, knowing that a million attempts will be made - each hour - to break into the computer system he is charged with protecting. Dixon is a quiet, seemingly unflappable man who didnt blink at the break-ins reported this month at Sonoma State University and California State University, Stanislaus, that potentially compromised the personal information of tens of thousands of students. But the information security specialists biggest fear, which he shares with others in the know on campus, is that someone will manage to break into the main system containing student data and financial records. Do I get nervous? Of course, he said. To prevent such a catastrophe, Dixons team installs firewalls to keep unwanted users out of the main system. They keep their ears open about the latest threats and how to keep them at bay. And they give critical self-defense instructions and controls to the 10 to 20 faculty and staff whose laptops contain sensitive data about the university. Sometimes their efforts are not enough. Last September, a hacker gained access to a server in a Warren Hall office, later boasting about the conquest on the offices home page. As mandated by state law, the university sent letters to about 2,300 people, warning them that their personal information could have been stolen. Shortly after that attack, someone struck again, leaving a similar mark on the home page. Since Dixon already had scrubbed the hard drive of data, no information could have been taken. Dick Metz, vice president of administration and business affairs for the university, said he didnt know whether the phisher was simply gaming the system or trying to steal information. As far as he knows, no reports of fraud or misuse of data have been made in connection with the break-in, he said. Metz considers the September hack a minor incident. A major one, by his standards, would affect at least 10,000 people. At the time, many students went about their lives, oblivious to the invasion. Kelly Lunsford, a freshman last year, said Thursday that she wasnt aware of it - or of the recent problems at other universities, including the University of California, Berkeley. Lunsford said she assumed her information was safe at Cal State East Bay. I guess Ill trust them until something happens, she said. Likewise, incoming freshman Larry Ornellas said he wasnt too worried. I feel the school is a secure enough place, and they have thousands - and maybe tens of thousands - of records on file. It would have to be a secure enough domain for them to stay there, he said, although he added that the threat of identity theft is always in the back of his mind. When students return to dormitories next month for the fall quarter, their laptops will be checked for infection. Software and other protections will be given to on-campus students connected to the network, Dixon said, because someone could get to us through them. Despite the countless barriers they have erected, Dixon and Metz are keenly aware that all a hacker needs is a tiny opening. Weve come to the conclusion that it isnt a matter of whether we get breached again, Metz said. Its when. _________________________________________ Attend ToorCon Sept 16-18th, 2005 Convention Center San Diego, California www.toorcon.org
This archive was generated by hypermail 2.1.3 : Tue Aug 30 2005 - 00:14:36 PDT