[ISN] Top 10 Threats to Computer Systems Include Professors and Students

From: InfoSec News <alerts_at_private>
Date: Tue, 16 Dec 2008 01:32:12 -0600 (CST)

The Chronicle of Higher Education
December 19, 2008 Issue

Karen McDowell spent several days this fall dressed in a purple fish 
costume, holding a plastic spear.

Ms. McDowell, a network-security analyst at the University of Virginia, 
wanted to raise awareness about "phishing," e-mail schemes in which con 
artists send messages to trick people into giving out passwords or other 
personal information. Ms. McDowell walked around high-traffic areas of 
the campus to get attention. "Sometimes I introduced myself as a 
fraudulent e-mail because many people don't know what a phish is," she 

The outfit hooked curious students, who asked her what she was up to, 
and most listened to her spiel. In the past, plainclothes administrators 
set up tables and handed out brochures about the importance of computer 
security. But Ms. McDowell felt that such efforts made little impact, 
since students mostly walked by without stopping. The fish costume was 
her idea — the university paid a local seamstress $60 to make it — 
because she felt that a bit of flashiness and humor would help the 
message sink in.

User awareness is growing in importance when it comes to computer 
security. Not long ago, keeping college networks safe from 
cyberattackers mainly involved making sure computers around campus had 
the latest software patches. New computer worms or viruses would pop up, 
taking advantage of some digital hole in the Windows operating system or 
in popular Web software, and officials would work to plug the gaps.

Those were the good old days — back when many big attacks were started 
by hobbyists who got a cheap thrill watching geek squads scramble.

Today a growing number of network bad guys are professional criminals, 
and they're looking to steal real money. They don't just want to post an 
embarrassing note on your college's home page. They want to nab the 
identities of students and professors to go on shopping sprees with 
forged credit cards. With the global economy getting lousier, officials 
predict that even more hackers will get into the act in search of easy 

Increasingly, the weakest part of a network is the users, who carelessly 
give out their passwords or leave important information for the taking.

That's the conclusion I reached at a recent Dartmouth College conference 
on "Securing the eCampus: Building a Culture of Information Security in 
an Academic Institution," where I was asked to give my take on security 
threats. I compiled the following top-10 list of campus 
computer-security risks based on several recent computing surveys and 
interviews with more than a dozen college-technology leaders. The list, 
ordered from least to most serious, is by no means scientific, but it 
gives a sense of where today's battle lines are — and why "phish" 
costumes should become more common on campuses.


Help InfoSecNews.org with a donation!
Received on Mon Dec 15 2008 - 23:32:12 PST

This archive was generated by hypermail 2.2.0 : Mon Dec 15 2008 - 23:41:51 PST