[ale] UNC Server hacked 160k SSNs Compromised- How?
William Fragakis
william at fragakis.com
Sat Sep 26 09:42:31 EDT 2009
I read this article curiously trying to see what the vulnerability was:
http://www.charlotteobserver.com/local/story/967722.html
"UNC officials and a private computer forensic expert have spent two
months investigating, but they still don't know who did the hacking,
where the attack originated, or even whether data was downloaded.
"There's no direct evidence that any information has been removed,"
Mauro said. "But we can't say for sure."
The compromised server had all required security measures, Mauro said.
It was one of two housing data on more than 662,000 women. That
information is submitted to UNC electronically, a process that will be
tightened, Mauro said.
"
And, then:
"While they didn't find evidence files were downloaded, investigators
found traces of viruses dating to 2007, Mauro said, an indication the
registry had been compromised for that long."
Someday, a lawyer is going to light Microsoft up for a big verdict. Few
other products are allowed to fail this badly with no financial/legal
repercussions. I can see Robert Vaughn intoning, "Hurt in server break
in? Tell the big software companies you mean business."
Not that I necessarily approve of this sort of legal approach, just
imagining the possibility.
William
More information about the Ale
mailing list