[ale] UNC Server hacked 160k SSNs Compromised- How?

Chris Fowler cfowler at outpostsentinel.com
Sat Sep 26 10:20:02 EDT 2009


Years ago I meet with techs at AOL.  They may provide Iternet to the
noobs but their comment to me was that "data is not stored in Windows".
At that period of time they knew better than to store anything important
on a Windows server.

I wish that UNC would learn from this event and try something other than
Microsoft.


On Sat, 2009-09-26 at 09:42 -0400, William Fragakis wrote:
> I read this article curiously trying to see what the vulnerability was:
> 
> http://www.charlotteobserver.com/local/story/967722.html
> 
> "UNC officials and a private computer forensic expert have spent two
> months investigating, but they still don't know who did the hacking,
> where the attack originated, or even whether data was downloaded.
> 
> "There's no direct evidence that any information has been removed,"
> Mauro said. "But we can't say for sure."
> 
> The compromised server had all required security measures, Mauro said.
> It was one of two housing data on more than 662,000 women. That
> information is submitted to UNC electronically, a process that will be
> tightened, Mauro said.
> "
> 
> And, then:
> 
> "While they didn't find evidence files were downloaded, investigators
> found traces of viruses dating to 2007, Mauro said, an indication the
> registry had been compromised for that long."
> 
> Someday, a lawyer is going to light Microsoft up for a big verdict. Few
> other products are allowed to fail this badly with no financial/legal
> repercussions. I can see Robert Vaughn intoning, "Hurt in server break
> in? Tell the big software companies you mean business."
> 
> Not that I necessarily approve of this sort of legal approach, just
> imagining the possibility.
> 
> William
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo



More information about the Ale mailing list