- Worst of the lot: PCConnection and PCMall
- 10 ways the Chinese Internet is different
- Hacker writes rootkit for Cisco's routers
- Cisco loses $2 million order to Nortel
- Enterasys, Extreme hooking up?
BitTorrent blocking; SQL injection attack. Listen now!
Hacker writes Cisco rootkit; Microsoft launches online telescope. Listen now!
The movement towards laptop computers has fueled an unprecedented number of data breaches. For IT and Information Security, encryption and training has proven ineffective against careless users and insider threats. This paper discusses these limitations and explains how endpoint security allows remote deletion of sensitive data, tracking of computers outside the network and the physical recovery of missing computers. Learn how you can ensure mobile data protection regardless of end-user interference.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Find out how you can consolidate Windows workloads and create a more efficient virtualized data center in this informative webcast, "Reduce Complexity and Cost - Windows Server Consolidation with Virtualization." Six concise webcast modules are available for your viewing. Watch them all consecutively or only the topics that interest you. The modules cover performance, user case studies, enterprise-level support, managing windows workloads, setup and configuration and the future of virtualization. Learn more today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
This is a good, basic, common sense article - thank you. Time to time it is forgotten that no system...- tuomoks
The University of California, Los Angeles, Tuesday began sending out letters to more than 800,000 individuals whose personal information may have been compromised in a database breach that remained undetected for more than a year.
A statement posted on the university's Web site said that intruders appear to have taken advantage of a previously "undetected software flaw" in one of its "hundreds" of software applications to gain access to the restricted database. Attempts to access the database have apparently been going on since October 2005, according to the statement.
The breach was discovered on Nov. 21 this year, when the university's computer security technicians noticed an "exceptionally high volume of suspicious database queries," the statement read. "An emergency investigation indicated that access attempts had been made since October 2005 and that the hacker specifically sought Social Security numbers," said Jim Davis, the university's CIO and associate vice chancellor of IT, in the statement. The FBI was notified of the breach.
The breached database includes the names, Social Security numbers, dates of birth and addresses of current and former faculty, staff and students and, in some cases, the parents of students at the university.
"We deeply regret the concern and inconvenience caused by this illegal activity," Davis was quoted as saying. He added that the university has since "reconstructed and protected" the breached database. He did not specify what measures the university has taken to mitigate the problem.
Although the hacker may have obtained personal information on some of the individuals, there is no evidence that the data has been misused, said Acting Chancellor Norman Abrams in the statement.
University officials could not be reached immediately for further comment.
That the breach remained undetected for more than a year is troubling but not entirely surprising, especially in a university environment, said Andrew Jaquith, an analyst at Yankee Group Research Inc. in Boston. There is still a widely held misperception that monitoring and auditing databases for security breaches imposes a "ridiculous penalty on performance," he said. As a result, many organizations fail to keep an eye on their databases and miss breaches of the sort that happened at UCLA, he said.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
