Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Loss of back office data to hackers a blow for Harvard.

CyberArk Software : 20 February, 2008  (Technical Article)
Data encryption of more sensitive non-public files on web application hosted at Harvard University would have prevented serious hack.
Cyber-Ark says that yesterday's report of Harvard University's Web site being seriously hacked - with copies of the main server database appearing on the BitTorrent file-sharing network - is a cautionary tale for anyone involved with IT security issues.

'Database losses and hacks can, and do occur, often through human error, but the Harvard University hack apparently involves the complete site database - allegedly including hidden system files - being released on to the BitTorrent file-sharing network,' said Calum Macleod, Cyber-Ark's European director.

'This is a potentially worse-case scenario for any IT director, as it means the complete site, right down to its root-and-branch structure, and, presumably, all system files, can be downloaded and cloned by just about anyone on the Internet,' he added.

Macleod went on to say that the compressed 125 megabyte file is said to include contacts details, as well as other files associated with Joomla, the open-source content management system.

'Although it remains to be seen what Harvard's IT department has to say about the site hack, it looks like the hackers got everything from the University's servers, including information from the back office and system file data that is not normally accessible to the public,' he said.

'If the University had used a data encryption system on its most sensitive files, then this systematic site hack would probably not have occurred. The worst that could have happened is that the publicly-accessible Web site could have been downloaded and distributed, which is no big deal for anyone,' he added.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo