Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Loss of back office data to hackers a blow for Harvard.

CyberArk Software : 20 February, 2008  (Technical Article)
Data encryption of more sensitive non-public files on web application hosted at Harvard University would have prevented serious hack.
Cyber-Ark says that yesterday's report of Harvard University's Web site being seriously hacked - with copies of the main server database appearing on the BitTorrent file-sharing network - is a cautionary tale for anyone involved with IT security issues.

'Database losses and hacks can, and do occur, often through human error, but the Harvard University hack apparently involves the complete site database - allegedly including hidden system files - being released on to the BitTorrent file-sharing network,' said Calum Macleod, Cyber-Ark's European director.

'This is a potentially worse-case scenario for any IT director, as it means the complete site, right down to its root-and-branch structure, and, presumably, all system files, can be downloaded and cloned by just about anyone on the Internet,' he added.

Macleod went on to say that the compressed 125 megabyte file is said to include contacts details, as well as other files associated with Joomla, the open-source content management system.

'Although it remains to be seen what Harvard's IT department has to say about the site hack, it looks like the hackers got everything from the University's servers, including information from the back office and system file data that is not normally accessible to the public,' he said.

'If the University had used a data encryption system on its most sensitive files, then this systematic site hack would probably not have occurred. The worst that could have happened is that the publicly-accessible Web site could have been downloaded and distributed, which is no big deal for anyone,' he added.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo