[WEB SECURITY] Re: Interesting University Security Weakness

Max Rodriguez mtrodrig at us.ibm.com
Mon Mar 20 20:01:16 EST 2006


This is most interesting of my school.  The findings of this report would 
probably be identical to what happened at University of Texas, Austin 
about 3.5 yrs ago where students records and very sensitive personal 
information was compromised during a hacker break in:

http://www.computerwire.com/industries/research/?pid=DA6345AA-54CA-4171-9A27-936167425EF1&type=CW%20News

 

Max Rodriguez
Sr. Security Architect
Tivoli Systems an IBM Company
email: mtrodrig at us.ibm.com
(240) 888-5767 Mobile Office





"Schmidt, Albert E" <AES at ola.state.md.us> 
03/20/2006 01:55 PM

To
<websecurity at webappsec.org>, <webappsec at securityfocus.com>
cc

Subject
Interesting University Security Weakness






During a recent audit of UMUC I had an interesting audit finding.
Background: The majority of UMUC classes are online and UMUC has the
largest student population of all of the University's in the University
System of Maryland.  See Finding #6 at
http://www.ola.state.md.us/Reports/Fiscal%20Compliance/UMUC06.pdf

Al S. 

-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20060320/4f994a49/attachment.html>


More information about the websecurity mailing list