Shostack + Friends Blog Archive

 

Breach Quickies

Well, now that America’s Finest News Source is getting into breach coverage, I guess I can move on. See “Hotels.com Information Stolen” in the Onion.

Also, Nick Owen has some good analysis of the Ohio State comedy of errors in “Repurcussions of data loss at Ohio University.” I’m hoping Chris will cover the N+1 Ohio State breaches, just as soon as they stop auto-incrementing.

3 comments on "Breach Quickies"

  • Alex Hutton says:

    Not to be picky, but folks here in Columbus might be quick to remind you that the breach was at Ohio University in Athens, not The Ohio State University in Columbus.

  • Chris Walsh says:

    I’m a bit busy — travelling on business. I figure the fourth and fifth breaches at OU (did you think it was just three? That is so last week!) are due more to ISS looking at their servers with a microscope than to any actual additional nefarious activity. In other words, these are but the traces of the sins of long ago. I may be wrong, but unless new info has come to light today, the available facts are a little sparse to know for sure either way.
    @Alex: I feel your pain. Right after breach 3, I was *this* close to emailing a friend who does infosec at THE Ohio State University and asking him what the heck was up. That could have been awkward :^).

  • Owen says:

    Don’t miss this story about the student who warned O.U. [link http://athensnews.com/index.php?action=viewarticle&section=archives&story_id=25118 no longer works] about the system’s insecurity and was fired for it.

Comments are closed.