Thursday, March 13, 2008

Harvard having some problems with security

Harvard recently lost 6,600 admission applications containing Social Security Numbers, names, test scores, addresses, e-mails, etc. of students who applied for Harvard in Fall 2007.

I bring this up, not because it is one of the countries prime universities, but because the data obtained is not being used by one individual for profit, but is being shared online through BitTorrent for anyone who wishes to download it (its a 125 MB download). Due to the sharing medium, this data cannot be prevented from beaming its way across the net to anyone who is interested.

The motive behind this deed, as stated by the attacker, was to prove that a specific administrator at Harvard University did no know how to secure a web-server.

Harvard of course acknowledged the problem, apologized and offered assistance to anyone listed. But is this enough? Basically all data about these 6,600 individuals are being given away to anyone who is interested and has enough bandwidth to download 125 MB. A quick apology seems to be fairly lax to me. I feel some sort of fine or regulation should almost be in enforced with the loss of this information. What do you think?

Here is link to the statement from Harvard.

Nate Evans
The Krell Institute

  • All Material is Copyright © 2009 Michael McCoy and SEAS, L.L.C
  • Deter. Detect. Defend. Avoid ID Theft -