[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] Re: Interesting University Security Weakness

From: Max Rodriguez <mtrodrig@xxxxxxxxxx>
Subject: [WEB SECURITY] Re: Interesting University Security Weakness
Date: Mon, 20 Mar 2006 20:01:16 -0500

--=_alternative 004798E385257137_=
Content-Type: text/plain; charset="US-ASCII"

This is most interesting of my school.  The findings of this report would 
probably be identical to what happened at University of Texas, Austin 
about 3.5 yrs ago where students records and very sensitive personal 
information was compromised during a hacker break in:

http://www.computerwire.com/industries/research/?pid=DA6345AA-54CA-4171-9A27-936167425EF1&type=CW%20News

 

Max Rodriguez
Sr. Security Architect
Tivoli Systems an IBM Company
email: mtrodrig@us.ibm.com
(240) 888-5767 Mobile Office





"Schmidt, Albert E" <AES@ola.state.md.us> 
03/20/2006 01:55 PM

To
<websecurity@webappsec.org>, <webappsec@securityfocus.com>
cc

Subject
Interesting University Security Weakness






During a recent audit of UMUC I had an interesting audit finding.
Background: The majority of UMUC classes are online and UMUC has the
largest student population of all of the University's in the University
System of Maryland.  See Finding #6 at
http://www.ola.state.md.us/Reports/Fiscal%20Compliance/UMUC06.pdf

Al S. 

-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------



--=_alternative 004798E385257137_=
Content-Type: text/html; charset="US-ASCII"


<br><font size=2 face="sans-serif">This is most interesting of my school.
&nbsp;The findings of this report would probably be identical to what happened
at University of Texas, Austin about 3.5 yrs ago where students records
and very sensitive personal information was compromised during a hacker
break in:</font>
<br>
<br><font size=5 color=#ff1f10 face="Arial"><b>http://www.computerwire.com/industries/research/?pid=DA6345AA-54CA-4171-9A27-936167425EF1&amp;type=CW%20News</b></font>
<br>
<br><font size=5 color=#ff1f10 face="Arial"><b>&nbsp;</b></font>
<br><font size=2 face="sans-serif"><br>
Max Rodriguez<br>
Sr. Security Architect<br>
Tivoli Systems an IBM Company<br>
email: mtrodrig@us.ibm.com<br>
(240) 888-5767 Mobile Office<br>
<br>
</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>&quot;Schmidt, Albert E&quot;
&lt;AES@ola.state.md.us&gt;</b> </font>
<p><font size=1 face="sans-serif">03/20/2006 01:55 PM</font>
<td width=59%>
<table width=100%>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td valign=top><font size=1 face="sans-serif">&lt;websecurity@webappsec.org&gt;,
&lt;webappsec@securityfocus.com&gt;</font>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td valign=top>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td valign=top><font size=1 face="sans-serif">Interesting University Security
Weakness</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><font size=2><tt>During a recent audit of UMUC I had an interesting
audit finding.<br>
Background: The majority of UMUC classes are online and UMUC has the<br>
largest student population of all of the University's in the University<br>
System of Maryland. &nbsp;See Finding #6 at<br>
http://www.ola.state.md.us/Reports/Fiscal%20Compliance/UMUC06.pdf<br>
<br>
Al S. <br>
<br>
-------------------------------------------------------------------------<br>
This List Sponsored by: SpiDynamics<br>
<br>
ALERT: &quot;How A Hacker Launches A Web Application Attack!&quot; <br>
Step-by-Step - SPI Dynamics White Paper<br>
Learn how to defend against Web Application Attacks with real-world <br>
examples of recent hacking methods such as: SQL Injection, Cross Site <br>
Scripting and Parameter Manipulation<br>
<br>
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl<br>
--------------------------------------------------------------------------<br>
<br>
</tt></font>
<br>
--=_alternative 004798E385257137_=--

References:
- [WEB SECURITY] Interesting University Security Weakness
  - From: Schmidt, Albert E

Prev by Date: Re: [WEB SECURITY] Interesting University Security Weakness
Next by Date: Re: [WEB SECURITY] How to Create Secure Web Applications with Struts
Previous by thread: Re: [WEB SECURITY] Interesting University Security Weakness
Next by thread: [WEB SECURITY] Free tool to analyse and post http request
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org