HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
If you are a student, alumni or faculty at the University of South Carolina (or know someone that is) the school's servers were hacked and the personal information of 34,000 has been exposed.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
University of South Carolina Servers Hacked
- Thread starter HardOCP News
- Start date
RobustDude
Limp Gawd
- Joined
- Jul 9, 2002
- Messages
- 247
That's a nice near 3 month delay on breaking the news. I at least hope the internal hush didn't last as long.
JosiahBradley
[H]ard|Gawd
- Joined
- Mar 19, 2006
- Messages
- 1,791
Seriously someone needs to wake up and ask WHY there is external access to such high end data stores? You only allow your internal network into systems that house student records, or setup some sort of one way sync operation. As I say in every thread like this, no one cares about security until its too late. This is why I take my job seriously even if I'm ridiculed for being the one security conscious guy.
did the article say it was an external attack? I didn't find it
JosiahBradley
[H]ard|Gawd
- Joined
- Mar 19, 2006
- Messages
- 1,791
The phrase 'sever attack' is generally used for an attack that takes place over a network, generally one that resides outside of the servers normal boundaries. But sure it didn't exactly say it. If it was a breach then they should of used that word instead. But we are arguing semantics now and my comment still stands.
Well South Carolina continuously proves that they're not among the smartest states in the union, especially with the news that gives Jon Stewart and Stephen Colbert(who was born there) lots of fodder to point and laugh at.
Plus, their school mascot is a (game)cock.
Normally i would totally agree with you, however. At my local university (not this one), their are more students off the main campus then one. Large numbers of students are in satellite campuses, and many people login for different country's, on a daily biases. They add classes online, check their balance, and view their transcript all online. If we made this all internal, the logistics and costs would be insane. We have a good security team, and have strong security measures, we are one of the few schools that send a daily report to the government, about the attacked used against us. Security defenses still fails sometimes, last i knew of someone stole some books on chemistry.
I could go into more details, but i am in a hurry, sorry for any misspellings.
I agree with itomwisp. I'm currently enrolled in a phd and paid a government scholarship through my Australian university back home, but working in the US through an American university and obviously that requires me to have accounts with both. If I couldn't access my information, pay fees, check statements, check scholarship payment status, access data, etc etc from online and overseas and generally operate without actually being on campus then it'd be a royal pain in the arse.
I should also say, that their is a vpn which anyone can use, if want a secure connection into the campus. You have to use it to access the library systems. Their is one guys whos whole job is the watch the vpn.
Othe most common uses for the vrpn?
1. Watching hulu outside the USA.
2. Free espn 360.
Othe most common uses for the vrpn?
1. Watching hulu outside the USA.
2. Free espn 360.
JosiahBradley
[H]ard|Gawd
- Joined
- Mar 19, 2006
- Messages
- 1,791
I think you guys are missing my sentiment. Data does not need full unadulterated access form the outside to allow verified users into the system. This is done via use of interface servers setup for the sole purpose of authenticated data retrieval. Any hacks into those servers produce no actual data as they are simply relay devices. The real data stays tucked away back at base. The relay servers must have authentication data from a user to access home data, so an intruder would still be without access to everyones data and could only harvest that which they stumble upon in transit after breaking the encryption. Actually an easy to do setup that dosen't cost a whole ton in personnel or infrastructure. Just proper setup from the get go.
So I guess those servers DO have internet access? But they used breached. Maybe it was both an internal and external attack?!
It seems like a pretty easy security measure to get past. Instead of shooting at vulnerabilities from the internet, they send phishing emails to students with a keylogger installed from the fake link and then they have creds. From my understanding of your security measure, as soon as they have any credentials that allows traffic from any computer that's using them, they could then throw the same attacks at the database servers. If they decide to block certain types of traffic from users with a student status, they can just start targeting admin type accounts that allow broader access.
JosiahBradley
[H]ard|Gawd
- Joined
- Mar 19, 2006
- Messages
- 1,791
Still missing the point. What is a single comprised account versus 10,000? A slightly successful mitigation. Admin accounts should only have access via internal networks or over trusted VPN systems anyways. Their attacks wont work against a DB located on a different network located in house. They'd only be able to steal the user data they already illegally gained access to. Passwords are the known weakest link in security.
Levels of security are important not because they prevent attacks, but they make them exponentially difficult. Either postponing a real attack or giving you time to see that outer layers were breached and securing what you can deeper down the onion.
1337m0dd3r
[H]ard|Gawd
- Joined
- Jun 26, 2002
- Messages
- 1,553
Wow a lot of sc hatin . the schools here in sc like leaving their shit UN secured so it doesn't really suprise me.
SkribbelKat
Supreme [H]ardness
- Joined
- Jan 25, 2012
- Messages
- 5,330
I can help with the giving you BS part. People tell me that I have qualifications in the "loads of BS" department.