resource center
  See your link here
|
Computerworld -
A Web log generated by an online registration process opened a security breach over the weekend for a company that provides telephone service to students at about 70 small colleges nationwide.
The breach allowed outsiders to search for the names, Social Security numbers and addresses of about 2,000 students who registered with Resicom Corp. via its Web site, according to Resicom President Leidy Smith.
Smith said the Doylestown, Pa.-based company was told of the breach via e-mail and had fixed the problem by yesterday afternoon. In addition, all the colleges served by the company were notified of the problem.
Smith said that while the company is very concerned about the breach, the situation was mitigated by the fact that in order to access the information, a person needed to include a particular keystroke such as a pound symbol or a dollar sign between the first and last names to make a search work. He would not say what that key was.
Essentially, every time someone registered on the Web site, the Web logs noted that registration. Those logs were created as a text file, and it was that file that was searchable using the first and last name, along with the special keystroke.
Smith said the permission level to access the Web logs was set too low and has since been changed. He said he believes the access threshold was lowered accidentally during maintenance.
At no time was the company's main database containing more than 100,000 student accounts open or affected by the breach, Smith said. He added that the main database is behind a firewall and located at another site.
The State of PCI DSS Compliance at Organizations Today
Download this resource today!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Why Email Must Operate 24/7 and How to Make This Happen
Learn how to avoid an email outage by implementing a hosted email continuity solution.
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Eradicate Spam & Gain 100% Asurance of Clean Mailboxes
Get this paper now!
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
Sign up to receive updates on the latest Security resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
