IA: Buena Vista University reveals data breach (update 1)
July 16, 2010 by admin
Buena Vista University has had a data breach on campus. We engaged a nationally-recognized computer forensics team to conduct an investigation and learned someone gained unauthorized access to a BVU database. The information that this person could have accessed includes names, Social Security numbers and some driver’s license numbers of BVU students (applicants, former and current), parents, faculty/staff (current and former), alumni and some donor records. These records date back to 1987.
Although we have no evidence that any personal information has been misused or disclosed to other persons, we have notified via letter all university stakeholders whose personal information may have been accessed.
The letters contain information on how to access a one-year subscription to Experian’s Triple Alert, a credit monitoring service BVU is providing free of charge. The service provides timely alerts of any key changes to credit reports as well as fraud resolution assistance, if needed.
To enroll in the Experian services you will need the individual activation code contained in your letter. You can then enroll on the Experian website: http://partner.consumerinfo.com/buena or by calling an Experian representative toll-free at 866.252.0121. The enrollment deadline is August 20, 2010.
To determine if you will be among those notified, you may call the university at 866.450.4636, 8 a.m. to 5 p.m. CT, Monday-Friday.
We regularly review our security measures and processes and remain committed to maintaining the privacy and security of all confidential data. We are currently working with a nationally-recognized outside expert to mitigate any risk of potential harm and are taking the steps necessary to prevent any future unauthorized access to BVU’s information systems. The incident has now been referred to the U.S. Attorney for the District of Minnesota.
We deeply regret this incident and are committed to protecting the personal information of all our stakeholders.
So what’s missing from their notification? Let’s see…
1. It doesn’t tell us when the breach/unauthorized access occurred.
2. It doesn’t tell us for how long the breach occurred.
3. It doesn’t tell us how and when BVU first became aware of the breach.
4. It doesn’t tell us how many individuals had data on the server.
5. It doesn’t tell us why the data on the server were not encrypted and whether they were supposed to have been encrypted.
6. It doesn’t tell us why data from over 20 years ago was still on a server connected to the Internet.
And why was this reported to the U.S. Attorney for the District of Minnesota instead of Iowa?
We’re missing a lot of information on this breach.
Update 1: Another source reports that the breach could affect 93,000.
They probably see this as “ensuring the user an excellent experience.” I look at it as an example of companies that don't want to surrender control of products they sell. If it's not a sale (if I can't do what I want with the phone) what is it?
Motorola Says eFuse Doesn't Permanently Brick Phones
Posted by timothy on Saturday July 17, @01:48AM
"Motorola has responded to claims that eFuse is designed to brick your device if you attempt to mod it or install unauthorized bootloaders. Yes, the device will still not operate with unauthorized software, but it will only go into recovery mode until you reinstall the authorized software. According to Motorola: 'If a device attempts to boot with unapproved software, it will go into recovery mode, and can re-boot once approved software is re-installed.'"
This could be interesting. Try Freebase as a research tool...
Google buys Metaweb to improve results for complex search queries
Google moved to better its search results by acquiring Metaweb, a San Francisco based company that maintains an open database of "things," and their relationships to one another. Terms of the deal were not disclosed.
… The openness of Metaweb's database, dubbed Freebase, means that for the first time Google would begin to rely on data that wasn't compiled or managed in-house. The search company said the two companies would keep Freebase open. [http://www.freebase.com/]
For my Ethical Hacking mid-term exam.
Researcher: Photos from your gadget can leak your location
NEW YORK--Be warned: If you take a snapshot with your iPhone or other camera-enabled gadget, it may divulge more information about you than your photographic abilities.
At the Next HOPE hacker conference here on Friday, a security researcher demonstrated how he scanned over 2.5 million photo links posted to Twitter and extracted exact latitude and longitude coordinates embedded in over 65,000 photos -- typically without the user's knowledge.
"It's a privacy fail," says Ben Jackson of Mayhemic Labs, who plans to release the software and data collection this evening. [For the hacking toolkit. Bob]
A quick way to summarize a company.
The Meteoric Rise of Craigslist (Infographic)
Love it or hate it, Craigslist is a Big Deal on the Internet. It has become the de facto place to look for housing, used goods, jobs and adult services. It has been blamed for taking classified advertising business away from struggling newspapers and facilitating sex trafficking (as well as at least a few murders). The guys from Online MBA have made this cool graphic about the juggernaut site
This may be what I need. Whenever I draw on the whiteboard, I see baffled looks on my student's faces. (even more than usual)
Friday, July 16, 2010
Simple Diagrams - Free Diagram Creation Tool
Simple Diagrams offers a free tool that anyone can use to create diagrams using a combination of clip art, text, and free hand drawings. Simple Diagrams provides a large selection of shapes and drawings that you can drag and drop into your diagrams. You can adjust the size of each element you place in your diagram. Any element can also be altered by using the pencil drawing tool. The pencil tool can also be used to create a drawing from scratch
To use Simple Diagrams you do need to install the Simple Diagrams software. Simple Diagrams uses the Adobe Air platform which means you can install Simple Diagrams on both Mac and Windows computers. Simple Diagrams offers a free version and a paid version. The free version appears to offer plenty of tools for classroom use.
This looks handy! I send you a link that connects you to my list. I don't need to keep emailing you as I update that list.
urlist: Create & Share Your List of Links
urlist is a brilliant website that makes sharing internet links even easier.
You start using urlist’s services by signing in either through your Google or Twitter account.
...URL lists can be extremely helpful whether it comes to research, showing a client some ideas, or sharing information on a particular subject with somebody. The site even has a bookmarklet which you can add to your browser’s bookmarks toolbar in order to easily add websites to your URL lists.
Also read related articles: Build an Online Reading List with “Read It Later” and Send A List Of Links As A Single URL With 1Link.In.