The list of enterprises and institutions that have experienced major information security breaches continues to grow.
The University of Southern California said it will be contacting about 300,000 people who used an online application form to let them know that their private information might have been compromised.
A prospective student discovered the security hole while using the online application, according to press reports.
He confirmed the privacy problem by attempting to access a group of about 40 files and then reported the problem to online security organization SecurityFocus, which in turn informed the university.
Doing the Right Thing
USC then did "the right thing," said Carole Theriault, security consultant with Sophos. It shut down the online application tool.
"The university probably will be more diligent in the future," she noted, adding, though, that holes of this type are nearly impossible to avoid completely.
"Software is very complicated stuff," said Theriault. "It is written by human beings, and all human being are fallible." The most that enterprises can achieve is to thwart would-be hackers most of the time and to correct problems that arise.
Constant Battle
The security threats to enterprises are growing, Theriault noted. The writers of malware are no longer targeting only the naive home computer user.
More sophisticated viruses are targeting corporate networks to access their computing  power for the purpose of sending spam, for example.
In the case of USC's information breach, it appears that there was no malicious intent and that the amount of data subject to unauthorized access was relatively small. However, any system accessible via the Internet is subject to this kind of probing, Theriault stressed. "There's always going to be a battle," she said.
|
