Create an Account
username: password:
 
  MemeStreams Logo

Harvard Crimson | Swipe Card Hack Prompts Complaint
search
Home Agent Weblogs Social Network Post Help About

Rattle
Picture of Rattle
Rattle's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Rattle's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
  Music
Business
  Tech Industry
  Telecom Industry
Games
Health and Wellness
Holidays
Miscellaneous
  Humor
  MemeStreams
   Using MemeStreams
Current Events
  War on Terrorism
  Elections
Recreation
  Travel
Local Information
  SF Bay Area
   SF Bay Area News
Science
  Biology
  History
  Nano Tech
  Physics
  Space
Society
  Economics
  Futurism
  International Relations
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Security
Sports
Technology
  Biotechnology
  Computers
   Computer Security
    Cryptography
   Cyber-Culture
   PC Hardware
   Computer Networking
   Macintosh
   Linux
   Software Development
    Open Source Development
    Perl Programming
    PHP Programming
   Spam
   Web Design
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Harvard Crimson | Swipe Card Hack Prompts Complaint
Topic: Computer Security 5:02 pm EDT, Apr 17, 2003

From: Joe Klein [jsklein@x]
To: SE2600 List [root at don't-you-dare se2600.org]
Subject: RE: [se2600] RE: Swipe Card Hack Prompts Complaint
Date: Thu, 17 Apr 2003 13:42:46 -0400

Response send to author:

Ms. Kicenuik,

Thank you for the article, but I think you have been misinformed.

Fact 1: Banks and other financial institutes are required by law to secure financial transactions between and over networks. Even on the Internet, financial transactions are secured using ssl encryption. Blackboard, now acting like a financial network, is not using secure communications.

Fact 2: BlackBoard has other products which have had vulnerabilities over the last 4 years. Apparently, they have a history of slow response to security problems.

Fact 3: Harvard signed a contract, releasing BlackBoard of all liability, in the used of their product. Any financial loss because of the lack of security in the BlackBoard systems, will be absorbed by Harvard.

Fact 4: This problem was reported to the BlackBoard company 6 months ago. This delay of addressing the security vulnerability only exposes blackboard customers and not Blackboard company.

Fact 5: The majority of hackers are not caught, so focusing on prosecution of the crime and not securing the system, would be considered a lack of due diligence. There for holding the Blackboard customers again, liable for all loss.

Here is the backup information which substantiates the above facts.

Fact 1:
http://www.nist.gov/public_affairs/releases/g01-111.htm
http://www.federalreserve.gov//boarddocs/rptcongress/annual98/ann98.pdf
Fact 2:
http://www.avet.com.pl/pipermail/bugdev/2003-January/001972.html
http://www.kb.cert.org/vuls/id/ADHR-5KCKAQ
http://www.securiteam.com/securitynews/5FP0P0K8UC.html
http://www.securitytracker.com/alerts/2003/Jan/1005961.html
http://icat.nist.gov/icat.cfm?cvename=CAN-2002-1007
http://www.securiteam.com/securitynews/5EP0B2A7QO.html
http://www.safermag.com/html/safer27/alerts/21.html
2003-01-25: Blackboard Learning System search.pl SQL Injection
Variant Vulnerability
2003-01-21: Blackboard Learning System search.pl SQL Injection
Vulnerability
2002-07-01: Blackboard Cross-Site Scripting Vulnerability
2000-07-18: Blackboard CourseInfo 4.0 Database Modification
Vulnerability
2000-07-10: Blackboard CourseInfo 4.0 Plaintext Administrator
Password Vulnerability

Fact 3:
http://www.uky.edu/Purchasing/uk-0215-2pct.pdf
http://www.rsc-sw-scotland.ac.uk/mleresponses/blackboard.htm

Fact 4:
http://www.edifyingfellowship.org/~overcode/bb-faq.html

Fact 5:
http://news.com.com/2009-1017-912708.html
http://abcnews.go.com/sections/tech/DailyNews/microsoft_hacked001031.htm
l

Now here is the challenge to you, how about writing an article which
addresses the facts.

Snagged from the SE2600 mailing list.

Harvard Crimson | Swipe Card Hack Prompts Complaint

Thread [3]


  
 
Powered By Industrial Memetics		RSS2.0