EDUCAUSE | Contributed by Organizations or Campuses; Articles, Papers, and Reports; and Security Risk Assessment and Analysis

Why File Sharing Networks Are Dangerous

ckeller — Mon, 10 Sep 2007 14:55:36 -0500

In this paper the authors analyze P2P security issues, establishing vulnerabilities that software
clients represent. The authors go on to present experimental evidence of the risk through honeypot
experiments that expose both business and personal financial information and they track the resulting consequences. Their analysis and experimental results show the security risk of P2P file sharing networks.

Incident Response at UT Austin

drupal — Tue, 23 May 2006 10:13:27 -0500

An interview with VP for IT Dan Updegrove. The recent break-in to an administrative database at the McCombs School of Business at UT Austin (TX), discovered April 21, 2006, may have compromised the personal data of a very large number of individuals. Early reports stated there were about 197,000 records in the database. We caught up with VP for IT Dan Updegrove for an update and some of his impressions after the first two weeks of the institution's incident response.

Locking Down Departmental Data

drupal — Tue, 23 May 2006 10:09:52 -0500

As hackers have found their way into computer networks around the country in recent years — putting individuals' personal information at risk of identity theft and embarrassing companies, colleges and other entities — many if not most higher education institutions have significantly tightened their technological security.

Open-source bugs undermine digital signatures

drupal — Thu, 16 Mar 2006 12:08:29 -0600

A pair of security bugs in cryptography software could allow an attacker to insert content into a digitally signed message or forge signatures on files.

Server hack at Georgetown University probed

drupal — Tue, 07 Mar 2006 14:06:17 -0600

Data on as many as 41,000 people may have been compromised.

Data Privacy: What We Can Learn From the Suits

drupal — Tue, 14 Feb 2006 15:15:45 -0600

Savvy college and university administrators are engaging government and business experts to ensure data security and privacy on campus. Maybe they're on to something.

Signaling Vulnerabilities in Wiretapping Systems

drupal — Wed, 30 Nov 2005 11:12:38 -0600

Telephone wiretap and dialed number recording systems are used by law enforcement and national security agencies to collect investigative intelligence and legal evidence. In this paper, we show that many of these systems are vulnerable to simple, unilateral countermeasures that allow wiretap targets to prevent their call audio from being recorded and/or cause false or inaccurate dialed digits and call activity to be logged. The countermeasures exploit the unprotected in-band signals passed between the telephone network and the collection system and are effective against many of the wiretapping technologies currently used by US law enforcement, including at least some "CALEA" systems. Possible remedies and workarounds are proposed, and the broader implications of the security properties of these systems are discussed.

Steps for Managing Risk

drupal — Mon, 14 Nov 2005 12:23:42 -0600

The author discusses techonology risk management.

Emerging Cybersecurity Issues Threaten Federal Information Systems

drupal — Fri, 29 Jul 2005 11:20:27 -0500

Federal agencies are facing a set of emerging cybersecurity threats that are the result of increasingly sophisticated methods of attack and the blending of once distinct types of attack into more complex and damaging forms. Examples of these threats include spam (unsolicited commercial e-mail), phishing (fraudulent messages to obtain personal or sensitive data), and spyware (software that monitors user activity without user knowledge or consent). To address these issues, GAO was asked to determine (1) the potential risks to federal systems from these emerging cybersecurity threats, (2) the federal agencies' perceptions of risk and their actions to mitigate them, (3) federal and private-sector actions to address the threats on a national level, and (4) governmentwide challenges to protecting federal systems from these threats.