| | |
 |
|
| 10-22-2004 | Previous edition: 10-21-2004 |
         
     |
Printer-friendly version ITaP encourages campuswide password change after security breachBy Sarah KriselAssistant Campus Editor Computer experts are urging all Purdue faculty, staff and students to change their passwords after a security breach has potentially made all passwords available. Scott Ksander, senior inforensics analyst/engineer for Information Technology at Purdue, said the breach may have happened before the investigative team found on Monday and Tuesday that approximately 100 passwords on campus may have been obtained by one or more unauthorized users. Ksander said the breach happened to numerous servers. Ksander said it is possible that there could be a cascading effect if students, faculty and staff do not change their passwords because one password may give the hacker access to a separate server, allowing access to more secure information. He said there are several things a hacker can do with the passwords. "They can read emails, log onto SSINFO and in the extreme they could steal one’s Purdue identity," he said. "However, there is no evidence of that happening." Ksander said if there are similarities between one’s Purdue password and other passwords they use for other accounts such as bank accounts, it could lead to the hacker stealing the password owner’s identity. People hack into systems like Purdue for a reason, said Ksander. "The hacker may want to dump an illegal movie, get information on the password owners, send a mass emailing of spam; the purpose may or may not be to get the personal identities." Ksander said students should change their passwords frequently to ensure better security. But the password should be strong, something that could not easily be guessed by strangers or people that know you. Gene Spafford, professor and executive director of the Center for Education and Research in Information Assurance and Security, said to better protect private information, students should run anti-virus software and have patch updates. He said there are many ways a hacker can gain access into one’s computer and anti-virus software and patch updates will help prevent from hackers accessing one’s computer. Joe Bennett, vice president of University relations, said this is a concern of Purdue because the University needs a secure and highly functioning system. "I am still concerned that we don’t know the extent to the intrusion and how much information has been compromised," said Bennett. A security breach happened in March of 2002. ITaP determined that 145,000 student names, Social Security numbers and identification numbers and an estimated 65,000 unencrypted passwords for student services information were exposed during the incident. Ksander said that they were unable to confirm what was actually obtained during the security breach in 2002 but they still have not received reports that any of that information was used. Printer-friendly version |
|
Front Page | Campus | City | Features | Opinions | Sports | Classifieds Advertising | Archive | Links | About us | Letter Submission Form To report any errors with or to give ideas on how we can improve the online edition of The Exponent contact Online Production |
