Adam On…

Over the past week there has been much talk by a group of Chinese hackers about attacking CNN web sites as part of a protest of what the group claims has been anti-China news coverage by CNN. The Dark Visitor site (where I presonally became aware of this whole incident) has done a great job of covering the whole saga.

After calling off the attack after attack details became public, it seems that the group decided to go through with the attack after all. Offering words of encouragement and automated tools for those without the technical skills for manual attacks, the group launched an attack that appeared to be successful. Even now sites like sports.si.cnn.com remain offline causing individuals to boast about the success of the attack on sites such as twitter.

Yet, there is one small problem. The site attacked, the “Sports Network” is not part of the CNN/SI family of sites. Instead the Sports Network is a privately held Pennsylvania company that has been taken offline by these attacks. As of this writing the web site for the Sports Network still displays a note about the attack and that the Sports Network is working to get everything back up and running.

This was an odd story to watch unfold and I wish the best of luck to the staff over at the Sports Network in getting everything back online and avoiding future attacks.

Reading this blog one might get the impression that I do not hold educational institutions in high regard with respect to information security. However, nothing could be further from the truth. The reason I write about higher education on this site and track security incidents over at ESI is that I believe that these efforts (mostly ESI) will help educational institutions. I have dedicated most of my professional life to working in higher education and I want nothing more then to see this industry succeed.

This disire to see the industry succeed is why I am excited to see the manner in which Ohio University is handling the aftermath of the university’s breach back in 2006. Instead of reamining silent about this unfortunate incident, Ohio University is speaking out about what happened and what the university has learned from the incident. In a recent article in the Chronicle Of Higher Education (subscription required), Ohio University president Roderick McDavis describes the incident from the inside.

This is a great article and hopefully those reading this have access to the Chronicle. If not, The Athens Messenger has an overview of the article, but I feel it misses several key points. These key points include that “We don’t think” is not a good enough answer when determining if systems are at risk, that the university IT department (like many college/university IT departments) was “was significantly understaffed and that its future performance was not sustainable without further investment” and that the outsourcing the university was doing was not a good option for the future.

However, I will say that the overview does capture the best point of the article: “Share information openly - both positive and negative.” Perhaps there is a light at the end of the tunnel after all.

Want to hear more about the Ohio University incident? Ohio University will be talking about this incidient at the upcoming EDUCAUSE Security Professionals Conference during a preconference seminar titled “The Lifecycle of a Security Breach”. If you are going to the conference but not attending the preconference events, you can still learn about the breach at the “Keeping the Skillet Hot: Managing Security Between the Breaches” session where I have the pleasure of being on a panel with Matthew Dalton of Ohio University and Jack McCoy of the University of Colorado System.

I’ve been traveling a bit recently and now visiting family over the Eastern weekend. I plan to get back to posting by Monday so keep an eye on the RSS feed.

If you are interested, head on over here and take a look a the Poster Session I recently presented at the EDUCAUSE Midwest Regional Conference. The presentation is available in both PDF and MOV format. (Special thanks to Christy Kilgore-Hadley for making this presentation look amazing!)

I’ll be at the EDUCAUSE Midwest Regional Conference up in Chicago from Monday through Wednesday morning. I’m presenting a Poster Session on Tuesday from 1:30 - 2:30 on the Seventh Floor of the hotel. If any of you are going to be there, stop on by my table.