University of Arizona
Arizona State Audit Discovers Student Information Is At Risk
Quick Facts
- Date: 6/21/2008
- Institution: Arizona State University, Northern Arizona University, University of Arizona
- Type of Incident: Unauthorized Disclosure
- Number Affected: 10,000
- Source: ESI
- Abstract Source: The Arizona Republic
Abstract
A recent state audit has uncovered a number of serious weaknesses in the web systems at Arizona state's universities. State auditors were able to access personal information, including names and Social Security numbers, of 10,000 individuals. In addition, auditors found weaknesses that, if exploited, would allow an individual to take over large numbers of user accounts, change records and install malicious software. The audit only looked at a small percentage of web applications at the universities and the auditors believe that similar vulnerabilities are likely to exist in other web-based applications at the universities. The audit recommends that Arizona State University, Northern Arizona University and the University of Arizona develop comprehensive information security programs, provide better training for Web developers and conduct regular security tests.
Compromized Department Web Servers Redirected To Adult Content
Quick Facts
- Date: 1/26/2007
- Institution: University of Arizona
- Type of Incident: Penetration
- Number Affected: N/A
- Source: ESI
- Abstract Source: Arizona Daily Star
Abstract
The University of Arizona announced that two department Web servers were recently compromised by individuals believed to reside outside of the United States. These machines, belonging to the University's Philosophy department and the to the Large Binocular Telescope Observatory, were compromised through a known vulnerability in the Twiki collaboration software. The intruder used their access to upload pornographic material to the Web sites and redirect link traffic to adult pages. Luckily, no student or sensitive data is believed to have been contained on these machines. Interestingly enough, the departments these computers belonged to were aware of the vulnerability in the program, but had not had a chance to deploy the patch to fix the problem.
Foreign Hacker Gains Access To Employee and Financial Data
Quick Facts
- Date: 1/10/2007
- Institution: University of Arizona
- Type of Incident: Penetration
- Number Affected: Unknown
- Source: ESI
- Abstract Source: SC Magazine
Abstract
The University of Arizona recently announced that a foreign hacker gained unauthorized access to the University's network systems. Last week, employees found a number of pirated movies and games on University computers. Also stored on these systems are employee names, Social Security numbers, University credit card information and other financial transaction information. The University does not believe this individual accessed this information. University of Arizona employee were able to trace the IP address of the attacker to an ISP in France.
