Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Hacking Higher Education
Newest First  |  Oldest First  |  Threaded View
royjason123
50%
50%
royjason123,
User Rank: Apprentice
2/4/2020 | 4:34:19 AM
Career Guide
Nevertheless, questions still remain on the relation between learning strategies, motivation, and performance. The vast majority of previous research has adopted some form of grades (be it single grades or grade point average) or self-report measures as outcome variables.
RuskinF
50%
50%
RuskinF,
User Rank: Apprentice
1/9/2020 | 7:21:43 AM
re: Hacking Higher Education
Thanks for the post. Our university also arranges penetration testing competitions to find out the vulnerability of their systems. These competitions allow younger adults to test their skills as well.
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
8/2/2019 | 1:33:01 PM
re: Hacking Higher Education
Advertisement not really good here and besides the service is a disaster - and I speak as a systems professional who is in Cyber security and has done support for offices, small businesses and home-office users.  I would never go to Geek Squad. 

And all the replies seem to be the same basic idea!!!   Hmmmmmmm
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/19/2019 | 5:47:49 PM
Identified the problem, now what is the fix
I do agree with the most recent commenter, thank you for sharing. But now that we understand the problem, how do we resolve the issue so it does not happen again.
  • Do we purchase cameras so we see who is going in and out of the various buildings
  • Do we purchase software to help us detect devices on the network that are out of the norm
  • Do we perform audits of the network and inventory the environment so issues are caught ahead of time (is there a program in place that does it every 6 months)
  • Is there an educational program to train the students and teachers about the use of the network and approved usage

However, removing the students is somewhat harsh, I do think this is a real-world attack and their exploit can be used by the other departments, don't kill their dreams, but have them work with the Cybersecurity teams to demonstrate real-world examples. Punish them but have them teach how a hacker thinks, there is a psychological evaluation that could help the students find ways to address real-world attacks (this is a perfect example). Put them on probabation but send them to the psychological evaluation unit where they can be evaluated and studied. This helps everyone understand how the mind works so you can combat the problem, if you have never been a hacker, then how do you know what to look for in order to defend against a potential theat (there was a movie called "To understand the mind of a killer" or "How to get away with murder", well why not do the samething but do it in a classroom setting.

Just a thought.

Todd
LynnL703
50%
50%
LynnL703,
User Rank: Apprentice
2/26/2018 | 1:47:20 AM
Re: Interesting Post
 Thank you so much for sharing this article.  
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
2/17/2018 | 6:27:01 PM
Flag comments?
Does DR have a way to flag inappropriate comment posts?  If not, suggest you add one.  
PJS880
100%
0%
PJS880,
User Rank: Ninja
6/16/2013 | 3:24:00 PM
re: Hacking Higher Education
I have worked on the
IT security team where I attend school, and they have several measures set up
for intrusion detection and penetration testing. Universities must keep up to date with threats
they are facing, by hiring third party red teams to try and penetrate their
systems. Not to mention these are
younger adults and maybe think they can us what they are learning and misuse it
for they own personal gains. At the very least Universities are more aware of
the threats they face so that they can better prepare for them.

Paul Sprague

InformationWeek Contributor


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27491
PUBLISHED: 2021-07-30
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,The Ypsomed mylife Cloud discloses password hashes during the registration process.
CVE-2021-27495
PUBLISHED: 2021-07-30
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password during the login process after redirecting the user from a HTTPS endpoint to a HTTP endpoint.
CVE-2021-32807
PUBLISHED: 2021-07-30
The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of `Script (Python)` objects. The policies defined in `AccessControl` severely restrict acce...
CVE-2021-22521
PUBLISHED: 2021-07-30
A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. The vulnerability could be exploited to gain unauthorized system privileges.
CVE-2021-34629
PUBLISHED: 2021-07-30
The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8.