Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Hacking Higher Education
Threaded  |  Newest First  |  Oldest First
PJS880
100%
0%
PJS880,
 User Rank: Ninja
6/16/2013 | 3:24:00 PM
re: Hacking Higher Education
I have worked on the
IT security team where I attend school, and they have several measures set up
for intrusion detection and penetration testing. Universities must keep up to date with threats
they are facing, by hiring third party red teams to try and penetrate their
systems. Not to mention these are
younger adults and maybe think they can us what they are learning and misuse it
for they own personal gains. At the very least Universities are more aware of
the threats they face so that they can better prepare for them.

Paul Sprague

InformationWeek Contributor
RuskinF
50%
50%
RuskinF,
 User Rank: Apprentice
1/9/2020 | 7:21:43 AM
re: Hacking Higher Education
Thanks for the post. Our university also arranges penetration testing competitions to find out the vulnerability of their systems. These competitions allow younger adults to test their skills as well.
BrianN060
50%
50%
BrianN060,
 User Rank: Ninja
2/17/2018 | 6:27:01 PM
Flag comments?
Does DR have a way to flag inappropriate comment posts?  If not, suggest you add one.  
LynnL703
50%
50%
LynnL703,
 User Rank: Apprentice
2/26/2018 | 1:47:20 AM
Re: Interesting Post
 Thank you so much for sharing this article.  
tdsan
50%
50%
tdsan,
 User Rank: Ninja
7/19/2019 | 5:47:49 PM
Identified the problem, now what is the fix
I do agree with the most recent commenter, thank you for sharing. But now that we understand the problem, how do we resolve the issue so it does not happen again.
  • Do we purchase cameras so we see who is going in and out of the various buildings
  • Do we purchase software to help us detect devices on the network that are out of the norm
  • Do we perform audits of the network and inventory the environment so issues are caught ahead of time (is there a program in place that does it every 6 months)
  • Is there an educational program to train the students and teachers about the use of the network and approved usage

However, removing the students is somewhat harsh, I do think this is a real-world attack and their exploit can be used by the other departments, don't kill their dreams, but have them work with the Cybersecurity teams to demonstrate real-world examples. Punish them but have them teach how a hacker thinks, there is a psychological evaluation that could help the students find ways to address real-world attacks (this is a perfect example). Put them on probabation but send them to the psychological evaluation unit where they can be evaluated and studied. This helps everyone understand how the mind works so you can combat the problem, if you have never been a hacker, then how do you know what to look for in order to defend against a potential theat (there was a movie called "To understand the mind of a killer" or "How to get away with murder", well why not do the samething but do it in a classroom setting.

Just a thought.

Todd
REISEN1955
100%
0%
REISEN1955,
 User Rank: Ninja
8/2/2019 | 1:33:01 PM
re: Hacking Higher Education
Advertisement not really good here and besides the service is a disaster - and I speak as a systems professional who is in Cyber security and has done support for offices, small businesses and home-office users.  I would never go to Geek Squad. 

And all the replies seem to be the same basic idea!!!   Hmmmmmmm
royjason123
50%
50%
royjason123,
 User Rank: Apprentice
2/4/2020 | 4:34:19 AM
Career Guide
Nevertheless, questions still remain on the relation between learning strategies, motivation, and performance. The vast majority of previous research has adopted some form of grades (be it single grades or grade point average) or self-report measures as outcome variables.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-28096
PUBLISHED: 2022-01-27
An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections.
CVE-2022-0348
PUBLISHED: 2022-01-27
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.
CVE-2021-44795
PUBLISHED: 2022-01-27
Single Connect does not perform an authorization check when using the "sc-assigned-credential-ui" module. A remote attacker could exploit this vulnerability to modify users permissions. The exploitation of this vulnerability might allow a remote attacker to delete permissions from other us...
CVE-2022-23181
PUBLISHED: 2022-01-27
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using...
CVE-2021-44792
PUBLISHED: 2022-01-27
Single Connect does not perform an authorization check when using the "log-monitor" module. A remote attacker could exploit this vulnerability to access the logging interface. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information.