Comments

You have commented 339 times on Rantburg.

Your Name

Your e-mail (optional)

Website (optional)

	My Original Nic Pic-a-Nic Sorry. Comments have been closed on this article.
Foto

Submit your comments on this article

Home Front: Tech

U.S Air Force data breached

2005-08-24

MORE than 33,000 US Air Force officers could be at greater risk of identity theft after a "malicious user" accessed a database containing personal information. The attacker used a legitimate password to access a database that contained birth dates, Social Security numbers and career information for about half of the Air Force's officers, as well as a handful of non commissioned officers, Master Sergeant Randy Mitchell said. Personal financial records and classified military information are not included in the career-management database, he said.

The incident has not led to any known instances of identity theft but the Air Force is urging those affected to monitor their credit records, he said. "We're not sure what the person was doing inside the system, if they was just being curious and going through all these records or what, but nobody's information has been used in an illegal way that we know of so far," Sgt Mitchell said in an interview.

A rash of security breaches at businesses, universities and other institutions have put at least 50 million US consumers at heightened risk for identity theft over the past year. The US Congress is considering several bills that would tighten computer-security standards and improve consumer protections when such incidents take place.

What Congress should be doing is passing some laws mandating a minimum of 20 years for anybody screwing with somebody else's data. Letting the little bastards off isn't deterring anybody.

Posted by:Oztralian [AKA] God Save The World

#3 letmein itsme root mymaidenname mydawgsname mycatsname myoldestchildsname myspousesname mybirthday

(all avilable on the web)

Posted by: Shipman 2005-08-24 16:00

#2 "The attacker used a legitimate password to access a database"

If this database is Microsoft SQL then, it's not difficult. Once you breach Windows SAM then, if the default SQL password is not changed, then the database can be penetrated. When, you load SQL on top of Windows, then the first thing you are supposed to do is change the default SQL password. 99% percent of people forget to do this. Especially, if you hire a contractor to do this, why should he care. He/she loads the OS, database SW, and configure the database, then leaves. He/she can care less if the database can be breached.

Also, most security consultants will over look this vulnerability. They just simply place a security scanner, fire and forget. Most scanners will not pick it up.

Yes, technology has its problems, but a competent IT person can offer counter measures. The problem is not technology. The problem is priority. There is no sense of urgency until something is breached.

The peremiter security of this country is no different. 9/11 barely did anything to change the situation. We are still worried about hurting people's feelings instead protecting this country. The border is open, old ladies in wheel chairs are searched while men of Eastern descent between the ages of 15 and 50 walk into the plane without being stopped because we don't want to hurt anybody's feeeeelings.

Again, technology is not the problem, only priority.

Posted by: Poison Reverse 2005-08-24 09:33

#1 Had the opportunity to listen to a lecture by [Admiral] Grace Hooper. One of her points/warnings was that automation technology and privacy were incompatible. To effectively control access to the material will in the end degrade the effective use of the data. To make personal data accessible for effective use requires lowering practical protections of that data. Welcome to the dark side of technology.

Its the double edge sword of modern technology. 747s can fly you in a day to anywhere on the planet, it can also transport viruses and pathogens with the same ease. In the end, its a cost/benefit trade off.

Posted by: Thrinegum Sleager2196 2005-08-24 05:05

00:00