Attackers Intrude into University of Sydney Website
University of Sydney has acknowledged the existence of a security flaw on the website, which caused leakage of confidential information related to students.
Confidential information such as names, residential address, e-mail addresses, details of enrolled courses and costs related to thousands of students have been reported to be leaked by a hacker, who identifies himself as Evil. Security experts at the University have blocked access. Access to the vulnerable part of the website was blocked after the discovery of the leak. The office of the New South Wales Privacy Commissioner is investigating the data breach incident. Students availing library services seem to be the most affected.
Data leakage has serious repercussions on the privacy and information security of the affected individuals. Cybercriminals may use the acquired information for applying for student (fake) loans, blackmailing, identity theft, mail theft and other forms of deceit.
The offender has claimed access to significant part of the University network. The security flaw in the website allows any person with knowledge of a student ID number to gain access to details of several students by tweaking the ID number in the URL of the page. As threats in the cyberspace are growing in sophistication, IT personnel must be encouraged to attend seminars, workshops, refresher courses and IT training sessions to update their technical skill sets.
Ironically, the University was cautioned against the existence of such vulnerability four years back. While University authorities have claimed that security flaw has been mitigated, regular evaluation of security status of web applications is crucial to prevent data security breach incidents. Usually, penetration testers conduct in-depth tests and analyze the vulnerabilities and threat vectors and help organizations take corrective measures.
As attacks sometimes require user intervention, employees and students must be guided on safe Internet usage through online training and video clips. Proactive assessment and mitigation of threats is crucial to safeguard websites from security breaches.
EC-Council provides industry training and certification for information security professionals in ethical hacking among many other specializations. "Understanding how hackers exploit these vulnerabilities is a key requirement to hardening software and hardware. That is why EC-Council focuses on ethical hacking as an approach to information security evaluation" as stated by EC-Council's Senior Director, Steven Graham. EC-Council through its Certified Ethical Hacker program has trained such information security professionals from all over the world.
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences. The global organization is headquartered in Albuquerque, New Mexico.
6330 Riverside Plaza Ln NW
Albuquerque, NM 87120
Tag Words: university of sydney, data leakage, data breach, penetration tester, online training, it training, evil, security breach, cybercrime, information