A case manager Hampshire student school system submitted to a complete and thousands of staff was forced to apologize after the seizure.
Bay House School in Gosport in the March attack, the Information Commissioner Office (ICO) and the school will be reported immediately to implement their own policies better now initiate a public security company.
The statement, the ICO some 20,000 people, including approximately 7600 students, personal information was compromised in an attack on the website of the school, he said. The files that are under threat, as well as information on medical students, parents and teachers to include information on.
A staff member of the school using the same password to access the Internet and data management systems, because according to the ICO, the attack is made easy. The staff, after the discovery of the password, time away from piracy Web site was hosted by the school administration of the student was able to access their systems. Avoid using passwords that repetition of the school said the staff recommendation, but the policy does not apply.
Ian Potter, head of school, "students of the school, including at least one of the hackers," saying he is responsible, considered a violation, and issued a statement on the website of the ICO.
Potter and the "sensitive and confidential information, a separate code and information data management treatment based on the identity and contact information, the system" and pledged that it will be the necessary training of staff must be aware and Password Policy. The school is also an annual penetration test.
David Emm, Kaspersky Lab researcher added security, the situation is more properly applied to the need for Security Policy Password and highlights the need to prevent the same password for different systems, he says, but it is difficult to accept that users of this complex and mixed letters lowercase letters, numbers and special characters, especially the many I remember the password. "But I have a solution," he said. "An administrator password of the application, for example, sheltered behind a single password to create and remember passwords and stores. On the other hand, people in all basic, easy to remember and use the password for each account to some of the rules. "
Peter Wood, director of the Computer has agreed to Brighton in the First Floor Council. "Password again become a big problem," he said. "Database Password LulzSec anonymous friends and took some great hacks on the back of this issue has been published to understand."
Easier for users to remember passwords with three or four words to protect the defenders of the use of a program manager password, but more difficult to break.
Penetration testing of wood, vulnerability is a weakness of common passwords, he said. "We have very large customer of a small six-digit password. So what will happen to change the effect of the length of time and do not know what services were used because they did not dare change a system that had, "he said. Another common source of where the security services account deficit, for example, the password 'backup' backup service will be added.
No comments:
Post a Comment