Viruses Stole City College of S.F. Data For Years 93
An anonymous reader sends this quote from an article at the San Francisco Chronicle:
"Personal banking information and other data from perhaps tens of thousands of students, faculty and administrators at City College of San Francisco have been stolen in what is being called 'an infestation' of computer viruses with origins in criminal networks in Russia, China and other countries, The Chronicle has learned. At work for more than a decade, the viruses were detected a few days after Thanksgiving, when the college's data security monitoring service detected an unusual pattern of computer traffic, flagging trouble."
Re:Not surprising (Score:2, Informative)
From what I've seen community college IT Tends to be pretty horrible. One of them out here had a server password of "password" and remoting on. Others tend to use a generic password on everything such as Mascot1 or gomascot1
IT Dunce A: Crap! Someone out there knows our password "gomascot1"!
IT Dunce B: No worries, I'll go ahead and change it to "gotigers1".
IT Dunce A: Phew!
Re:Missing details (Score:4, Informative)
I don't know WTF porn sites you guys are visiting, but there are PLENTY of them out there that have no popups, no viruses, and fewer ads than MSNBC. Serioiusly. Porn sites with viruses are NOT porn sites. They are VIRUS sites that use porn to attract virus clickers. Did you learn nothing from Anna Kournikova?
Re:Human failure (Score:4, Informative)
It's called Dancing Pigs [wikipedia.org]. A user will most likely pick convenience over security.
And any bank that prevents logging in from public computers will be laughed out of business - people expect to be able to bank anywhere and everywhere. Even on their cellphones (they can't wait to go home and do it then...).
No way around it, unfortunately, and educating the user is a pointless exercise because they'll just go back to their old ways.
Perhaps if the bank issued them special keypad calculators that could compute transaction hashes (for two-factor authorization) things would help. But no.
And given banks already use Wish It Was Two-Factor [thedailywtf.com], things won't be improving at all.