They’re gonna announce the details at CoB. I still think its a simple Joomla vuln. See previous post. Also, a decent bit of coverage from some no-name web site and the coverage in the Harvard Crimson. Last couple of weeks people were working overtime doing Nessus scans and the like. Here’s what I got this morning:
Subject: Important Notice — SECURITY ALERT
*** Important Notice — Heightened Security Alert for Harvard Managers
We expect the GSAS to announce details later today on the hacking
incident involving one of their web servers. This announcement will
likely attract attention both within Harvard and beyond. We are
concerned that hacking attempts may increase following this kind of
publicity and therefore write to suggest that you all be on a heightened
alert status over the next week.
This incident will also likely raise many questions about security
practices and solutions so one should anticipate a spike in inquiries.
Please let me know if you have questions.
Berkman used to have some fairly decent security monitoring, but in the last couple years its been loosened a bit for flexibility — keeping those things running reliably and with an acceptable level of false positives in a constantly changing environment is difficult. Which just shows you, in any organization with many competing priorities and limited resources, convenience will win out over security the second you turn your back. The best security strategy is one with many levels of protection. Harvard UIS does some sophisticated border analysis, and organizations like FAS are waking up to the need for additional proactive intrusion *testing* in addition to monitoring. With all of these layers, the success of any individual attack is dramatically lessened, but never eliminated, especially in a large, disparate, and sprawling organization like Harvard.