Update: Not unexpectedly (always assume a breach occurred - my liar to truth ratio on these subjects hovers around 1:90, respectively) ieee.org has confirmed the breach, per ZDNET - see here: IEEE admits password leak, says problem fixed.
A Russian computer programmer claims to have had access to logs from the IEEE ftp server, logins and passwords, and additional information. If the claim is true, this incident raises the bar on institutional negligence. See more information about the story, here. The users of the site are quite unique (and if the disclosure is true, the revealing of such information is scary):
Among the users who's [sic] information was exposed are researchers at NASA, Stanford, IBM, Google, Apple, Oracle and Samsung. IEEE's membership of over 340,000 is roughly half American (49.8 percent as of 2011). Other members reside in India, China and the Pacific Rim (23.4 percent) and Europe, the Middle East and Africa (18.3 percent). Some 8 percent of IEEE's membership constitute government employees, including the military. Most work in the private sector and academia.The website www.ieeelog.com has been set up to provide aggregate information regarding accounts from ieee.org - including password distribution, who accessed the site, and a whole bunch of other information. Assumedly this was set up by the discoverer, or someone associated with that person.
IEEE is, for the uninitiated, a very well known entity - the Institute of Electrical and Electronics Engineers.
To say this is "plumber with leaky pipes" problem would be an understatement. The IEEE has come up with many standards, not the least of which is 802.11. Yet they can't secure this type of information?
I have to wonder if there was any information that would assist in a very broad stuxnet type attack on a common piece of hardware or ASIC. Everything will be networked sooner or later.
ReplyDelete