Mizzou Can’t Patch Computers

Back in January, University of Missouri allowed hackers into the network through a weak online grant application.  They had to notify 1200 researchers that their social security numbers were up for sale on the hacker underground. 

But instead of working to properly secure their network, Mizzou sysadmins allowed hackers back into the network, this time through their own helpdesk application, to steal the identities of 22,000 current and alum students.  I hope Mizzou fires the admins who keep screwing over their users.

From the AP here:

A computer hacker accessed the Social Security numbers of more than 22,000 current or former students at the University of Missouri, the second such attack this year, school officials said Tuesday. The FBI is investigating. 
 
Campus computer technicians confirmed a breach of a database last week by a user or users whose Internet accounts were traced to China and Australia.

The hacker accessed personal information of 22,396 University of Missouri-Columbia students or alumni.

The hacker obtained the information through a Web page used to make queries about the status of trouble reports to the university’s computer help desk.

In January, a hacker obtained the Social Security numbers of 1,220 university researchers, as well as personal passwords of as many as 2,500 people who used an online grant application system.

The university is contacting people affected by the latest breach and providing instructions on how to monitor their credit reports and other financial records for suspicious activity, officials said.

Maybe the victims of this latest breach would be kind enough to send a letter back showing the lazy admins how to patch their systems and use proper filters on their firewalls.  Lotsa luck to the FBI on catching the hackers.