[ insider_reports_insider ]
Competitor Tells Paper, Not Rival, About Security Flaw
Jason Lee Miller
Staff Writer
2008-08-19
 Insider Reports RSS Feed
Used to be you just had to worry about hackers, journalists, and security firms exploiting and making public any security flaws in your system. Now you have to worry about competitors.
 | | Competitor Tells Paper, Not Rival, About Security Flaw |  |
The Princeton Review (TPR) graced the pages of the New York Times, which, if one can help it, should be for good things. Instead it was revealed that during an Internet provider switch, TPR allowed easy, even googlable, Web access to information about thousands of Florida students who had taken national standardized tests.
The leak made accessible test scores, student names and birthdates, whether they had learning disabilities, and their ethnicities. The website also contained a host of published-elsewhere educational materials aimed at helping students do better on the tests.
"You have to wonder," writes security firm Sophos's Graham Cluley, "if companies are making it this easy to discover information about individuals, why do identity thieves go to all that effort of writing spyware?" Cluley, among others, has criticized TPR for not separating names and birthdates from other information.
TPR blocked access to the information, which was available online for seven weeks, as soon as the New York Times informed them of the security flaw. Who had actually discovered it? An unnamed competitor that was conducting some industrial espionage.
In other words, no friendly note making TPR aware of the situation, but a call from the New York freaking Times. Yeesh. Well, business is war, and all's fair in it, right?
About the Author:
Jason is a graduate of the University of Kentucky. He covers business, technology, and security issues.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
RSS
Archive
Contact Us
Advertise
