1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Harvard database shared via BitTorrent

Discussion in 'Article Discussion' started by CardJoe, 14 Mar 2008.

  1. CardJoe

    CardJoe Freelance Journalist

    Joined:
    3 Apr 2007
    Posts:
    11,343
    Likes Received:
    292
  2. 1ad7

    1ad7 New Member

    Joined:
    13 Feb 2008
    Posts:
    263
    Likes Received:
    1
    The point he is making is inherently flawed. If someone wants data, they can and will take data. Now to do this for a bunch of idiots that take social's and ruin peoples credit, well thats just wrong. He proved a point alright, he for sure didn't apply to Harvard I guess that narrows the list of suspects.
     
  3. Burnout21

    Burnout21 Is the daddy!

    Joined:
    9 Sep 2005
    Posts:
    8,614
    Likes Received:
    197
    the point he made has interesting. If he noticed that there was a weakness in the website sercurity surely an email to the admin would have been better, made attaching a list of file names so they dont think your joking.

    he definatly went about it the wrong way thats all i can say! and you dont torrent peoples personal infomation like that, 1000's of students are now living a paranoid life waiting for the cerdit cards to suddenly max out due to fraud.
     
  4. mmorgue

    mmorgue New Member

    Joined:
    16 Feb 2005
    Posts:
    386
    Likes Received:
    0
    He could have done them a favour and illustrated to them the inherent security flaws in their system, thereby gain credit for himself and helping out a bunch of people. He could have emailed the web admin with PoC code and examples showing how easy it was, etc. At worse, he could have 'added' a few fake but obvious records to let the security people know he had cracked it.

    He didn't have to jeopardise the personal data of thousands of people to prove it. He's not smart -- he's just an idiot.
     
  5. sotu1

    sotu1 Ex-Modder

    Joined:
    24 Aug 2007
    Posts:
    2,877
    Likes Received:
    26
    it's pretty clear that there seems to be an ulterior motive. The hack is one thing, to then release highly sensitive details of 10,000 people is malicious.
     
  6. EmJay

    EmJay New Member

    Joined:
    28 Jun 2007
    Posts:
    316
    Likes Received:
    0
    I spy a personal grudge. He's an idiot to drag thousands of other people into it, tbh - now everyone hates the hacker, instead of hating the admin. He'd have been better off sending all the info to the admin's boss, if he really wanted to cause trouble for him.
     
  7. DarkLord7854

    DarkLord7854 New Member

    Joined:
    22 Jun 2005
    Posts:
    4,643
    Likes Received:
    121
    Guy probably got booted out of Harvard lol
     
  8. Dorte

    Dorte New in here.

    Joined:
    4 Mar 2008
    Posts:
    14
    Likes Received:
    0
    Not so good
     
  9. Cthippo

    Cthippo Can't mod my way out of a paper bag

    Joined:
    7 Aug 2005
    Posts:
    6,783
    Likes Received:
    101
    Depends on hos motivations. He's going to generate negative publicity for Harvard and specifically the IT department with this. If his goal was to hurt the uni's reputation in the media he has succeeded.

    And a minor point, he's undoubtably an ass, but I don't think he's an idiot.
     
  10. dyzophoria

    dyzophoria Member

    Joined:
    3 May 2004
    Posts:
    392
    Likes Received:
    1
    i hate people like these, its good that he found the flaw, but he should have just emailed the admins or contacted harvard itself, but exposing all the data of innocent people?
     
  11. Bluephoenix

    Bluephoenix Spoon? What spoon?

    Joined:
    3 Dec 2006
    Posts:
    968
    Likes Received:
    1
    this guy's actions are downright shameful.

    being an LPT (licensed penetration tester) and a CISSP, I think the # of laws he's broken are somewhere in the neighborhood of 40-50 depending on his location, I'd estimate the jail sentence he's likely to get if caught and charged with the offenses would be somewhere in the neighborhood of 30 years minimum mandatory.
     
  12. zero0ne

    zero0ne Member

    Joined:
    19 Jul 2004
    Posts:
    117
    Likes Received:
    0
    Of course his follow through was the wrong method, did it ever occur to any of you that he DID contact the Admin?

    who knows maybe the admin gave him a royal "**** you, my servers are secure"
    (there are server/network admins that are arrogant enough to think the stuff they do is 100% secure all the time)

    of course sharing all the info wasn't the right method, but why does harvard have this type of data in a SQL database unencrypted?
    AND WHY ARE THEY USING JOOMLA?
    (WTF)
     
  13. HandMadeAndroid

    HandMadeAndroid That's handy.

    Joined:
    18 Feb 2005
    Posts:
    740
    Likes Received:
    8
    Hey thumbs up to bit-tech for sharing the file names with the world
     
  14. B3CK

    B3CK New Member

    Joined:
    14 Jun 2004
    Posts:
    402
    Likes Received:
    3
    Albeit sounding a little harsh,, I would think this is probably what happened. Contacting the council for the college would have been a more appropriate action. While trying to make a tough example of the Sys Admin is one thing, I would think this person is in for a rough ride if caught.
     
Tags: Add Tags

Share This Page