Hackers take responsibility for the release of information from
the psychology department’s database which included the names, home
addresses and dates of birth of 26 applicants to the university. The
attacker also published some information that helped him access the
database. He highlighted the open ports and the versions of the services
he relied on to hack the site.
This is not the first time that
the department database has been dumped on Pastebin. In July 2011,
another hacker posted psychology department faculty’s phone number,
first and last name, e-mail address, street address, and UCLA ID
number. Webmasters from UCLA IT are still investigating the hacking, but
Bollens said it is likely the result of a SQL injection, which makes
programs give more information than intended for release.
The psychology department’s
outdated database may have made it more susceptible to the SQL
injection, where the hacker puts in a code that the program doesn’t
recognize. That can cause the program to give up information that the
programmer did not intend to release. SQL injections are responsible for
more than 90 percent of hacks.
0 comments:
Post a Comment