Wednesday, November 16, 2011

UCLA psychology department database hacked


          Hackers take responsibility for the release of information from the psychology department’s database which included the names, home addresses and dates of birth of 26 applicants to the university. The attacker also published some information that helped him access the database. He highlighted the open ports and the versions of the services he relied on to hack the site.

          This is not the first time that the department database has been dumped on Pastebin. In July 2011, another hacker posted psychology department faculty’s phone number, first and last name, e-mail address, street address, and UCLA ID number. Webmasters from UCLA IT are still investigating the hacking, but Bollens said it is likely the result of a SQL injection, which makes programs give more information than intended for release.

        The psychology department’s outdated database may have made it more susceptible to the SQL injection, where the hacker puts in a code that the program doesn’t recognize. That can cause the program to give up information that the programmer did not intend to release. SQL injections are responsible for more than 90 percent of hacks.

0 comments:

Post a Comment