Slashdot Mirror
CSU Chico Identities Compromised
MisterFuRR writes "California State University Chico is the latest victim of Identity theft. Aparently one of their "Food Service" machines was cracked and used to distribute "games, files, and other media". An official response is available." From the article: "The names of 15,500 current students, 1,000 faculty, 1,500 staff and former students going back about five years were in a database that was potentially compromised. The files also included information on prospective students."
Nope, they uses Microsoft SQL server. That's how they got cracked ;-)
i'd be surprised if any of the student data actually made it off the computer. through a not-really-worth-explaining series of events, a former co-worker of mine had a machine exploited in such a fashion. it became a hub for trading shows of cedric the entertainer. the hard disk quickly filled up and we unplugged the machine after its network activity started looking odd. it turns out that the parties responsible didn't even take the time to notice there was a second drive on the machine they'd be able to use.
i don't have any experience beyond that, but i've heard similar stories from other friends. it seems like the sort of exploit that took place isn't one that's likely to be targetted at retrieving potentially sensitive data from the exploited machine.
of course, one should never assume a particular attacker was ignorant and single-minded based on others' experience.
:-)
But I just checked her dietary habits in the hacked database and she looks more like tubgirl now.
Can anyone explain why the parent directory: http://www.csuchico.edu/inf/new/ is browsable?
John.
# cat
Damn, my RAM is full of llamas.
My fiance was a student at Chico State within the last 5 years and she just found out last night that she had been hit for $39.99 from a Pluto Data Inc scam. http://www.broadbandreports.com/shownews/60769 I wonder if they are somehow connected? She has only used her credit card online a few times.
The other half of the problem is illegal immigrants. My SSN has been used to buy a bunch of property in california, all under mexican surnames. However the privacy laws protect the fraudsters, i cant even find out who it is or where this property is. Only reason I found out was because I went to open an account at the bank and all these property transactions came up under my ssn -- the lady messed up and told me one of the names.
Religion is a gateway psychosis. -- Dave Foley
This kind of thing happens _all_ the time. When I knew people who did this, they'd get 10 or 15 unis whenever a new exploit came out. And that was just one 'fxp' team, of which there are hundreds. I'd be suprised if most of the unis in the US, and indeed around the world, don't have at least one compromised machine. And the guys don't care about sensitive data, they just want your hdd space and fast uni connection to serve the latest movies/games/apps/mp3s/whatever. This is the most un-news slashdot has posted in a _long_ time
I've spent the past 11 years of my professional life after my CSU, Chico Computer Engineering degree explaining to everybody that there really is a pretty good computer/engineering school there. Most of the engineering people spend too much time in the labs to really get out and party as much as some of the other people do.
:)
I try to claim that they know computers -- but then they do this!
(It really is a very nice school, with an attractive campus and social life included).
--Lance, CSUC Computer Engineering '93