Slashdot Mirror

← Back to Stories (view on slashdot.org)

CSU Chico Identities Compromised

Posted by Zonk on from the hack-the-cafeteria dept.

MisterFuRR writes "California State University Chico is the latest victim of Identity theft. Aparently one of their "Food Service" machines was cracked and used to distribute "games, files, and other media". An official response is available." From the article: "The names of 15,500 current students, 1,000 faculty, 1,500 staff and former students going back about five years were in a database that was potentially compromised. The files also included information on prospective students."

12 of 202 comments (clear)

  1. No Worries by fembots · · Score: 5, Funny

    It's still a good place for education as long as there are enough of chicks with no pants

    --
    Rock that crushes, Paper & Scissors that don't matter.
  2. Proof, yet again, that SSNs should not be used! by garcia · · Score: 4, Insightful

    Why oh why do people give out their SSNs even when registering for college courses? I work at a college and I went to college. You aren't required to give your SSN and when I register for courses now I certainly don't.

    Colleges shouldn't even ask applicants for their SSN. Yeah, it's a real pain in the ass 12 years from now when you try and get your transcripts and you can't remember your student ID. I graduated in 2001 and I remember mine... Maybe I won't in 10 more years but I will know that I can be searched for by name and graduation date.

    DO NOT GIVE OUT YOUR SSN TO ANYONE. If they ask then politely decline and ask if they will allow another ID number. Every college I know of has a student ID field.

    Here we are pushing students to use their student ID instead of their SSNs (a good majority of students give us the wrong SSN anyway).

  3. might be giving them too much credit by htmlboy · · Score: 4, Interesting

    i'd be surprised if any of the student data actually made it off the computer. through a not-really-worth-explaining series of events, a former co-worker of mine had a machine exploited in such a fashion. it became a hub for trading shows of cedric the entertainer. the hard disk quickly filled up and we unplugged the machine after its network activity started looking odd. it turns out that the parties responsible didn't even take the time to notice there was a second drive on the machine they'd be able to use.

    i don't have any experience beyond that, but i've heard similar stories from other friends. it seems like the sort of exploit that took place isn't one that's likely to be targetted at retrieving potentially sensitive data from the exploited machine.

    of course, one should never assume a particular attacker was ignorant and single-minded based on others' experience.

  4. choose a purpose by MrLint · · Score: 4, Insightful

    Have any of these people ever heard of data segregation?

    Why on earth would a 'food service' computer either have on it, or have access to a list of prospective students? So they can preemptively issue dining cards in case of alien attack?

  5. What? by mboverload · · Score: 4, Insightful

    What the hell are these databases doing on machines connected to the internet?

  6. RTFA (was Re:Food Service?) by hpulley · · Score: 4, Informative

    The summary above is not quite correct. The linked article actually states, "...someone had broken into a computer server at the university's housing and food service center last July", not a vending machine.

    --
    $#!^ happens, but why does it always have to happen to me???
  7. In Related News... by sdcharle · · Score: 4, Funny

    Students at CSU Harpo and CSU Groucho breathed a sigh of relief on finding their campuses were not affected. No word at this time on CSU The Man.

  8. I wonder how they figured it out by Crimsane · · Score: 5, Funny

    Little Johnny suspected something might have been up when the lunch menu started to refer to today's special as 0-d4y meatloaf

  9. Food Service by Embedded+Geek · · Score: 4, Funny
    one of their "Food Service" machines was cracked

    That's it! I don't care how many bells and whistles the thing has. I'm never going to give my social security number or bank account number to the soft drink machine again!

    --

    "Prepare for the worst - hope for the best."

  10. Happens all the time by KidHash · · Score: 4, Interesting

    This kind of thing happens _all_ the time. When I knew people who did this, they'd get 10 or 15 unis whenever a new exploit came out. And that was just one 'fxp' team, of which there are hundreds. I'd be suprised if most of the unis in the US, and indeed around the world, don't have at least one compromised machine. And the guys don't care about sensitive data, they just want your hdd space and fast uni connection to serve the latest movies/games/apps/mp3s/whatever. This is the most un-news slashdot has posted in a _long_ time

  11. The DEA by ilduce · · Score: 4, Funny

    The DEA is going to be busy for a while, given, you know, that its CSU Chico.

  12. CSU, Chico -- the good computer school by ChicoLance · · Score: 4, Interesting

    I've spent the past 11 years of my professional life after my CSU, Chico Computer Engineering degree explaining to everybody that there really is a pretty good computer/engineering school there. Most of the engineering people spend too much time in the labs to really get out and party as much as some of the other people do.

    I try to claim that they know computers -- but then they do this! :)

    (It really is a very nice school, with an attractive campus and social life included).

    --Lance, CSUC Computer Engineering '93