U of C Student Information Compromised

fhqwhgads writes "SFTP access to the University of Chicago's web server has been temporarily blocked as Networking Services and Information Technology (NSIT) responds to 'the discovery by a campus web developer that files containing social security numbers were located on a portion of a public server that could be accessed by web developers not associated with the site.' The Chicago Maroon is reporting that this was done without escalation of privileges, and that some files were accessible from the internet."

Adding Insult to Injury

[booyah]

Now their webserver seems awfully slow and unresponsive...

Sysadmins are reporting a MASSIVE distributed denial of service attack... then they head over to /. to see how the rest of the world is going.... aw shit!

Re:seen it before, will probably see it again.

[richdun]

Sad thing is, after four years of Collage, the student found that randomly assembling bits of paper and pictures and such to create works of art doesn't really pay that much.

But seriously, my college just last year switched from plastering SSNs on IDs and such, IDs used for meals, building entry, even registration at student government meetings, to a university-only number. This doesn't surprise me one bit, and really it could have happened at a lot of colleges a long time ago.

Hey, you know what...

[Goronmon]

At least they don't use your SSN as your ID number and print it on everyone's ID card like my school does =|

Technical solution

[44BSD]

~badass$ echo > /etc/motd && chmod 444 /etc/motd

Hello, fellow Maroonian.

This server is connected to the big bad internet.

University policy prohibits the storage of sensitive data upon it.

Employees who violate policy will be fired. Students who violate policy will be expelled.

Have a Nice Day.
^D