Slashdot Mirror

← Back to Stories (view on slashdot.org)

U of C Student Information Compromised

Posted by Zonk on from the watch-your-permissions-kids dept.

fhqwhgads writes "SFTP access to the University of Chicago's web server has been temporarily blocked as Networking Services and Information Technology (NSIT) responds to 'the discovery by a campus web developer that files containing social security numbers were located on a portion of a public server that could be accessed by web developers not associated with the site.' The Chicago Maroon is reporting that this was done without escalation of privileges, and that some files were accessible from the internet."

2 of 143 comments (clear)

  1. seen it before, will probably see it again. by lecithin · · Score: 5, Interesting

    About 3 years ago I ended up finding a site that had a similar problem. It was on a University site and was devoted to students asking their instructor a question. The questions were something like this:

    HI MY NAME IS COLLAGE FRESHMAN. MY SOCIAL SECURITY NUMBER IS XXX-XX-XXXX. i WASNT IN CLASS TODAY AND WANTED TO KNOW IF THERE WAS ANY HOMEWORK DUE.

    Each entry (about 50) had students names and social security numbers.

    I contacted the instructor via email and let him know about the problem. The email was acknowledged but 3 months later, the SSNs were still up.

    I then contacted one of the students. The page was 'secured' in 1 day.

    I do not see the need for Colleges to have our SSNs or track the students via that number. I don't think they care enough to be responsible.

    --
    It could be worse, it could be Monday.
  2. Re:Add it to the list by a_greer2005 · · Score: 5, Interesting
    It is hard to take security seriously when NO ONE around you does. Here at schiil i have to give my SSN for everything, and every document I recive from the school has my ssn on it, I have repeatedly complained but no one gives a rats ass, i point out situations like this and it falls on deaf ears.

    the problem is the "It cant happen to me, not in this little town, that only happens in the big city" mindset of old applied to technology. it seems like no one will learn untill it is too late for them.

    the worst part is there is not a god damned thing I can do about it, everyone, like trained trones gives it out freely, without thought of the consequences, and when the policy is questioned, they look at me like my tin foil hat is too tight or something...