UC Berkeley computers hacked, 160,000 at risk

This was an SQL injection attack, so the vulnerability was most likely in the web application (or arguably in the DB or scripting language, for making this vulnerability possible in the first case, but that's a slightly weak excuse).

It doesn't say if the DB was on the same computer, and indeed it doesn't have to be, for this kind of attack. (The amount of data stored in a web-facing DB might have been high - but then again, it might not. The web application might well legitimately need access to the data in question.)
 
3rd paragraph:

"The attackers accessed a public Web site and then bypassed additional secured databases stored on the same server."

That wording seem to me to say they are on the same server.
 
roddierod said:
3rd paragraph:

"The attackers accessed a public Web site and then bypassed additional secured databases stored on the same server."

That wording seem to me to say they are on the same server.

Nah, it could mean "the same server as the database they first got access to [through the web interface]" as well. The entire article is very light on concrete details.

Oh, and just to be picky ... if they bypassed the secure databases, wouldn't that be a good thing? ;)
 
Djn said:
Nah, it could mean "the same server as the database they first got access to [through the web interface]" as well. The entire article is very light on concrete details.

Oh, and just to be picky ... if they bypassed the secure databases, wouldn't that be a good thing? ;)

I agree the writing is very light on details. I bet it will be some disgruntled student or ex-staff member.
 
Back
Top