UC Berkeley computers hacked, 160,000 at risk

roddierod

Aspiring Daemon

Reaction score: 146
Messages: 834

Article

I like to know who put the secured databases on a public web server!!

I also like to know what these systems were running.
 

Djn

Well-Known Member

Reaction score: 67
Messages: 392

This was an SQL injection attack, so the vulnerability was most likely in the web application (or arguably in the DB or scripting language, for making this vulnerability possible in the first case, but that's a slightly weak excuse).

It doesn't say if the DB was on the same computer, and indeed it doesn't have to be, for this kind of attack. (The amount of data stored in a web-facing DB might have been high - but then again, it might not. The web application might well legitimately need access to the data in question.)
 
OP
roddierod

roddierod

Aspiring Daemon

Reaction score: 146
Messages: 834

3rd paragraph:

"The attackers accessed a public Web site and then bypassed additional secured databases stored on the same server."

That wording seem to me to say they are on the same server.
 

Djn

Well-Known Member

Reaction score: 67
Messages: 392

roddierod said:
3rd paragraph:

"The attackers accessed a public Web site and then bypassed additional secured databases stored on the same server."

That wording seem to me to say they are on the same server.

Nah, it could mean "the same server as the database they first got access to [through the web interface]" as well. The entire article is very light on concrete details.

Oh, and just to be picky ... if they bypassed the secure databases, wouldn't that be a good thing? ;)
 
OP
roddierod

roddierod

Aspiring Daemon

Reaction score: 146
Messages: 834

Djn said:
Nah, it could mean "the same server as the database they first got access to [through the web interface]" as well. The entire article is very light on concrete details.

Oh, and just to be picky ... if they bypassed the secure databases, wouldn't that be a good thing? ;)

I agree the writing is very light on details. I bet it will be some disgruntled student or ex-staff member.
 
Top