Social Networking
Riding the social media wave
Wednesday 20 February 2008, 2:42 PM
Harvard Uni Hack Made Me Smile
Monday's report on Harvard University’s Web site being seriously hacked - with copies of the main server database appearing on a BitTorrent file-sharing network - is a cautionary tale for anyone involved with IT security issues. It’s also pretty funny (sorry!).
Although it remains to be seen what Harvard’s IT department has to say about the site hack (its media office has been embarrassingly quiet of late), it looks like the hackers got everything from the University’s servers, including information from the back office and system file data that is not normally accessible to the public. The compressed 125MB file is said to include contacts details, as well as other files associated with Joomla, the open-source content management system. It’s currently doing the rounds on The Pirate Bay.
So how did this happen? Easy. The University didn’t use a data encryption system on its most sensitive files. If it did, the systematic site hack would probably not have occurred. The worst that could have happened is that the publicly-accessible Web site could have been downloaded and distributed, which is no big deal for anyone.
Database losses and hacks can, and do occur, often through human error, but the Harvard University hack apparently involves the complete site database - allegedly including hidden system files. This is a potentially worse-case scenario for any IT director as it means the complete site, right down to its root-and-branch structure, and, presumably, all system files, can be downloaded and cloned by just about anyone on the Internet. I'm about to try it...
Although it remains to be seen what Harvard’s IT department has to say about the site hack (its media office has been embarrassingly quiet of late), it looks like the hackers got everything from the University’s servers, including information from the back office and system file data that is not normally accessible to the public. The compressed 125MB file is said to include contacts details, as well as other files associated with Joomla, the open-source content management system. It’s currently doing the rounds on The Pirate Bay.
So how did this happen? Easy. The University didn’t use a data encryption system on its most sensitive files. If it did, the systematic site hack would probably not have occurred. The worst that could have happened is that the publicly-accessible Web site could have been downloaded and distributed, which is no big deal for anyone.
Database losses and hacks can, and do occur, often through human error, but the Harvard University hack apparently involves the complete site database - allegedly including hidden system files. This is a potentially worse-case scenario for any IT director as it means the complete site, right down to its root-and-branch structure, and, presumably, all system files, can be downloaded and cloned by just about anyone on the Internet. I'm about to try it...
Previous
