

Leak of Multiple University Databases - jmediast
http://pastebin.com/AQWhu8Ek

======
pwendell
The Princeton "University Database" that was hacked is a privately maintained
Alumni Association site from the UK. It is not on the Princeton domain or
associated with the University at all.

Here's an excerpt: "Come out and suppoert Chickenshed, an inclusive theatre
company based in London that brings people of all ages, backgrounds and
abilities together to create groundbreaking and exciting new theatre."

Time will tell how the world will change now that this sensitive information
is out in the open.

~~~
JakeSc
The University of Michigan database dump here, on the other hand, is legit.

~~~
maxerickson
4 of the dumps labeled U of M are from MSU (and at a glance, a couple of them
appear to be a database that the linked website is intended to publish).

~~~
ahi
One of them looks like a database from the student association. Most of their
stuff is built by $9/hr work study so no big surprise it's insecure.

------
tomku
Yawn, more script kiddie antics against arbitrary targets masquerading as
political activism. Maybe I'm missing something, but I don't see how this
"raises awareness" about anything except TeamGhostShell's ability to do mass
SQL injection.

~~~
freehunter
It raises awareness not because of the technical difficult of the feat, but
rather the complete opposite.

Script kiddies are incredibly important to security. I don't want to push a
slippery slope argument, but the term script kiddies implies someone with no
special talents (merely the right commonly available tools). SQL injections
are not technically difficult.

See the problem? If private information is being leaked, if servers are being
breached, and it takes _no special skills_ , and if these servers have been
hacked for months, there's obviously a fundamental breakdown in the security
chain of the organization. Security is not difficult, security is not
something new, security is not something you can do without. In too many
cases, it takes being hacked and dumped before an organization finally
realizes the dangers they've created.

If you're yawning and cracking derisively at this, I have a feeling you might
be someone who needs to read this kind of news story. It's better to have the
wake-up call on your news reader than on your desk with your boss standing
over you.

------
rozap
Looks like they went for the low hanging fruit. At my university, I only see
wordpress and other massively popular PHP tools. Script kiddies are at it
again.

Though, there was one database (at my school) with the passwords in plaintext.
Why do people use plain text for passwords. Why.

~~~
jmediast
If it's anything like ours, they don't like to touch systems that 'work'...
They don't have the resources to audit, update, and re-train everyone to use
the current version.

Then there are the students hired to build internal tools who wouldn't know
SHA1 from Bcrypt/Scrypt...

------
nowarninglabel
So, you took publicly available info and dumped it out to as SQL select
statements. What's the point exactly? There are a couple of admin users/passes
scattered in, but it would appear just gives access to said user updating said
public content like vacancies, course descriptions, etc.

~~~
jmediast
It's not my dump, so I can't say. I've only been able to verify the university
of michigan data is real.

Doesn't look like anything too critical was hit though.

~~~
JakeSc
> Doesn't look like anything too critical was hit though.

Except, you know, the password hashes of everybody.

------
tjdetwiler
Man they got english.stanford.edu, they must be good.

------
donniezazen
My university's name is in the list but links are down. Wondering if my
academic records are out there.

------
starnixgod
All this leak shows is a dump of a couple SQL databases from a bot that
trolled through these universities websites. Nothing to see here.

------
christiangenco
Are these just...random databases from university domains?

