Man charged with accessing USC student data

[lyger <lyger () attrition org>]

http://www.securityfocus.com/brief/191

Posted by: Robert Lemos

Federal prosecutors charged a San Diego-based computer expert on Thursday 
with breaching the security of a database server at the University of 
Southern California last June and accessing confidential student data.

A statement from the U.S. Attorney for the Central District of California 
names 25-year-old Eric McCarty as the person who contacted SecurityFocus 
last June with news of a flaw in the Web server and database system used 
to accept online applications from prospective students. SecurityFocus 
notified the University of Southern California of the vulnerability and 
worked with the university to close the flaw before publishing an article 
about the issue.

The flaw could have allowed an attacker to send commands to the database 
that powered the site by using the user name and password text boxes. 
USC's Information Services Division confirmed the problem and shuttered 
the site, which contained data on nearly 280,000 applicants, on June 20 as 
a precaution. The university believes, and the prosecutors allege, that 
only a handful of records were actually accessed.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/errata/dataloss/