BreachExchange mailing list archives
Man charged with accessing USC student data
From: lyger <lyger () attrition org>
Date: Fri, 21 Apr 2006 09:36:35 -0400 (EDT)
http://www.securityfocus.com/brief/191 Posted by: Robert Lemos Federal prosecutors charged a San Diego-based computer expert on Thursday with breaching the security of a database server at the University of Southern California last June and accessing confidential student data. A statement from the U.S. Attorney for the Central District of California names 25-year-old Eric McCarty as the person who contacted SecurityFocus last June with news of a flaw in the Web server and database system used to accept online applications from prospective students. SecurityFocus notified the University of Southern California of the vulnerability and worked with the university to close the flaw before publishing an article about the issue. The flaw could have allowed an attacker to send commands to the database that powered the site by using the user name and password text boxes. USC's Information Services Division confirmed the problem and shuttered the site, which contained data on nearly 280,000 applicants, on June 20 as a precaution. The university believes, and the prosecutors allege, that only a handful of records were actually accessed. [...] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/errata/dataloss/
Current thread:
- Man charged with accessing USC student data lyger (Apr 21)