Page 3 of 3 FirstFirst 123
Results 21 to 26 of 26

Thread: Princeton hacks Yale

  1. #21
    er0k
    Guest
    haha yeah sounds like our schools network. they automatically set your passwd the same as your username. like you said dome, most of them dont change it.

  2. #22
    Banned
    Join Date
    Sep 2001
    Posts
    521
    by the way, alot of you sound surprised at this.....

    dont you know the least secure systems out there are of schools and banks.... for some odd reason they dont care that your pesronal information is stored in their computers, they still secure em for ****....

    if any of you work at banks, im sure you can find little things that can help you get in if you REALY wanted to, most bank admins are retards anyway so they just set up a regular windows system with no securey checks (maybe an AV and a firewall - no big deal)

    As with schools..... some schools are very secure, but alot of schools arent, i mean most of them run Microsoft products wich is already a flaw in the system(most of thses schools teach MS... like MCSE). but there are some schools that actually have a good computer department with people that care about security that take matters into their own hands.

  3. #23

  4. #24
    did yale turn off its wireless ap's because of princeton hmmmmm I'll never kiss and tell

  5. #25
    If the colleges in question have a common setup as to how to access student information, et. al.,
    then they should be rethinking the way they set it up in the first place, instead of harping on about the 'attack".
    Fixing the problem instead of whining about it should have been their priority. One of my bosses had the credo
    "Cry Once", meaning take the time and energy to do it right the first time, and you probably won't have to do
    it again, at greater expense.
    Er0k has a point as well, it could be a publicity stunt.
    "Ooh, that other school is bad, they hacked our computers, they're unethical, you should never go to that school!"
    They are counting on future students looking at the situation to judge the other school not as people who
    perpetrated a (mediocre) hack, but as morally corrupt. They may not have said it outright, but then, they didn't have to.
    They are counting on the consumer (that's what it really comes down to) to be judge, jury and executioner
    in this situation.
    Funny thing is, is that if MIT had perpetrated this, the uproar might never happen. As far as I know, places like MIT,
    Stanford and Berkeley have more of a "hacker type culture ( I can stand to be corrected on this) and that sort
    of thing , while not entirely acceptable, would actually be expected.
    Fix it, shut up, move on.
    Maybe it's just me...lol

    zaddikim
    You can lead a yak to water, but you can\'t teach an old dog
    to make a silk purse out of a pig in a poke
    -Berke Breathed/ Opus The Penguin

  6. #26
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    here is a bit more info on the latest in the spat..

    http://www.vnunet.com/News/1134007

    Who's doing the hacking?
    By Robin Bloor [30-07-2002]
    The Princeton vs Yale spat highlights hacker dangers
    The news that Princeton had hacked Yale must have come as a shock to the Ivy League colleges of the US, including most of the staff and students at the two eminent colleges concerned.
    In case you were unaware, Princeton is where the computer was invented and it matters not whose version of the invention of the computer you adhere to either.

    Both John von Neumann (the US 'father of the computer') and Alan Turing (the UK 'father of the computer') did their inventive work at Princeton.

    One would therefore expect that Princeton might know a thing or two about computers, but sadly not, at least as far as undetected hacking is concerned.

    Apparently, at the height of the college admissions season in April of this year, the director of admissions at Princeton, Stephen LeMenager, repeatedly hacked into a Yale website that had been set up to let Yale applicants know whether they had made the grade and got into the university.

    As one might expect, Yale officials filed a complaint to the FBI and Princeton placed Mr LeMenager on administrative leave, pending a full investigation.

    The immediate concern here has to be for the clear collapse of standards at Princeton. Anyone who knows anything about getting surreptitious access to websites knows that there are identity-cloaking sites on the web that you can use (such as IDzap.com, Anonymizer.com, etc.) in order to remain undetectable. There are also many cybercafes across the world that offer a good level of untraceability.

    How is it possible that Mr LeMenager, working for such a prestige pillar of computer education, did not know this?

    Examination of whar Mr LeMenager did - access a Yale website using details of students who had also applied to Princeton - also arouses deep concern about the web designers at Yale.

    In order to validate the ID of students accessing the Yale website, they requested the input of name and date of birth - personal data that is not particularly difficult to acquire.

    It was so ridiculously easy to achieve untraceable unauthorised entry at the Yale website that one could legitimately accuse Princeton and Yale of staging a stupidity contest.

    This, by the way, is a contest that Princeton just wins by virtue of Mr LeMenager's excuse that he "accessed the Yale site because he was curious about its security". As regards lame excuses, this one is completely immobile.

    In many organisations and among many individuals, there seems to be a naive assumption that there are no bad guys who are going to take advantage of lax computer security.

    The opposite is true. There is a bewildering number of bad guys out there and some of them are very talented. They have different interests in getting into your computer.

    Some may simply like to prove that they can. Some would like to steal valuable data, such as credit card data. Some would like to play a few pranks and commit a bit of vandalism (or even a lot). Some may have a specific e-heist in mind. Some may be e-terrorists. Some may indeed be competitors (as Princeton is to Yale), who are seeking some competitive gain. Some may wish to do nothing more than steal the use of your resources.

    When a new computer is connected to the big wide network, there will probably be an attempt to hack it within 20 minutes, and further attempts may repeat every twenty minutes or so - that is a recently observed figure that applies if your machine is not a natural target.

    If it is a popular target, like the CIA website for example - then the frequency of hacking attempts will probably be higher.

    The hacking community out there runs scanning software across wide ranges of IP addresses hitting large numbers of machines in a search for known security vulnerabilities.

    They may leave such scanners running for days before coming back to look at the results. It is like baiting a series of traps and then coming back some time later to see what has been caught.

    If they get into your site, you may never know, because the first act of the hacker is to cover his tracks. Some hackers have assembled whole grids of machines they have compromised in this way and which they can use unnoticed when they please.

    These, by the way, are not necessarily highly talented hackers. You can learn how to do this kind of thing simply by surfing the web and gathering bits of technical advice from boastful apprentice hackers. The professionals do not broadcast their knowledge.

    The threat is getting more sophisticated all the time and most IT organisations are unprepared for it. The threat out there is a lot more dangerous than the comic interactions of Princeton and Yale suggest.

    When really damaging security compromise occurs it rarely makes the news, because nobody wants to admit that there were caught. But in truth, it happens.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •