# UC Berkeley computers hacked, 160,000 at risk



## roddierod (May 11, 2009)

Article

I like to know who put the secured databases on a public web server!!

I also like to know what these systems were running.


----------



## Djn (May 11, 2009)

This was an SQL injection attack, so the vulnerability was most likely in the web application (or arguably in the DB or scripting language, for making this vulnerability possible in the first case, but that's a slightly weak excuse).

It doesn't say if the DB was on the same computer, and indeed it doesn't have to be, for this kind of attack. (The amount of data stored in a web-facing DB might have been high - but then again, it might not. The web application might well legitimately need access to the data in question.)


----------



## roddierod (May 11, 2009)

3rd paragraph:

"The attackers accessed a public Web site and then bypassed additional secured databases stored on the same server."

That wording seem to me to say they are on the same server.


----------



## DutchDaemon (May 11, 2009)

http://toolbar.netcraft.com/site_report?url=http://www.berkeley.edu

Running Solaris there?


----------



## Djn (May 12, 2009)

roddierod said:
			
		

> 3rd paragraph:
> 
> "The attackers accessed a public Web site and then bypassed additional secured databases stored on the same server."
> 
> That wording seem to me to say they are on the same server.



Nah, it could mean "the same server as the database they first got access to [through the web interface]" as well. The entire article is very light on concrete details.

Oh, and just to be picky ... if they bypassed the secure databases, wouldn't that be a _good_ thing?


----------



## roddierod (May 12, 2009)

Djn said:
			
		

> Nah, it could mean "the same server as the database they first got access to [through the web interface]" as well. The entire article is very light on concrete details.
> 
> Oh, and just to be picky ... if they bypassed the secure databases, wouldn't that be a _good_ thing?



I agree the writing is very light on details. I bet it will be some disgruntled student or ex-staff member.


----------



## roddierod (May 12, 2009)

DutchDaemon said:
			
		

> http://toolbar.netcraft.com/site_report?url=http://www.berkeley.edu
> 
> Running Solaris there?



Well that makes sense, so that leads to probably an Oracle hack.

Hope the guys from berkeley's CS school didn't have anything to do with setting this up


----------

