?

Log in

No account? Create an account

prev | next

phishers that are stupid

i received an email in my tulane box today that tried to get me to enter my tulane email account information on to the web.

out of curiosity, i decided to visit the offending website and see if i could poke around, and i discovered that they didn't protect their directories at all nor the database of information that they were trying to phish. I found the online database (it was some sort of admin directory with an index.php) with a list of tulane users who had entered their info into the form along with their passwords. i logged into one of the accounts to verify that it was real data.

The stupid thing is that the admin panel also gave anyone who poked around enough to find the directory the ability to not only see the data but delete them. So i emailed all of the people who had filled out the form (about 60 in all), copied tulane support, said, "go change your password!", and then deleted all of the records.

hopefully those who were collecting the data won't grudge it out on me since there's a chance that there was a log of my ip address and they could trace it back to me that i fucked with their data. i'm not terribly worried about it.

tag cloud:

Comments

( read spoken (3) — speak )
c_wraith
Nov. 12th, 2010 05:36 pm (UTC)
I approve... But watch it get you in trouble with Tulane administration for having logged in on other peoples' accounts. :(
lifeofmendel
Nov. 12th, 2010 06:49 pm (UTC)
they were good with it. They closed the ticket with a "thanks for the investigation!"
c_wraith
Nov. 12th, 2010 07:02 pm (UTC)
Glad to hear they're better than the paranoid types that certainly abound sometimes.
( read spoken (3) — speak )

profile



welcome to the lifeofmendel

you can also find me here:

meSubscribe to me on YouTube

calendar

March 2017
S M T W T F S
   1234
567891011
12131415161718
19202122232425
262728293031