Hacker News new | past | comments | ask | show | jobs | submit login

Almost any MIT affiliate can get a *.mit.edu domain name and host a website on it. The student in charge of the original probably forgot to protect against a simple SQL injection attack.

They bypassed that student's security and his website, not the "administrators at MIT" and "their website".




Both rledev.mit.edu and cogen.mit.edu are MIT departments (one the part of MIT powering much of campus, one a laboratory doing electronics). It wasn't a student's bad security.


Oh so it was a department's bad security. Not surprising

Yes, I know how these things work. Even at MIT it's the same apparently

I wouldn't be surprised if this was an old Windows 2000/2003 server box hosting some static pages (and also it's the same computer the secretary uses)


They were both IIS boxes, probably unpatched for a while, judging by the original page: http://cogen.mit.edu/index2.cfm




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: