What is Digg?66 Comments
- synystar, on 10/12/2007, -6/+40Sounds like you're girl-retarded. Good luck with that whole getting laid thing.
- anitab83, on 10/12/2007, -1/+28Now that the database has been leaked, I might as well come clean. Yes ... I did get a C- in Sex Ed, but it wasn't for a lack of trying. Anita =)
- knodi, on 10/12/2007, -1/+23Tomorrows news UCLA sys admin gets tasered.
- elnerdo, on 10/12/2007, -4/+21Therefore, there are 5 girls on digg. That sounds about right.
- dsignr, on 10/12/2007, -0/+15Looks like Michigan State might be the next target.
- elnerdo, on 10/12/2007, -0/+15Never.
- mvanhorn, on 10/12/2007, -0/+13My girlfriend who applied to UCLA law school (didn't go) in the past year got this notice.. interesting
- pixelguru, on 10/12/2007, -0/+13Sounds like a common SQL injection attack to me... probably due to sloppy programming.
- TheEyebright, on 10/12/2007, -0/+13Meh. Nothing is private anymore. If someone wants your Social Security number, or for that matter any other kind of information on you, they will get it. Welcome to the Information Age, folks.
- redhatcat, on 10/12/2007, -0/+13"unencrypted SSH server"
You can't mean SSH because SSH connections are always encrypted. Do you mean telnet or maybe a SSH server not configured to use certificates? - AlphaMack, on 09/26/2008, -1/+11Here's your fscking Patriot Act! =)
- dsignr, on 10/12/2007, -0/+8The article states that the database holds information about previous applicants as well as current students.
- AlphaMack, on 09/26/2008, -0/+5A little friendly tip: Try using the reply feature next time.
- hackmiester, on 10/12/2007, -1/+6Ooh, we're up to nine now... man, this is a shocker to everyone... I demand for the administrators to do something about this. WE'LL BE TAKEN OVER!
- bjorkbjorkbjork, on 10/12/2007, -0/+4I applied to UCLA in 1991. I never got contacted about the recent data breach but I called the UCLA datatheft hotline today, and the operator confirmed that yes, I'm one of the 800,000.
Fückers. - optimus_maximus, on 10/12/2007, -2/+5I went to UCLA and some of my upper division course included (for real):
The Psychology of Sex (psych 129e)
The History of Prostitution (hist 136)
So I did receive A's in my sex ed! - vuke69, on 10/12/2007, -0/+3"began in October 2005 and ended November 21"
So it took them 13 months to notice this guy trying to get in?
Anyone going there for computer science, should immediately ask for a refund, because they obviously haven't been learning anything. - TristanTee, on 10/12/2007, -1/+3I got an email today from UCLA saying that I might be at risk. I applied to there last year, didn't even get accepted and they still got my ***** on file. DELETE IT DAMMIT!!
- tagawa, on 10/12/2007, -1/+3Why not just put them all in the same boat and call them chrackers?
- WomunOfColour, on 10/12/2007, -0/+2The least you could do is not misuse the term 'hacker' on a tech-oriented website.
- klepto, on 10/12/2007, -0/+1I would be embarassed of UCLA too.
- opensourcemaven, on 10/12/2007, -0/+1University of Texas in Austin has 55k ugrad and grad students. Some university in Utah has 80k.
- MicroBerto, on 10/12/2007, -1/+2Couldn't use the football excuse this year, could ya buddy?
(Go Buckeyes) - drakethegreat, on 10/12/2007, -0/+1I think the worst part is the fact that they save millions of records that they will never use ever again. Its like the idea of saving every email you ever received even if you know you won't need it. Who is that helping besides hackers and snoopers (even if government employed)? Deleted has a whole new meaning in the 21st century.
- ZPWeeks, on 10/12/2007, -0/+1UCLA was among the biggest, may have been the largest last year.
Now Arizona State holds those honors. Which is why I moved away from Tempe (ASU's hometown) to go to college.
Big != good. Especially in class.
Or databases with SSN's. - dexman, on 10/12/2007, -0/+1Shoulda used PatchPoint if they didn't have the time to patch: http://hackreport.net/2006/12/08/changing-the-game-of-security-patching?0.4eUpd8621gnikcartpse3a7543a1152273620b9e11522733f67501152273620b9e1152273b8a661115227384afec115227w2a82edw1930c6
- kd1s, on 10/12/2007, -0/+1I just bet they were using Banner or some such. Uses an IIS front end with an Oracle back end. Thoroughly disgusting.
- MicroBerto, on 10/12/2007, -0/+1I was about to mention the same thing...
1. Student gets tazered by UCLA security/police
2. Prof embarrasses some evangelist
3. UCLA gets hacked
The Digg score currently looks like:
UCLA: 1
World: 2
What'd I miss? I don't hit every digg article - dacheetah, on 10/12/2007, -0/+1"Therefore, there are 5 girls on digg. That sounds about right."
It's at -22 now, and you have to take into account the guys that think he's right and dugg him up. (As well as the guys with computer literate girls whom they deem worthy of defending.) - CARPEDATAM, on 10/12/2007, -0/+1It appears they were at least 12 months behind on software patching... if indeed the attack was launched against a flaw 12 months ago...
- synystar, on 10/12/2007, -3/+4I dugg you down for saying "don't dig me down".
- carlosglz, on 10/12/2007, -0/+1No actually, that is great advice. I was one of the people who received a letter from the chancellor. I used equifax, and in 3 minutes I had their automated system setup a fraud alert, and in another 15 minutes I had signed up for the ScoreWatch service that emails or texts you whenever there is ANY activity on your credit file.
Here is the email I received:
December 12, 2006
Dear Friend,
UCLA computer administrators have discovered that a restricted campus database containing certain personal information has been illegally accessed by a sophisticated computer hacker. This database contains certain personal information about UCLA’s current and some former students, faculty and staff, some student applicants and some parents of students or applicants who applied for financial aid. The database also includes current and some former faculty and staff at the University of California, Merced, and current and some former employees of the University of California Office of the President, for which UCLA does administrative processing.
I regret having to inform you that your name is in the database. While we are uncertain whether your personal information was actually obtained, we know that the hacker sought and retrieved some Social Security numbers. Therefore, I want to bring this situation to your attention and urge you to take actions to minimize your potential risk of identity theft. I emphasize that we have no evidence that personal information has been misused.
The information stored on the affected database includes names and Social Security numbers, dates of birth, home addresses and contact information. It does not include driver’s license numbers or credit card or banking information.
Only designated users whose jobs require working with the restricted data are given passwords to access this database. However, an unauthorized person exploited a previously undetected software flaw and fraudulently accessed the database between October 2005 and November 2006. When UCLA discovered this activity on Nov. 21, 2006, computer security staff immediately blocked all access to Social Security numbers and began an emergency investigation. While UCLA currently utilizes sophisticated information security measures to protect this database, several measures that were already under way have been accelerated.
In addition, UCLA has notified the FBI, which is conducting its own investigation. We began notifying those individuals in the affected database as soon as possible after determining that personal data was accessed and after we retrieved individual contact information.
As a precaution, I recommend that you place a fraud alert on your consumer credit file. By doing so, you let creditors know to watch for unusual or suspicious activity, such as someone attempting to open a new credit card account in your name. You may also wish to consider placing a security freeze on your accounts by writing to the credit bureaus. A security freeze means that your credit history cannot be seen by potential creditors, insurance companies or employers doing background checks unless you give consent. For details on how to take these steps, please visit http://www.identityalert.ucla.edu/what_you_can_do.htm.
Extensive information on steps to protect against personal identity theft and fraud are on the Web site of the California Office of Privacy Protection, a division of the state Department of Consumer Affairs, http://www.privacy.ca.gov.
Information also is available on a Web site we have established, http://www.identityalert.ucla.edu. The site includes additional information on this situation, further suggestions for monitoring your credit and links to state and federal resources. If you have questions about this incident and its implications, you may call our toll-free number, (877) 533-8082.
Please be aware that dishonest people falsely identifying themselves as UCLA representatives might contact you and offer assistance. I want to assure you that UCLA will not contact you by phone, e-mail or any other method to ask you for personal information. I strongly urge you not to release any personal information in response to inquiries of this nature.
We have a responsibility to safeguard personal information, an obligation that we take very seriously.
I deeply regret any concern or inconvenience this incident may cause you.
Sincerely,
Norman Abrams,
Acting Chancellor - studentism, on 10/12/2007, -0/+0I, too, am a fan of inferior education at a much higher cost.
- synystar, on 10/12/2007, -1/+1That's lame. Next time just say "Advertisement: Call Equifax." You'll get buried just as fast, but you can rest assured that no one missed your point.
- macewan, on 10/12/2007, -1/+1It took them more than a year to discover this?
- SonicPower, on 10/12/2007, -1/+1I got this notice, too. Wonder why my other comment was dugged down.
- pirana0, on 10/12/2007, -2/+2"Oh no, my expulsion I've been hiding will be all over the internet! I hope my parents don't find out."
Literally, this hacker does understand, that he and/or she will be traced. It's a way to get a job in the CIA or FBI. - dotuplink, on 10/12/2007, -1/+1Another reason to go to USC
- studentism, on 10/12/2007, -1/+0Do people actually care about what's happening at UCSD? More importantly, does anything even happen there?
Also, if you've ever traveled out of the country, UCLA has huge name recognition -- you'd be hard pressed to say that about any of the other UCs. - tagawa, on 10/12/2007, -2/+1I hope their fraud request procedures are better than their security procedures (both db-related and library-related).
- MacSuxWindozSux, on 10/12/2007, -5/+4I know a guy who works for Equifax. (The guys who have the credit files)
Everyone involved is calling them in an effort to prevent identity theft.
As usual they are placing fraud alerts n' such.
If you are offered a credit monitoring service, bite the bullet pay the fee and let Equifax tell you immediately when your credit is being used.
Else find out after the fact that people bought PS3, homes and cars in your name and you have to pay for them, the payments are late, and your credit is ruined.
/Insider Advice - 15charmaxwtf, on 10/12/2007, -4/+2Wow, it has 25,700 undergraduates and 12,000 graduate students. It's so massive it must be like a ***** city.
- CaptPlanet, on 10/12/2007, -3/+1Well, there's a difference between going all out to find one person's SSN, etc., and being able to access over 800,000.
The difference is 799,999. - zappo1776, on 10/12/2007, -3/+1These sorts of wiseacker comments on digg are getting out of control. One more and I'll have to digg you down!
- jonjon602, on 10/12/2007, -3/+1excellent i got mine too... i was thinking that i might be left out !
my gf got the letter too but she only applied to the school (went to Cal instead) - error792, on 10/12/2007, -3/+0Off topic, but why is there a 2 at the end of the URI but not in the article title?
- inactive, on 10/12/2007, -3/+0this is in no way hacking!
it is cracking!
A hacker is a software designer and programmer who builds elegant, beautiful programs and systems. A hacker can also be a programmer who hacks or reaches a goal by employing a series of modifications to or extend existing code or resources. The mass media have mistakenly used the word "hacker" when they really meant to say "cracker," and now you are giving your approbation to the callow usage of this word when you should know better. I humbly request of you that you publish this letter or at least recognize its content in your your own writing and to write articles linking to this letter. Though you may feel that you were using the "popular, spoken term" to help novices understand your writing, in reality you are adding to the decadence of the correct usage. Instead you should try to assuage the situation with a notice/footnote/article of the correct usage to correct this misconception.
It is time to correct this festering problem and stop it before no one remembers the correct word. I ask and beg of all of you : STOP using the incorrect word, STOP using the "popular" term, STOP continuing to spread its misusage. START using the correct word, START helping the hackers, START to STOP this callow usage. -
Show 51 - 66 of 66 discussions
Digg is coming to a city (and computer) near you! Check out all the details on our 
© Digg Inc. 2009
— Content created and posted by Digg users is