[ISN] Student Files Are Exposed on Web Site

From: InfoSec News <alerts_at_private>
Date: Wed, 20 Aug 2008 06:37:51 -0500 (CDT)
http://www.nytimes.com/2008/08/19/technology/19review.html

By BRAD STONE
The New York Times
August 18, 2008

The Princeton Review, the test-preparatory firm, accidentally published 
the personal data and standardized test scores of tens of thousands of 
Florida students on its Web site, where they were available for seven 
weeks.

A flaw in configuring the site allowed anyone to type in a relatively 
simple Web address and have unfettered access to hundreds of files on 
the company’s computer network, including educational materials and 
internal communications.

Another test-preparatory company said it stumbled on the files while 
doing competitive research. This company provided The New York Times 
with the Web address of the internal files on the condition that it not 
be named. The Times informed the Princeton Review of the problem on 
Monday, and the company promptly shut off access to that portion of its 
site.

[...]


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/
Received on Wed Aug 20 2008 - 04:37:51 PDT

This archive was generated by hypermail 2.2.0 : Wed Aug 20 2008 - 04:52:09 PDT