Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

Harvard Site Hacked, Posted to BitTorrent

Site is brought down, sensitive data posted on Web

The Website of Harvard's Graduate School of Arts and Sciences was brought down yesterday, and its backup server file has been posted to BitTorrent.

A compressed 125 Mbyte file that purports to be the database for the Website of Harvard's Graduate School of Arts and Sciences is still available via the BitTorrent peer to peer network. "Stupid people, you don't use a secure password," says a note preceding the posting. The file is also listed on The Pirate Bay, according to a report.

A note attached to the torrent claimed the file contained a backup of the site -- including some contacts files and other files associated with Joomla, an open-source content management system. Experts said the files appear to be legitimate.

The hacker claims the stunt is intended to demonstrate the insecurity of Harvard's server. The writer also exposed what purport to be user names and passwords belonging to two of the site's system administrators.

Harvard has not commented publicly on the hack.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

  • Imation Corp.

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    2020: The Year in Security
    Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
    Flash Poll
    Assessing Cybersecurity Risk in Today's Enterprises
    Assessing Cybersecurity Risk in Today's Enterprises
    COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-12512
    PUBLISHED: 2021-01-22
    Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
    CVE-2020-12513
    PUBLISHED: 2021-01-22
    Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
    CVE-2020-12514
    PUBLISHED: 2021-01-22
    Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
    CVE-2020-12525
    PUBLISHED: 2021-01-22
    M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
    CVE-2020-12511
    PUBLISHED: 2021-01-22
    Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.