There’s a story I’m really excited to have written in The Diamondback today:
It started Thursday afternoon. A bunch of people were in the newsroom talking about an e-mail from a Mr. Reza Hashemipour, freshman chemical engineering major. He said he’d found some big ol’ hole in OIT security that let him log into any university account, but, to be honest, the letter looked like spam and most people disregarded it.
Me being at least kind of interested (and having no where better to go… certainly not class), I called him up and set up a meeting. We made our way over to McKeldin and, five minutes later, he was in my inbox without really trying. Every word in the “spam” was totally true. This guy had figured out how to get into anybody’s account whenever he wanted and didn’t know how to do anything but click on the “forgot password” button.
It only really gets scary if you ponder what your password unlocks: everything. Honestly, I don’t really care if somebody sneaks into my e-mail, but somebody could just jump in and drop all my classes, or turn down my financial aid, or log in as my teacher and just fail my ass.
After talking to several very nervous OIT admins Thursday night (and freaking out editor Jess Bauer by jumping into her account), I had a meeting Friday morning to show them how to do this thing. It was actually a very cool experience– in a big shiny meeting room with a heavy wood table, I showed the OIT folks how to do this thing by hacking into the account of the director of IT security.
About five hours later, the hole was fixed, and I had Monday’s lead story, at least until Brady Holt found out an OIT employee stabbed a student in the face, a definite candidate for headline of the year.
Also see Rob Gindes‘ expertly-crafted column about the whole debacle over on page four.
Also if anybody else finds ways to hack people’s lives, shoot me an e-mail.
