Remember identical twins Tyler and Cameron Winklevoss, Harvard '04, the ones who claimed four years ago that Zuckerberg stole Facebook from their original site ConnectU?  Yeah, they're still desperately seeking justice in the form of cash and shares, with ongoing litigation regarding their settlement with Facebook and the value of the stock.  But lately it looks like these suckers are back in the news for another reason.

Only this time Zuckerberg definitely won't be stealing their thunder, or their gold.  The Winklevoss twins will be rowing as a pretty pair in this summer's Beijing Olympics.

Read the rest of this entry »

Last week Facebook got hacked, and nerds everywhere luxuriated in the "elegance" of the reigning king of college networking's code.  This week ConnectU got hacked.  And elegant it wasn't.  Reluctant hacker Brendan O'Connor (full disclosure: he is Guest Editor Maureen's brother, and a Stanford grad, which is so gauche, but bear with us) stumbled into "one of the most basic security flaws possible in a website," enabling him to browse ConnectU's databases -- including passwords and "private" material.

Having just read IvyGate's Facebook v. ConnectU coverage, Brendan decided to take a spin on the latter website by typing his last name -- O'Connor -- into ConnectU's search engine.  Since apostrophes are part of SQL programming language, the inclusion of the unexpected keystroke let O'Connor break out of the last_name field and "inject arbitrary commands" straight into ConnectU's inner machinery.  This is the hack known as the SQL injection.  He explains

While Facebook recently had a minor security-related glitch, ConnectU's flaw is far more serious. A malicious attacker could use this to easily break into user accounts, damage or delete internal databases, or probably much worse. ... This bug is one of the most elementary security bugs that can exist in a PHP website. It's a clear sign of a shoddy, amateurish effort; my coworker Dave Fayram, a web engineering expert, describes it as "shameful."

And what did our malicious attacker do with his injection?  Discovered that 192 people use the password "password," and then alerted ConnectU to the breach so they'd have time to fix it before he posted it on his blog.  Blame it on Stanford's IHUM requirement; the guy has an annoyingly strong sense of morality. --MAUREEN O'CONNOR

At 12:54AM on August 11, 2007 a blog entitled Facebook Secrets went live.  Which would have been cool, but it was just a bunch of computer code garbledy-gook.  Luckily, college has this habit of turning out computer scientists along with its IvyGate editors, so we have since ascertained that said garbledy-gook was actually an unauthorized leak of Facebook's main source code, prompting questions about the mega-popular site's security.