Last week Facebook got hacked, and nerds everywhere luxuriated in the "elegance" of the reigning king of college networking's code. This week ConnectU got hacked. And elegant it wasn't. Reluctant hacker Brendan O'Connor (full disclosure: he is Guest Editor Maureen's brother, and a Stanford grad, which is so gauche, but bear with us) stumbled into "one of the most basic security flaws possible in a website," enabling him to browse ConnectU's databases -- including passwords and "private" material.
Having just read IvyGate's Facebook v. ConnectU coverage, Brendan decided to take a spin on the latter website by typing his last name -- O'Connor -- into ConnectU's search engine. Since apostrophes are part of SQL programming language, the inclusion of the unexpected keystroke let O'Connor break out of the last_name field and "inject arbitrary commands" straight into ConnectU's inner machinery. This is the hack known as the SQL injection. He explains
While Facebook recently had a minor security-related glitch, ConnectU's flaw is far more serious. A malicious attacker could use this to easily break into user accounts, damage or delete internal databases, or probably much worse. ... This bug is one of the most elementary security bugs that can exist in a PHP website. It's a clear sign of a shoddy, amateurish effort; my coworker Dave Fayram, a web engineering expert, describes it as "shameful."
And what did our malicious attacker do with his injection? Discovered that 192 people use the password "password," and then alerted ConnectU to the breach so they'd have time to fix it before he posted it on his blog. Blame it on Stanford's IHUM requirement; the guy has an annoyingly strong sense of morality. --MAUREEN O'CONNOR
Last week, we brought you Penn readers' "truly terrible," "horrific," "godawful" reviews of dailypennsylvanian.com's redesign. Some of you have been asking: How did the DP, a reliably damn good paper, screw up so bad?
By signing up with College Publisher, a near monopolist in the field of putting college newspapers online. The Crimson, YDN, Dart, Prince and Sun all have indie sites. And while their looks don't always go over so well themselves, everything College Publisher touches turns to blocky, ad-infesteddreck.
Penn's daily isn't the only student paper to get hit by the ugly truck. Thanks to College Publisher, it's a pile-up. The Columbia Spectatorsigned on this summer, and -- oh crap, here we go again. Some sample comments at the Spec-sniping Bwog:
"horrible"
"go[d]forsaken shit"
"an embarrassment...it's not like you have to design a whole new one, just use the old templates. anything that was up before was far, far better. or will your new masters at collegepublisher not let you?"
"cheesy, childish 'collegepublisher' ticker up top"
"college publisher is what every school uses and frankly it sucks. not to mention the new site has like a billion adds. it looks like a yahoo homepage circa 1998"
"dumb dumb dumb"
"get rid of it and college publisher NOW while it's summer and no one notices"
"awful. ... Just stop this little project now before you get in over your little heads"
"At least the old look had some class"
Ouch! We know IvyGate isn't the belle of the ball, but can't they these guys take a cue from their hot cousins to the west? Them Stanford kids code some fine-ass HTML.
Did the Ivies suddenly get a conscience? First Princeton bags its preferential early admissions policy (eating Harvard's dust). Now Columbia eliminates loans for students from families that earn less than $50,000 a year (eating Harvard, Penn, Yale and Stanford's collective dust). Where does the admirable, praiseworthy madness end?! Next thing we know, Harvard will be donating its endowment, Buffett-style, to end world poverty.
Of course, Princeton still beats them all with its grants-only aid package royale. We might need to update our Ivy stereotypes manifesto ...
Ultimate Frisbee always gets a lot of flak. "It's a sport for stoners" and "It's a sport for sissies"; most of the time, it's derided as not much of a sport at all. Well, you know what? We've played a game or three of Ultimate, and let us tell you -- these guys are athletes. And their pot is unreal.
Which is why we're delighted by a new study out of the University of Washington that says competitive Frisbee is a better predictor of academic success than grades or even SAT scores. The top seven schools, nationally? Stanford, Brown, Harvard, Tufts, Dartmouth, Yale and Princeton. Falsetto: Hollll-la!
It feels good to find another sport we dominate, after crew and squash. Even the two dozen "correlation vs. causation" emails we're about to receive can't take that away.
(Credits: Inside Higher Ed; Dartmouth Ultimate. Sorry, Big Green! We were looking through your site for a good pic, and the best happened to be of this lion-maned Brown kid absolutely destroying one "Hoffman." Take solace in your huger quads.)
Reaching out a spindly branch all the way from California, the infamous Stanford Tree has granted us an exclusive interview from the temperate, leaf-strewn hideaway where he vertically awaits his punishment from the NCAA for this colorful episode.
We knew he was our kind of conifer right away:
To: IvyGate <IvyGate@gmail.com> From: Tree <xxxx@stanford.edu> Date: Sept. 2, 2006 7:12 p.m. Subject: Re: interview
Usually I shoot up before doing phone interviews, and it's a little early on the west coast. If you want to email me some questions I can get to them when I'm good and drunk, or we could try the phone one of your early mornings/my late nights.
-Tree
On to the Q&A, with more after the jump.
[UPDATE 1:29 p.m.: Tree checks in: "fyouri, i'm keeping my shit on legit: stanfordtree.com."]
IvyGate: So what species of tree are you? Tree: I am a masters student that wears 35 pounds of Jo-Ann's fabric mixed with aluminum, plastic tubes, and duct tape. What is this some kind of game to you?
If we tapped you, like for syrup, what kind of liquor would come out? Absinthe. Straight from my wormwood.
Are there any traditions that come with being the Tree? Aside from, you know, being shitfaced 24 hours a day? Soon as I step on the scene I'm hearing hoochies screaming. Plus hell of free gear from Nike and Converse.
Honestly, we would love to ridicule this Stanford Business School effort at comedy, but we just can't. A sublime Wedding Crashers parody, it's genuinely funny. Chuckle at the topical yet universally accessible Palo Alto references. Nod as HBS and Wharton ("Hava Nagila...") are lampooned. Thrill to the production values (there's a helicopter!)! Take comfort that a known Ivyer (Vanessa Stanley-Miller, Columbia '00) plays the vixen in the sequel, after the jump. Marvel at the -- alright, whatever, just watch: Read the rest of this entry »
Last week Facebook got hacked, and nerds everywhere luxuriated in the "elegance" of the reigning king of college networking's code. This week ConnectU got hacked. And elegant it wasn't. Reluctant hacker Brendan O'Connor (full disclosure: he is Guest Editor Maureen's brother, and a Stanford grad, which is so gauche, but bear with us) stumbled into "one of the most basic security flaws possible in a website," enabling him to browse ConnectU's databases -- including passwords and "private" material.
3 Comments | 
| 
Print This Post
Read more: ConnectU, guest editors, Stanford
Last week, we brought you Penn readers' 
Did the Ivies suddenly get a conscience? First Princeton 
Ultimate Frisbee always gets a lot of flak. "It's a sport for stoners" and "It's a sport for sissies"; most of the time, it's derided as not much of a sport at all. Well, you know what? We've played a game or three of Ultimate, and let us tell you -- these guys are athletes. And their pot is unreal.
Email – 
Search
About
Follow us on Twitter
Report a bug
Archives
RSS Feed