14 DAY TRIAL // A hacker managed to change the looks of the personal agenda page used by a professor at the Massachusetts Institute of Technology (MIT), hosted on the university’s servers.
The page belongs to Tomas Palacio, an MIT Associate Professor of Electrical Engineering and Computer Science.
No dirty messages were left on the page, as the hacker, who claims to be from India and goes by the online alias SaHoo, simply made it clear that he was the one behind the incident and posted some animation and an audio track.
SaHoo, not affiliated with any hacker group, contacted us and said that there was no mischievous motivation behind the attack, just “a friendly hack” designed to show MIT that they need to secure their servers.
Functionality of the online personal agenda does not seem to be disrupted as scrolling to the bottom of the page provide access to the full features of the script.
Although there are no nefarious reasons behind the hack, SaHoo does not want to disclose the vulnerability, preferring to let the administrators find the glitch and fix it on their own.
The affected page is running a VCalendar script for managing personal events. It features sections for viewing entries by day, week, month or year and provides search functionality as well as registration and login forms.
VCalendar appears to have not received an update since 2006, which could mean that there are vulnerabilities that can be exploited.
This may not be a serious incident, since the important resources, such as research documents, from MIT benefit from increased security on the university’s servers.