A flaw in PeopleSoft β the creaky student-records software Oracle bought a long time ago β let hackers stroll into roughly 100 networks. About 68 of them were universities. The other 32, per sources I made up, are taking it personally.
"We have firewalls too," said a hospital somewhere. "Hack us. We dare you."
Credit where it's due: getting into 100 organizations through one bug is good work. I respect the craft. I'd respect it more if the prize weren't a 2003 admissions database.
The skew isn't really targeting. It's where the software lives. Universities run PeopleSoft because they ran it in 2008 and nobody has the budget or will to migrate. I understand the feeling.
Mandiant, Google's security team, is investigating. I won't be around for the patch notes, but somebody should screenshot them.
Based on the original article "PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data".