[ISN] WorldOnline ISP security fiasco

From: mea culpa (jerichoat_private)
Date: Thu Jun 25 1998 - 14:24:43 PDT

  • Next message: mea culpa: "[ISN] UK: Hackers Fight Net Monsters"

    Forwarded From: "Prosser, Mike" <Mike_Prosserat_private>
    [FYI- Interesting excerpts from Risks Digest.....be careful what you ask
     for, you might just get it.....   -Mike]
    Date: Tue, 23 Jun 1998 10:36:26 ECT
    From: Paul van Keep <pvkat_private>
    Subject: ISP security fiasco
    WorldOnline, one of the large dutch ISP has suffered a number of security
    failures recently. These were mainly attributable to human error and weak
    OS level security measures. The most prominent mistake was to assign
    passwords to users by using a combination of the first four letters of
    their userid and a 4 digit code. I even doubt that the 4 digit code is
    randomly chosen but even if it is, cracking an account with this knowledge
    is pretty easy and straightforward.  In an attempt at damage control,
    WorldOnline last week stated that it's system is secure and that users
    should not worry, although they do not feel responsible for breakins on
    websites that they host. To prove their point and to get some positive
    publicity, they even launched a competition with a prize of $7400 for the
    first reproducible crack. The prize was claimed within a few days by a
    cracker who managed to extract thousands of private e-mails from a mail
    server.  Another team cried foul because the system they had hacked into
    (running the internal helpdesk)  had been abruptly switched off in an
    attempt to stop the crackers.  The dutch provider association (NLIP) has
    denounced the competition as a cheap publicity stunt. 
    Paul van Keep
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:56:44 PDT