Forwarded From: "Prosser, Mike" <Mike_Prosserat_private> [FYI- Interesting excerpts from Risks Digest.....be careful what you ask for, you might just get it..... -Mike] Date: Tue, 23 Jun 1998 10:36:26 ECT From: Paul van Keep <pvkat_private> Subject: ISP security fiasco WorldOnline, one of the large dutch ISP has suffered a number of security failures recently. These were mainly attributable to human error and weak OS level security measures. The most prominent mistake was to assign passwords to users by using a combination of the first four letters of their userid and a 4 digit code. I even doubt that the 4 digit code is randomly chosen but even if it is, cracking an account with this knowledge is pretty easy and straightforward. In an attempt at damage control, WorldOnline last week stated that it's system is secure and that users should not worry, although they do not feel responsible for breakins on websites that they host. To prove their point and to get some positive publicity, they even launched a competition with a prize of $7400 for the first reproducible crack. The prize was claimed within a few days by a cracker who managed to extract thousands of private e-mails from a mail server. Another team cried foul because the system they had hacked into (running the internal helpdesk) had been abruptly switched off in an attempt to stop the crackers. The dutch provider association (NLIP) has denounced the competition as a cheap publicity stunt. Paul van Keep -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:56:44 PDT