[ISN] Crackers steal 52,000 university passwords

From: InfoSec News (isnat_private)
Date: Mon Nov 18 2002 - 05:27:00 PST

  • Next message: InfoSec News: "Re: [ISN] Hackers could be planning major attack, says White House"

    Forwarded from: Frode E. Nyboe <frodeenat_private>
    
    http://www.aftenposten.no/english/local/article.jhtml?articleID=437439
    
    Jonathan Tisdall
    15 November 2002 
    
    The University of Oslo had to change the passwords of 52,000 users and
    reinstall software on dozens of computers after crackers managed to
    infiltrate the network and extract the institution's central password
    file.
    
    The unknown computer vandals have had access to all of the usernames
    and passwords at the university for several weeks. In addition, the
    crackers (destructive computer experts, as opposed to hackers), have
    used university servers to store huge amounts of pirated software
    programs and films, VG Nett reports.
    
    "Hackers broke into the database which handles the information system
    for our switchboard. There they installed a password sniffer that
    located the password to someone in operations. With his password they
    accessed other machines and from there they pulled out the
    university's central password file," said Oslo University IT director
    Arne Laukholm.
    
    Laukholm said the university was not aware that an SQL-database
    automatically installs with a Windows 2000 server. This led to the
    switchboard database not being properly upgraded with security
    patches.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Nov 18 2002 - 08:11:47 PST