RE: [ISN] Crackers steal 52,000 university passwords

From: InfoSec News (isnat_private)
Date: Tue Nov 19 2002 - 06:31:50 PST

Next message: InfoSec News: "[ISN] Exclusive: Bin Laden associate warns of cyberattacks"

Previous message: InfoSec News: "[ISN] Security Through Soundbyte: The 'Cybersecurity Intelligence' Game"
Maybe in reply to: InfoSec News: "[ISN] Crackers steal 52,000 university passwords"
Next in thread: InfoSec News: "RE: [ISN] Crackers steal 52,000 university passwords"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: "Kelley, Brian" <BKelleyat_private>

> Laukholm said the university was not aware that an SQL-database
> automatically installs with a Windows 2000 server. This led to the
> switchboard database not being properly upgraded with security
> patches.
 
Eh? This isn't true at all. Perhaps a SQL Server-type database like
MSDE or even SQL Server itself installed with the switchboard software
but not with the OS (at least, not yet). But that would be a different
matter entirely. The issues with MSDE and its default settings are
well-documented... sounds like they should be using Chip Andrew's
SQLPing or eEye's Retina Scanner to look for rogue or unknown SQL
Servers in their environment.

Brian



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Exclusive: Bin Laden associate warns of cyberattacks"
Previous message: InfoSec News: "[ISN] Security Through Soundbyte: The 'Cybersecurity Intelligence' Game"
Maybe in reply to: InfoSec News: "[ISN] Crackers steal 52,000 university passwords"
Next in thread: InfoSec News: "RE: [ISN] Crackers steal 52,000 university passwords"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Nov 19 2002 - 15:16:32 PST