RE: [ISN] Crackers steal 52,000 university passwords

From: InfoSec News (isnat_private)
Date: Tue Nov 19 2002 - 06:31:50 PST

  • Next message: InfoSec News: "[ISN] Exclusive: Bin Laden associate warns of cyberattacks"

    Forwarded from: "Kelley, Brian" <BKelleyat_private>
    
    > Laukholm said the university was not aware that an SQL-database
    > automatically installs with a Windows 2000 server. This led to the
    > switchboard database not being properly upgraded with security
    > patches.
     
    Eh? This isn't true at all. Perhaps a SQL Server-type database like
    MSDE or even SQL Server itself installed with the switchboard software
    but not with the OS (at least, not yet). But that would be a different
    matter entirely. The issues with MSDE and its default settings are
    well-documented... sounds like they should be using Chip Andrew's
    SQLPing or eEye's Retina Scanner to look for rogue or unknown SQL
    Servers in their environment.
    
    Brian
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Nov 19 2002 - 15:16:32 PST