[ISN] Hacker forces school to change 96,000 passwords

From: InfoSec News (alerts@private)
Date: Thu Mar 01 2007 - 23:03:30 PST


http://abclocal.go.com/kfsn/story?section=sci_tech&id=5080494

By Associated Press
COLLEGE STATION, TX
3/01/07

A hacker's attempt to get into electronic files at Texas A&M University 
over the weekend prompted the school to order the 96,000 users of the 
school's computer system to change their passwords Wednesday. Interim 
University President Ed Davis said the hacker was trying to get into 
files with encrypted passwords when a monitoring system discovered the 
problem with the NetID system early Saturday. Davis said the compromised 
computer was quickly disabled.

The NetID system is often used for services such as e-mail and 
maintaining student schedules.

Officials said they don't think any data was stolen but they warned that 
if the encrypted passwords were cracked then the hacker could have 
access to individual accounts. No problems had been reported by 
Wednesday.

"There is good indication that we caught them in the act. There's a good 
chance they came away empty-handed," Tom Putnam, executive director of 
computing and information services, said in a story in Thursday's 
editions of the Bryan-College Station Eagle.

"Despite the fact that the security violation was quickly identified and 
stopped, we believe it is important to take all necessary steps to 
ensure that our students, faculty and staff are fully protected from 
unauthorized use of their private information," Davis read from a 
statement Wednesday afternoon.

Davis said the university delayed announcement about the computer attack 
because it didn't want to compromise a criminal investigation and it 
wanted to have a plan on how to respond.

Putnam said some technical changes have been made.


_________________________________________
Visit the InfoSec News Security Bookstore
http://www.shopinfosecnews.org



This archive was generated by hypermail 2.1.3 : Thu Mar 01 2007 - 23:18:32 PST