Educause Security Discussion mailing list archives
Re: Multiple .edu sites reportedly victims of db theft
From: Colleen Blaho <cblaho () SAS UPENN EDU>
Date: Tue, 3 Feb 2015 08:26:09 -0500
That IP address resolves to a server with the default OSX splash page, owned by the University of Potsdam, Germany. I'm not about to probe for other services running on this host, but if it's just an OSX server, then this might be a very bad thing. On 02/03/2015 04:51 AM, John Stauffacher wrote:
All, I came across an individual a few days ago on twitter (@abdilo_) that was bragging about breaching multiple .edu's via sqli. He claimed responsibility for a breach of Metropolitan State University, and this afternoon dropped this partial list of .edu sites that he reportedly has breached and absconded with their databases: http://pastebin.com/yyhT6tzc uq.edu.au <http://uq.edu.au/> columbia.edu <http://columbia.edu/> usyd.edu.au <http://usyd.edu.au/> upf.edu <http://upf.edu/> vcu.edu <http://vcu.edu/> williams.edu <http://williams.edu/> monash.edu.au <http://monash.edu.au/> uji.es <http://uji.es/> hu-berlin.de <http://hu-berlin.de/> exeter.ac.uk <http://exeter.ac.uk/> mcmaster.ca <http://mcmaster.ca/> ubc.ca <http://ubc.ca/> waikato.ac.nz <http://waikato.ac.nz/> uwa.edu.au <http://uwa.edu.au/> ohio-state.edu <http://ohio-state.edu/> handles.gu.se <http://handles.gu.se/> iwm-kmrc.de <http://iwm-kmrc.de/> purdue.edu <http://purdue.edu/> lancs.ac.uk <http://lancs.ac.uk/> uni-erlangen.de <http://uni-erlangen.de/> luiss.it <http://luiss.it/> unimib.it <http://unimib.it/> purdue.edu <http://purdue.edu/> univ-montp1.fr <http://univ-montp1.fr/> uw.edu.pl <http://uw.edu.pl/> pless.cz <http://pless.cz/> inscripcions.org <http://inscripcions.org/> uni-oldenburg.de <http://uni-oldenburg.de/> 141.89.97.231 idecisions.org <http://idecisions.org/> uni-mannheim.e If anyone on this list is a member of these organizations, or can reach out to them -- it is important that they know. From the communication that I have gotten from this person (all via twitter) this issue seems to be systemic in some piece of software shared amongst all these groups. If that is the case, then we are looking at a vendor related flaw -- and the potential targets is pretty large. -- John Stauffacher GPG Fingerprint: 5756 3A3B ADA3 22A6 9B26 6CA8 DB8D 2AC3 7699 0BD
-- Colleen Blaho Information Security and Unix Services University of Pennsylvania School of Arts and Sciences 3600 Market St. Suite 501 Philadelphia, PA 19104 Need to verify my public key? <https://pgp.mit.edu/pks/lookup?op=get&search=0x6BA5B98CF9577D6B>
Current thread:
- Multiple .edu sites reportedly victims of db theft John Stauffacher (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft Greg Vickers (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft Ian McDonald (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft Colleen Blaho (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft John Stauffacher (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft Joel L. Rosenblatt (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft Hudson, Edward (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft Colleen Blaho (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft Keller, Alex (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft John Ladwig (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft Joel L. Rosenblatt (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft Carson, Larry (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft Greg Vickers (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft John Stauffacher (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft John Stauffacher (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft John Ladwig (Feb 03)