Re: Multiple .edu sites reportedly victims of db theft

[Colleen Blaho <cblaho () SAS UPENN EDU>]

That IP address resolves to a server with the default OSX splash page,
owned by the University of Potsdam, Germany. I'm not about to probe for
other services running on this host, but if it's just an OSX server,
then this might be a very bad thing.

On 02/03/2015 04:51 AM, John Stauffacher wrote:
> All,
>
> I came across an individual a few days ago on twitter (@abdilo_) that
> was bragging about breaching multiple .edu's via sqli. He claimed
> responsibility for a breach of Metropolitan State University, and this
> afternoon dropped this partial list of .edu sites that he reportedly has
> breached and absconded with their databases:
>
> http://pastebin.com/yyhT6tzc
> uq.edu.au <http://uq.edu.au/>
> columbia.edu <http://columbia.edu/>
> usyd.edu.au <http://usyd.edu.au/>
> upf.edu <http://upf.edu/>
> vcu.edu <http://vcu.edu/>
> williams.edu <http://williams.edu/>
> monash.edu.au <http://monash.edu.au/>
> uji.es <http://uji.es/>
> hu-berlin.de <http://hu-berlin.de/>
> exeter.ac.uk <http://exeter.ac.uk/> 
> mcmaster.ca <http://mcmaster.ca/> 
> ubc.ca <http://ubc.ca/>
> waikato.ac.nz <http://waikato.ac.nz/>
> uwa.edu.au <http://uwa.edu.au/>
> ohio-state.edu <http://ohio-state.edu/> 
> handles.gu.se <http://handles.gu.se/>
> iwm-kmrc.de <http://iwm-kmrc.de/>
> purdue.edu <http://purdue.edu/>
> lancs.ac.uk <http://lancs.ac.uk/>
> uni-erlangen.de <http://uni-erlangen.de/>
> luiss.it <http://luiss.it/>
> unimib.it <http://unimib.it/> 
> purdue.edu <http://purdue.edu/>
> univ-montp1.fr <http://univ-montp1.fr/>
> uw.edu.pl <http://uw.edu.pl/>
> pless.cz <http://pless.cz/> 
> inscripcions.org <http://inscripcions.org/> 
> uni-oldenburg.de <http://uni-oldenburg.de/>
> 141.89.97.231
> idecisions.org <http://idecisions.org/>
> uni-mannheim.e
>
> If anyone on this list is a member of these organizations, or can reach
> out to them -- it is important that they know. From the communication
> that I have gotten from this person (all via twitter) this issue seems
> to be systemic in some piece of software shared amongst all these
> groups. If that is the case, then we are looking at a vendor related
> flaw -- and the potential targets is pretty large.
>
> -- 
>
> John Stauffacher
> GPG Fingerprint: 5756 3A3B ADA3 22A6 9B26 6CA8 DB8D 2AC3 7699 0BD

-- 
Colleen Blaho

Information Security and Unix Services
University of Pennsylvania
School of Arts and Sciences
3600 Market St.
Suite 501
Philadelphia, PA 19104

Need to verify my public key?
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6BA5B98CF9577D6B>