Educause Security Discussion mailing list archives
Re: Multiple .edu sites reportedly victims of db theft
From: Ian McDonald <iam () ST-ANDREWS AC UK>
Date: Tue, 3 Feb 2015 14:22:31 +0000
The guys at another ac.uk think it may be linked to 'orsee'. Anyone on the list that might confirm by inspecting their logs? Thanks Sent from my phone, please excuse brevity and/or misspelling. ________________________________ From: Greg Vickers<mailto:g.vickers () GRIFFITH EDU AU> Sent: 03/02/2015 11:07 To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Multiple .edu sites reportedly victims of db theft Hi John, Is there any other information about how or what is vulnerable, or what information was extracted? More information will be required before any organisation could do a response and begin the investigation into how to remediate. Greg On 3/02/2015 7:51 PM, John Stauffacher wrote: All, I came across an individual a few days ago on twitter (@abdilo_) that was bragging about breaching multiple .edu's via sqli. He claimed responsibility for a breach of Metropolitan State University, and this afternoon dropped this partial list of .edu sites that he reportedly has breached and absconded with their databases: http://pastebin.com/yyhT6tzc uq.edu.au<http://uq.edu.au/> columbia.edu<http://columbia.edu/> usyd.edu.au<http://usyd.edu.au/> upf.edu<http://upf.edu/> vcu.edu<http://vcu.edu/> williams.edu<http://williams.edu/> monash.edu.au<http://monash.edu.au/> uji.es<http://uji.es/> hu-berlin.de<http://hu-berlin.de/> exeter.ac.uk<http://exeter.ac.uk/> mcmaster.ca<http://mcmaster.ca/> ubc.ca<http://ubc.ca/> waikato.ac.nz<http://waikato.ac.nz/> uwa.edu.au<http://uwa.edu.au/> ohio-state.edu<http://ohio-state.edu/> handles.gu.se<http://handles.gu.se/> iwm-kmrc.de<http://iwm-kmrc.de/> purdue.edu<http://purdue.edu/> lancs.ac.uk<http://lancs.ac.uk/> uni-erlangen.de<http://uni-erlangen.de/> luiss.it<http://luiss.it/> unimib.it<http://unimib.it/> purdue.edu<http://purdue.edu/> univ-montp1.fr<http://univ-montp1.fr/> uw.edu.pl<http://uw.edu.pl/> pless.cz<http://pless.cz/> inscripcions.org<http://inscripcions.org/> uni-oldenburg.de<http://uni-oldenburg.de/> 141.89.97.231 idecisions.org<http://idecisions.org/> uni-mannheim.e If anyone on this list is a member of these organizations, or can reach out to them -- it is important that they know. From the communication that I have gotten from this person (all via twitter) this issue seems to be systemic in some piece of software shared amongst all these groups. If that is the case, then we are looking at a vendor related flaw -- and the potential targets is pretty large. -- John Stauffacher GPG Fingerprint: 5756 3A3B ADA3 22A6 9B26 6CA8 DB8D 2AC3 7699 0BD -- Greg Vickers, mobile: +61 410 434 734, desk: +61 7 3735 4847 Senior Project Manager, IT Infrastructure/Planning and Projects Griffith University, Nathan campus, CRICOS 00233E
Current thread:
- Multiple .edu sites reportedly victims of db theft John Stauffacher (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft Greg Vickers (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft Ian McDonald (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft Colleen Blaho (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft John Stauffacher (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft Joel L. Rosenblatt (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft Hudson, Edward (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft Colleen Blaho (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft Keller, Alex (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft John Ladwig (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft Joel L. Rosenblatt (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft Carson, Larry (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft Greg Vickers (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft John Stauffacher (Feb 03)
- Re: Multiple .edu sites reportedly victims of db theft John Stauffacher (Feb 03)