RE: Crackers steal 52,000 university passwords

[InfoSec News <isn () c4i org>]

Forwarded from: "Kelley, Brian" <BKelley () AgFirst com>

> Laukholm said the university was not aware that an SQL-database
> automatically installs with a Windows 2000 server. This led to the
> switchboard database not being properly upgraded with security
> patches.
 
Eh? This isn't true at all. Perhaps a SQL Server-type database like
MSDE or even SQL Server itself installed with the switchboard software
but not with the OS (at least, not yet). But that would be a different
matter entirely. The issues with MSDE and its default settings are
well-documented... sounds like they should be using Chip Andrew's
SQLPing or eEye's Retina Scanner to look for rogue or unknown SQL
Servers in their environment.

Brian



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.