Information Security News mailing list archives
RE: Crackers steal 52,000 university passwords
From: InfoSec News <isn () c4i org>
Date: Tue, 19 Nov 2002 08:31:50 -0600 (CST)
Forwarded from: "Kelley, Brian" <BKelley () AgFirst com>
Laukholm said the university was not aware that an SQL-database automatically installs with a Windows 2000 server. This led to the switchboard database not being properly upgraded with security patches.
Eh? This isn't true at all. Perhaps a SQL Server-type database like MSDE or even SQL Server itself installed with the switchboard software but not with the OS (at least, not yet). But that would be a different matter entirely. The issues with MSDE and its default settings are well-documented... sounds like they should be using Chip Andrew's SQLPing or eEye's Retina Scanner to look for rogue or unknown SQL Servers in their environment. Brian - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Crackers steal 52,000 university passwords InfoSec News (Nov 18)
- <Possible follow-ups>
- RE: Crackers steal 52,000 university passwords InfoSec News (Nov 19)