Educause Security Discussion mailing list archives

Abuse of web proxy access to library databases

From: Jeff Giacobbe <giacobbej () MAIL MONTCLAIR EDU>
Date: Fri, 22 Feb 2008 08:25:13 -0500

Colleagues-

Just wanted to alert you to potential exposure of usernames/passwords
for access to various online database services.  We were alerted
anonymously yesterday that one of our student account credentials had
been posted to a "clearing house" site - in Iran, of all places. We have
locked that account after verifying that the credentials were real.

We uncovered the following site in a Google search that appears to offer
dozens of usernames/passwords for logging into various databases with
university credentials (including ours)

http://nejoom.persianblog.ir/1386_3_nejoom_archive.html

Might want to check it out in case there are compromised accounts from
your institution listed.

Regards,

Jeff Giacobbe
Dir. Systems, Security, Networking
Montclair State University

Current thread:

Abuse of web proxy access to library databases Jeff Giacobbe (Feb 22)
- <Possible follow-ups>
- Re: Abuse of web proxy access to library databases Mark Wilson (Feb 22)
- Re: Abuse of web proxy access to library databases Mike Iglesias (Feb 22)
- Re: Abuse of web proxy access to library databases Jeremy Mooney (Feb 22)