Educause Security Discussion mailing list archives
Abuse of web proxy access to library databases
From: Jeff Giacobbe <giacobbej () MAIL MONTCLAIR EDU>
Date: Fri, 22 Feb 2008 08:25:13 -0500
Colleagues- Just wanted to alert you to potential exposure of usernames/passwords for access to various online database services. We were alerted anonymously yesterday that one of our student account credentials had been posted to a "clearing house" site - in Iran, of all places. We have locked that account after verifying that the credentials were real. We uncovered the following site in a Google search that appears to offer dozens of usernames/passwords for logging into various databases with university credentials (including ours) http://nejoom.persianblog.ir/1386_3_nejoom_archive.html Might want to check it out in case there are compromised accounts from your institution listed. Regards, Jeff Giacobbe Dir. Systems, Security, Networking Montclair State University
Current thread:
- Abuse of web proxy access to library databases Jeff Giacobbe (Feb 22)
- <Possible follow-ups>
- Re: Abuse of web proxy access to library databases Mark Wilson (Feb 22)
- Re: Abuse of web proxy access to library databases Mike Iglesias (Feb 22)
- Re: Abuse of web proxy access to library databases Jeremy Mooney (Feb 22)