Crackers steal 52,000 university passwords

[InfoSec News <isn () c4i org>]

Forwarded from: Frode E. Nyboe <frodeen () eunet no>

http://www.aftenposten.no/english/local/article.jhtml?articleID=437439

Jonathan Tisdall
15 November 2002 

The University of Oslo had to change the passwords of 52,000 users and
reinstall software on dozens of computers after crackers managed to
infiltrate the network and extract the institution's central password
file.

The unknown computer vandals have had access to all of the usernames
and passwords at the university for several weeks. In addition, the
crackers (destructive computer experts, as opposed to hackers), have
used university servers to store huge amounts of pirated software
programs and films, VG Nett reports.

"Hackers broke into the database which handles the information system
for our switchboard. There they installed a password sniffer that
located the password to someone in operations. With his password they
accessed other machines and from there they pulled out the
university's central password file," said Oslo University IT director
Arne Laukholm.

Laukholm said the university was not aware that an SQL-database
automatically installs with a Windows 2000 server. This led to the
switchboard database not being properly upgraded with security
patches.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.