UMKC Hacked!

[Jason Clinton]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jason Clinton wrote:
| Charles, Joshua Micah (UMKC-Student) wrote:
|
| I have learned more. It appears that one of the network admins had an
|  incredibly weak password or the attacker somehow obtained the
| password in another way. An entire password list was downloaded but I
| haven't gotten an answer on whether or not the list was plain text or
| shadowed, if it's the former, the full disclosures mailing list
| should probably be notified since UMKC was/is hosting some FTP sites.
|
The PW file was shadowed and so the projected full crack time is 42 days
for a single machine against the most complex passwords. I think IS will
be telling all UMKC users that they should change their passwords to
_everything_ for which they used the same password. It's unknown how the
admin password for the crack was obtained -- a slow rotation crack is
suspected.

UMKC was hosting no public mirrors so nothing else about this crack
should concern the general public. All financial data is secure in that
that is a seperate system.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAAwYLtSqjk42zvwkRAu9YAJ9OogZxm65aqV2lNQ2osvDfuJHJ6gCfa0WC
uEenEYdRVFrNBZ8fo7kBIDM=
=7UgH
-----END PGP SIGNATURE-----