UMKC Hacked!

Brig C. McCoy mccoyb at lindahall.org
Mon Jan 12 21:07:59 CST 2004 

FWIW, here's what the public web site has to say 
<http://www.umkc.edu/more/?_in=.20040113-0002>:

Password change required for all Active Directory Accounts

UMKC Information Services
9am January 12, 2004

Due to a security breach, we have had to take the precaution of requiring 
all campus Active Directory accounts to change passwords at the next logon.

Users who manage service accounts, guest accounts, generic-use accounts 
should reset their passwords. If you have any accounts that you have not 
yet changed a password on, you should change the password on the account.

We apologize for the lack of notice on the password changes. We are still 
gathering information, and fixing password change pages on some systems 
that are not prompting correctly.

To clarify; new passwords must be at least 8 characters in length and 
contain a combination of lower case alpha letters, at least one upper case 
alpha letter, and at least one number/symbol.

===end===

...brig

At 02:39 PM 1/12/2004, Jason Clinton wrote:
>Jason Clinton wrote:
>| Charles, Joshua Micah (UMKC-Student) wrote:
>|
>| I have learned more. It appears that one of the network admins had an
>|  incredibly weak password or the attacker somehow obtained the
>| password in another way. An entire password list was downloaded but I
>| haven't gotten an answer on whether or not the list was plain text or
>| shadowed, if it's the former, the full disclosures mailing list
>| should probably be notified since UMKC was/is hosting some FTP sites.
>|
>The PW file was shadowed and so the projected full crack time is 42 days
>for a single machine against the most complex passwords. I think IS will
>be telling all UMKC users that they should change their passwords to
>_everything_ for which they used the same password. It's unknown how the
>admin password for the crack was obtained -- a slow rotation crack is
>suspected.
>
>UMKC was hosting no public mirrors so nothing else about this crack
>should concern the general public. All financial data is secure in that
>that is a seperate system.
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.3 (MingW32)
>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
>iD8DBQFAAwYLtSqjk42zvwkRAu9YAJ9OogZxm65aqV2lNQ2osvDfuJHJ6gCfa0WC
>uEenEYdRVFrNBZ8fo7kBIDM=
>=7UgH
>-----END PGP SIGNATURE-----
>
>

--
Brig C. McCoy                   5109 Cherry St
Head, Systems Office            Kansas City, MO  64110  USA
Linda Hall Library of Science,  816 926-8749 PHN, -8790 FAX
Engineering, and Technology     <http://www.lindahall.org>

PGP Public Key: <http://www.theworld.com/~brigc/pgp/>

More information about the Kclug mailing list