UMKC Hacked!
Brig C. McCoy
mccoyb at lindahall.org
Mon Jan 12 21:07:59 CST 2004
FWIW, here's what the public web site has to say
<http://www.umkc.edu/more/?_in=.20040113-0002>:
Password change required for all Active Directory Accounts
UMKC Information Services
9am January 12, 2004
Due to a security breach, we have had to take the precaution of requiring
all campus Active Directory accounts to change passwords at the next logon.
Users who manage service accounts, guest accounts, generic-use accounts
should reset their passwords. If you have any accounts that you have not
yet changed a password on, you should change the password on the account.
We apologize for the lack of notice on the password changes. We are still
gathering information, and fixing password change pages on some systems
that are not prompting correctly.
To clarify; new passwords must be at least 8 characters in length and
contain a combination of lower case alpha letters, at least one upper case
alpha letter, and at least one number/symbol.
===end===
...brig
At 02:39 PM 1/12/2004, Jason Clinton wrote:
>Jason Clinton wrote:
>| Charles, Joshua Micah (UMKC-Student) wrote:
>|
>| I have learned more. It appears that one of the network admins had an
>| incredibly weak password or the attacker somehow obtained the
>| password in another way. An entire password list was downloaded but I
>| haven't gotten an answer on whether or not the list was plain text or
>| shadowed, if it's the former, the full disclosures mailing list
>| should probably be notified since UMKC was/is hosting some FTP sites.
>|
>The PW file was shadowed and so the projected full crack time is 42 days
>for a single machine against the most complex passwords. I think IS will
>be telling all UMKC users that they should change their passwords to
>_everything_ for which they used the same password. It's unknown how the
>admin password for the crack was obtained -- a slow rotation crack is
>suspected.
>
>UMKC was hosting no public mirrors so nothing else about this crack
>should concern the general public. All financial data is secure in that
>that is a seperate system.
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.3 (MingW32)
>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
>iD8DBQFAAwYLtSqjk42zvwkRAu9YAJ9OogZxm65aqV2lNQ2osvDfuJHJ6gCfa0WC
>uEenEYdRVFrNBZ8fo7kBIDM=
>=7UgH
>-----END PGP SIGNATURE-----
>
>
--
Brig C. McCoy 5109 Cherry St
Head, Systems Office Kansas City, MO 64110 USA
Linda Hall Library of Science, 816 926-8749 PHN, -8790 FAX
Engineering, and Technology <http://www.lindahall.org>
PGP Public Key: <http://www.theworld.com/~brigc/pgp/>
More information about the Kclug
mailing list