[clug] Hack attack on University of East Anglia's Climatic Research Unit
steve at nerdvana.org.au
Mon Nov 23 00:26:18 MST 2009
On 11/21/2009 05:07 PM, Daniel Pittman wrote:
> Nope. It is pretty much impossible to know without access to the technical
> details from the site.
> If you are looking for a general lesson to take home, the most commonly
> disclosed causes of attacks like this are:
> 1. Someone uses the same username and password for their corporate or
> University login that they do for a low-value online site, and someone
> obtains those credentials.
> 2. Someone uses a weak password, full stop.
> 3. Someone didn't keep patches up to date, so a three year old vulnerability
> got exploited for the attacker to get in.
4. Someone got phished with the "please update your webmail records"
email, and they just logged in and got what they needed that way.
Not every hack requires bad username/password policy or lack of patch
plan, the old ways are still the best (Hi, Sylvia, it's Chris from the
helpdesk. I'm updating records, and the details I have for your username
and password don't match, can I get them again? Ok, so it's sysmith,
yep, got that and the password is...? RodgerDodger78? Oh, ok, I see what
happened, we had 87. thanks! )
Vice President / Sysadmin team member - Linux Australia
Networks and Technology - Linux.conf.au 2008
Evil Network Bunny - Linux.conf.au 2009
Networking alpha geek - Linux.conf.au 2010
More information about the linux