[clug] Hack attack on University of East Anglia's Climatic Research Unit
Steve Walsh
steve at nerdvana.org.au
Mon Nov 23 00:26:18 MST 2009
On 11/21/2009 05:07 PM, Daniel Pittman wrote:
> Nope. It is pretty much impossible to know without access to the technical
> details from the site.
>
> If you are looking for a general lesson to take home, the most commonly
> disclosed causes of attacks like this are:
>
> 1. Someone uses the same username and password for their corporate or
> University login that they do for a low-value online site, and someone
> obtains those credentials.
>
> 2. Someone uses a weak password, full stop.
>
> 3. Someone didn't keep patches up to date, so a three year old vulnerability
> got exploited for the attacker to get in.
>
or
4. Someone got phished with the "please update your webmail records"
email, and they just logged in and got what they needed that way.
Not every hack requires bad username/password policy or lack of patch
plan, the old ways are still the best (Hi, Sylvia, it's Chris from the
helpdesk. I'm updating records, and the details I have for your username
and password don't match, can I get them again? Ok, so it's sysmith,
yep, got that and the password is...? RodgerDodger78? Oh, ok, I see what
happened, we had 87. thanks! )
--
--==--
Steve Walsh
RHCE
Vice President / Sysadmin team member - Linux Australia
Networks and Technology - Linux.conf.au 2008
Evil Network Bunny - Linux.conf.au 2009
Networking alpha geek - Linux.conf.au 2010
More information about the linux
mailing list