[clug] Hack attack on University of East Anglia's Climatic Research Unit

Mon Nov 23 00:29:35 MST 2009

2009/11/23 Steve Walsh <steve at nerdvana.org.au>:
>
> On 11/21/2009 05:07 PM, Daniel Pittman wrote:
>>
>> Nope.  It is pretty much impossible to know without access to the
>> technical
>> details from the site.
>>
>> If you are looking for a general lesson to take home, the most commonly
>> disclosed causes of attacks like this are:
>>
>> 1. Someone uses the same username and password for their corporate or
>>    University login that they do for a low-value online site, and someone
>>    obtains those credentials.
>>
>> 2. Someone uses a weak password, full stop.
>>
>> 3. Someone didn't keep patches up to date, so a three year old
>> vulnerability
>>    got exploited for the attacker to get in.
>>
>
> or
>
> 4. Someone got phished with the "please update your webmail records" email,
> and they just logged in and got what they needed that way.
>
> Not every hack requires bad username/password policy or lack of patch plan,
> the old ways are still the best (Hi, Sylvia, it's Chris from the helpdesk.
> I'm updating records, and the details I have for your username and password
> don't match, can I get them again? Ok, so it's sysmith, yep, got that and
> the password is...? RodgerDodger78? Oh, ok, I see what happened, we had 87.
> thanks! )
>

Otherwise known as the "Kevin Mitnick school of hacking and other
social engineering trickery".

There's a lot to be learned from that guy for any organisation that
thinks their information is safe.

L

-- 
Cheers! Lana

Whatever women do they must do twice as well as men to be thought half
as good. Luckily this is not difficult.
  - Charlotte Whitton

-----------------------------------------------
http://lanabrindley.blogspot.com
-----------------------------------------------

Please avoid sending me Word, Powerpoint or Windows Media attachments.

See http://www.gnu.org/philosophy/no-word-attachments.html for more information.

------------------------------------------------