User not logged in - login - register
Home Calendar Books School Tool Photo Gallery Message Boards Users Statistics Advertise Site Info
go to bottom | |
 Message Boards » » NCSU Webmail Compromised... Page [1] 2, Next  
esgargs
Suspended
97470 Posts
user info
edit post

Quote :
"This letter is directed to users of the campus Unity WebMail service (webmail.ncsu.edu). On or about August 4th, 2005, the web servers that are part of the webmail.ncsu.edu service were compromised by outside forces. Although the extent of the intrusion is not yet known, it is possible that WebMail users who accessed the system between August 4th and August 9th could have had their passwords captured. To prevent the possibility of your account being accessed unknowingly, it is highly recommended that you change your Unity password immediately.
"



About time I changed my password...

8/9/2005 4:04:23 PM

MiniMe_877
All American
4414 Posts
user info
edit post

link your source dammit

8/9/2005 4:05:30 PM

Smath74
All American
93281 Posts
user info
edit post

how do you do that? mine is still my social security number from when i came to state 8 years ago.

8/9/2005 4:05:43 PM

JonHGuth
Suspended
39171 Posts
user info
edit post

good thing i do blind forwarding

8/9/2005 4:06:23 PM

esgargs
Suspended
97470 Posts
user info
edit post

My source is my email inbox...

8/9/2005 4:06:58 PM

MiniMe_877
All American
4414 Posts
user info
edit post

I'm no longer a student, so I dont get those crucial emails.

I checked http://sysnews.ncsu.edu and there was no update there

8/9/2005 4:08:42 PM

TGD
All American
8912 Posts
user info
edit post

yeah it's a notice they sent out about an hour ago

the full email:

Quote :
"This letter is directed to users of the campus Unity WebMail service (webmail.ncsu.edu). On or about August 4th, 2005, the web servers that are part of the webmail.ncsu.edu service were compromised by outside forces. Although the extent of the intrusion is not yet known, it is possible that WebMail users who accessed the system between August 4th and August 9th could have had their passwords captured. To prevent the possibility of your account being accessed unknowingly, it is highly recommended that you change your Unity password immediately.

To change your password, please go to:

http://www.ncsu.edu/password

While selecting a new password, please follow the recommendations for a secure password referenced on the password change page.

ITD apologizes for the inconvenience that this may cause. Please keep in mind that there is only evidence of a security breach -- ITD is not currently aware of any active attempts to extract data from the WebMail servers or from users' IMAP mail accounts. The request for you to change your password is only precautionary, but again, it is highly recommended. Also, if you use Webmail to access other email accounts, it is suggested that you change those passwords as well. Please note
that this does not include email accounts that are automatically forwarded to your Unity account, but other accounts that you access with WebMail.

For more information about this incident, please contact the NC State University Help Desk at help@ncsu.edu or 515-HELP (4357).

--
Information Technology Division
North Carolina State University"


[Edited on August 9, 2005 at 4:09 PM. Reason : full email]

8/9/2005 4:08:43 PM

esgargs
Suspended
97470 Posts
user info
edit post

Quote :
"Return-Path:
Received: from uni05mr.unity.ncsu.edu (uni05mr.unity.ncsu.edu [152.1.1.168])
by uni30map.unity.ncsu.edu (Cyrus v2.2.10) with LMTPA;
Tue, 09 Aug 2005 15:49:07 -0400
X-Sieve: CMU Sieve 2.2
Received: from uni01du.unity.ncsu.edu (uni01du.unity.ncsu.edu [152.1.13.101])
by uni05mr.unity.ncsu.edu (8.13.4/8.13.3/N.20050331.02) with ESMTP id j79Jmms7013508;
Tue, 9 Aug 2005 15:48:48 -0400 (EDT)
Received: from localhost (hmn@localhost)
by uni01du.unity.ncsu.edu (8.11.7+Sun/8.10.2) with SMTP id j79Jmli16092;
Tue, 9 Aug 2005 15:48:47 -0400 (EDT)
X-Authentication-Warning: uni01du.unity.ncsu.edu: hmn owned process doing -bs
Received: by uni01du.unity.ncsu.edu (bulk_mailer v1.5); Tue, 9 Aug 2005 15:48:47 -0400
From: NCSU Help Desk
Date: Tue, 9 Aug 2005 14:00:00 -0500
To: undisclosed-recipients:;
Subject: NCSU Information Technology Division Priority Notification
Message-ID:
X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.0.3.2, Antispam-Data: 2005.8.9.22
X-Spam-Status: No, Hits=7%
X-Spam-Level: IIIIIII

"

8/9/2005 4:09:47 PM

Senez
All American
8112 Posts
user info
edit post

was just about to post this

8/9/2005 4:10:01 PM

Specter
All American
6575 Posts
user info
edit post

I never got this email

8/9/2005 4:16:16 PM

virga
All American
2019 Posts
user info
edit post

^ me neither

8/9/2005 4:23:40 PM

Rat
Suspended
5724 Posts
user info
edit post

I never got it either

8/9/2005 4:26:03 PM

seedless
All American
27142 Posts
user info
edit post

webmail has been raped.

8/9/2005 4:26:15 PM

wheelmanca19
All American
3735 Posts
user info
edit post

so happy I sent up blind forwarding to my gmail account.

8/9/2005 4:27:50 PM

Specter
All American
6575 Posts
user info
edit post

Nevermind, I just got this message.

8/9/2005 4:30:01 PM

esgargs
Suspended
97470 Posts
user info
edit post

Someone post it on Slashdot.

8/9/2005 4:39:39 PM

GraniteBalls
Aging fast
12262 Posts
user info
edit post

ECU makes all students change PWDs every 6 months.

8/9/2005 5:02:19 PM

esgargs
Suspended
97470 Posts
user info
edit post

It's every semester at UNC

8/9/2005 5:03:51 PM

DaveOT
All American
11945 Posts
user info
edit post

Here, our passwords are only valid for 90 days.

At State, I actually used the same one for all four years.

8/9/2005 5:08:37 PM

Supplanter
supple anteater
21831 Posts
user info
edit post

got this e-mail too.

8/9/2005 5:21:28 PM

Supplanter
supple anteater
21831 Posts
user info
edit post

But the link they gave doesn't work... oh well.

8/9/2005 5:23:47 PM

darkone
(\/) (;,,,;) (\/)
11611 Posts
user info
edit post

I wonder which servers got hacked. Just one or two, or all of them.

8/9/2005 5:59:37 PM

S
All American
658 Posts
user info
edit post

IT got hax

8/9/2005 6:05:02 PM

jackleg
All American
170962 Posts
user info
edit post

they had a huge hole in their shit for 5 days and no one noticed?

they should seriously fire everyone that works over there

8/9/2005 6:25:10 PM

Jere
Suspended
4838 Posts
user info
edit post

fucking terrific

Quote :
"WebMail users who accessed the system between August 4th and August 9th"


...everyone?

8/9/2005 6:31:13 PM

jackleg
All American
170962 Posts
user info
edit post

hey its not that big a deal!

especially not for the people that used their SSN as their password!

its not like they have access to any of your personal information!

8/9/2005 6:35:30 PM

Supplanter
supple anteater
21831 Posts
user info
edit post

or have you password to access tracs or you financial information.

8/9/2005 6:41:35 PM

Jere
Suspended
4838 Posts
user info
edit post

I think this is a phishing email

I mean, if webmail really was compromised how do we know this is legit...

8/9/2005 6:50:20 PM

jahosephat
All American
3130 Posts
user info
edit post

and it is funny how the change password website is swamped and does not work...

8/9/2005 7:09:31 PM

PackMan92
All American
8284 Posts
user info
edit post

it took like 10 mins, but i finally got through


u just gotta be patient

8/9/2005 7:09:55 PM

benz240
All American
4476 Posts
user info
edit post

just got it as well...the link points to the real deal though, wtf? any word from you 31337 h4ck3r5 on the 51tu4t10n?

8/9/2005 7:10:50 PM

Noen
All American
31346 Posts
user info
edit post

Funny thing is, attackers could have comprimised the password changing site and sent out the email in order to get thousands of user's account information.

8/9/2005 7:30:37 PM

Jere
Suspended
4838 Posts
user info
edit post

wouldn't that be ironic?

8/9/2005 7:37:24 PM

qntmfred
retired
40807 Posts
user info
edit post

i mean duh. that's what i did

8/9/2005 7:40:59 PM

PackMan92
All American
8284 Posts
user info
edit post

so do we think this is legit


or not

8/9/2005 7:43:03 PM

kinetix
All American
3122 Posts
user info
edit post

it's legit

8/9/2005 8:01:34 PM

esgargs
Suspended
97470 Posts
user info
edit post

http://sysnews.ncsu.edu/news/42f935b7

8/9/2005 8:16:44 PM

qntmfred
retired
40807 Posts
user info
edit post

omlol some body h4x3d sysnews!1

8/9/2005 8:18:51 PM

pcmsurf
All American
7033 Posts
user info
edit post

thx for the info

password changed

8/9/2005 9:11:39 PM

Pyro
Suspended
4836 Posts
user info
edit post

This is almost as bad as when all the credit card numbers NCSU Transportation had on file were stolen last year.(they literally broke in the building and stole the hard copies)

8/9/2005 9:44:06 PM

GoldenViper
All American
16056 Posts
user info
edit post

Quote :
"If you really want to use a word as your password, you can abide by these rules with some simple modifications. For example, mydoggie would be valid if changed to m1D0gg1e"


so there are advantages to l33t sp33k after all...

8/9/2005 10:50:02 PM

mdbncsu
All American
4923 Posts
user info
edit post

^^ didn't they open up the computers and steal the actual hard drives? hard copies would be pieces of paper correct?

8/10/2005 12:42:21 AM

ToiletPaper
All American
11225 Posts
user info
edit post

Quote :
"Your password must:
be at least 6 characters
be no more than 127 characters"


holy shit

8/10/2005 12:47:39 AM

Pyro
Suspended
4836 Posts
user info
edit post

^^maybe, either way I know a physical burglary was involved.

I will always use six letter english words as my passwords. The odds of someone trying a brute force dictionary attack on my meager account are far, far less than the headache typing and remembering numerous complicated passwords adds to my life.

Google's fucking anal about acceptable passwords. The way I see it, it's the provider's responsibility to ensure that passwords are entered and kept securely. Trusting end users to protect the system is a mistake.

[Edited on August 10, 2005 at 12:59 AM. Reason : .]

8/10/2005 12:58:00 AM

SouthPaW12
All American
10141 Posts
user info
edit post

this is pointless. If they already have my password, they can access nearly everything I have ever signed onto.

They SHOULD recommend changing every account's password in which a ditto password from your webmail is used.

8/10/2005 12:59:42 AM

jimb0
All American
4667 Posts
user info
edit post

yeah, now they know that my password to everything i use is qwerty123

GOSH

8/10/2005 2:34:55 AM

Mr. Hand
All American
1439 Posts
user info
edit post

On the topic of simple 6-letter word passwords... It's not called a dictionary attack for nothing. All they do is scan trying to login to a system.

At the very least, change it to leet-speak. Then at least you've got some numbers in there and it increases the amount of time to break it a little.

8/10/2005 9:06:30 AM

Petschska
All American
1182 Posts
user info
edit post

so since I didn't get an email, then I wasn't compromised?

8/10/2005 9:22:08 AM

Mr. Hand
All American
1439 Posts
user info
edit post

From what I've read, no. It seems like they went through the logs and sent out an e-mail to everyone that logged in and could have been compromised.

If you were using a client to access your e-mail, you should not have been affected either.

[Edited on August 10, 2005 at 9:32 AM. Reason : asdf]

8/10/2005 9:31:45 AM

esgargs
Suspended
97470 Posts
user info
edit post

anyone have links to more information about the kind of IRC servers installed by the "hackers" and the vulnerability exploited?

8/10/2005 9:34:09 AM

 Message Boards » Tech Talk » NCSU Webmail Compromised... Page [1] 2, Next  
go to top | |
Admin Options : move topic | lock topic

© 2024 by The Wolf Web - All Rights Reserved.
The material located at this site is not endorsed, sponsored or provided by or on behalf of North Carolina State University.
Powered by CrazyWeb v2.39 - our disclaimer.