Technical University of Munich compromised [Update]

An email from the admin group has reached me (and presumely all students and researchers at the Computer Science department of the Technical University of Munich) today at 14:10 CET.

According to their information almost all computers in the department (Linux boxes on Intel, SunOS/Solaris on SPARCs and several other architectures and OSes, I guess) have been compromised.
Someone seems to have retrieved the shadow file(s) with the encrypted user passwords. Two cases have already become known where private user data was accessed using cracked passwords, presumely from the stolen shadow file(s).

Students and researchers are advised to change their passwords as soon as possible. This also affects email, as the same password is used for IMAP/POP3 at the department. Also, one should check all computers, websites etc. where you can login without supplying a password, as those might be compromised, too.
As a preventive measure, user accounts are now handled via LDAP and user accounts where the password isn't changed soon, will be disabled.

As of now, there's no information available how the attackers got hold of the shadow file(s), i.e. which vulnerability in which service they exploited etc.

Update: The whole announcement of the admin group is now available from (German).

Mailman vulnerability - Full Disclosure Mailinglist compromised

John Cartwright has announced that the mailing list Full Disclosure has been compromised using a previously unpublished directory traversal vulnerability in Mailman 2.1.5. A fix is already available. All subscribers are advised to change their passwords as soon as possible.

Google Maps

I'll keep this short, as the whole world has been blogging about this already: Google has released their latest Beta service Google Maps.

Top 18 Papers in Information Security

Maximilian Dornseif from the Laboratory for Dependable Distributed Systems at the RWTH Aachen has written a blog post called Top 18 Papers in Information Security. Definately worth a read!
There's a broad range of papers from "New Directions in Cryptography" by W. Diffie und M. E. Hellman (public key cryptography) from 1976 to "Intercepting Mobile Communications: The Insecurity of 802.11" by N. Borisov, I. Goldberg, and D. Wagner from 2001.

How about an iPod Shuffle RAID?

Crazy Hacks Logo

Another Crazy Hacks candidate: Jim Wright has assembled four iPod Shuffles to create a 3.9 GB iPod Shuffle RAID. Have a look at the quite impressive photos.

Syndicate content