[Uaflug] Re: [Fwd: linux0.cs.uaf.edu Compromised] (fwd)

Orion Sky Lawlor ffosl at uaf.edu
Mon May 5 14:21:43 AKDT 2008 

linux0's wiki was packed with porn linkspam.  Annoying, but the 
machine was *not* compromised--it is supposed to be running a wiki, 
but we haven't kept the spammers off it like we should have.

I've disabled world write-access to the wiki for now.  Who wants an 
account to help put content back on the Wiki?  Alternatively, should 
we just go back to plain HTML content?
--
                                   -Orion Sky Lawlor

http://lawlor.cs.uaf.edu/~olawlor/     ffosl at uaf.edu

---------- Forwarded message ----------
Date: Mon, 05 May 2008 10:51:59 -0800
From: Kathleen Boyle <sxkmb at email.alaska.edu>
To: Brian Hay <fnbh1 at uaf.edu>
Cc: ffosl at uaf.edu, Security <sdsec at email.alaska.edu>
Subject: Re: [Fwd: linux0.cs.uaf.edu Compromised]

Brian and Orion (cc: sdsec),

Thank you for addressing this. I will make the Help Desk aware of the KUAC
stream.  With regard to how it was detected, someone noticed the content and
reported it to the OIT Support Center.

If this system contains personal information as defined in University Regulation
05.08.023, please let us know.  Definition of personal information from the reg
is provided below for reference:

"For purposes of this regulation, "personal information" means information in
any form on an individual that is not encrypted or redacted, or is encrypted and
the encryption key has been accessed or acquired, and that consists of a
combination of the individual's name and one or more of the following:

  social security number;
  driver's license number or state identification card number;
  the individual's financial account number, credit card account number, or debit
  card account number in combination with any required security code, access code,
  or password that would permit access to an individual's financial account;"

Again, thank you.

Kathleen


Brian Hay wrote:
> Hi Kathleen,
> 
> I disconnected the machine from the network this morning (which also
> means that the KUAC stream is now down).  Orion or I will investigate
> this issue today and determine what's going on.
> 
> Do you have any other indicators of the compromise - e.g., was the
> machine scanning, or did someone notice the content and complain?
> 
> Thanks
> 
> Brian
> 
> On Mon, May 5, 2008 at 9:58 AM, Kathleen Boyle <sxkmb at email.alaska.edu> wrote:
>> Hello Orion (cc: Brian Hay, sdsec);
>>
>>  This is to follow up to my voice mail concerning linux0.cs.uaf.edu.  As I
>>  mentioned, Mitchell Roth suggested contacting you with regard to this website.
>>  If either you or Brian could please address we would appreciate it.
>>
>>  Thank you.
>>
>>  Kathleen
>>
>>  -------- Original Message --------
>>  Return-Path: <sxkmb at email.alaska.edu>
>>  Received: from sdsec at email.alaska.edu  by email.alaska.edu (CommuniGate Pro
>>  GROUP 5.0.13)  with GROUP id 50580812; Mon, 05 May 2008 09:51:49 -0800
>>  X-Autogenerated: group
>>  Received: from [137.229.47.253] (account sxkmb [137.229.47.253] verified)  by
>>  email.alaska.edu (CommuniGate Pro SMTP 5.0.13)  with ESMTPA id 50580811; Mon, 05
>>  May 2008 09:51:49 -0800
>>  Message-ID: <481F4934.6020809 at email.alaska.edu>
>>  Date: Mon, 05 May 2008 09:51:48 -0800
>>  From: Kathleen Boyle <sxkmb at email.alaska.edu>
>>  User-Agent: Thunderbird 1.5.0.12 (X11/20070530)
>>  MIME-Version: 1.0
>>  To: Brian Hay <fnbh1 at uaf.edu>
>>  CC: Security <sdsec at email.alaska.edu>
>>  Subject: linux0.cs.uaf.edu Compromised
>>  X-Enigmail-Version: 0.94.2.0
>>  Content-Type: text/plain; charset=ISO-8859-1
>>  Content-Transfer-Encoding: 7bit
>>
>>
>>
>>  Hello Brian (cc: sdsec);
>>
>>  We have just received a peregrine ticket that the UAF LUG site contains sexually
>>  explicit material.
>>
>>  linux0.cs.uaf.edu
>>
>>  Please remove it from the network and investigate.  I will also attempt to
>>  contact Mitchell Roth who I believe at one time was the faculty adviser for the
>>  group to make him aware as well.
>>
>>  If you have any questions, please let us know.
>>
>>  Thank you.
>>
>>  Kathleen
>>
>>
>>
>>
>>  --
>>
>>  Kathleen Boyle
>>  Senior Information Security Officer
>>  University of Alaska
>>  Office of Information Technology
>>  Phone: (907) 474-7404
>>  Email: sxkmb at email.alaska.edu
>>
>>  --
>>
>>  Kathleen Boyle
>>  Senior Information Security Officer
>>  University of Alaska
>>  Office of Information Technology
>>  Phone: (907) 474-7404
>>  Email: sxkmb at email.alaska.edu
>>
> 
> 
> 


-- 

Kathleen Boyle
Senior Information Security Officer
University of Alaska
Office of Information Technology
Phone: (907) 474-7404
Email: sxkmb at email.alaska.edu

More information about the uaflug mailing list