Quote :

"This letter is directed to users of the campus Unity WebMail service (webmail.ncsu.edu). On or about August 4th, 2005, the web servers that are part of the webmail.ncsu.edu service were compromised by outside forces. Although the extent of the intrusion is not yet known, it is possible that WebMail users who accessed the system between August 4th and August 9th could have had their passwords captured. To prevent the possibility of your account being accessed unknowingly, it is highly recommended that you change your Unity password immediately. "

About time I changed my password...

8/9/2005 4:04:23 PM

link your source dammit

8/9/2005 4:05:30 PM

how do you do that? mine is still my social security number from when i came to state 8 years ago.

8/9/2005 4:05:43 PM

good thing i do blind forwarding

8/9/2005 4:06:23 PM

My source is my email inbox...

8/9/2005 4:06:58 PM

I'm no longer a student, so I dont get those crucial emails.

I checked http://sysnews.ncsu.edu and there was no update there

8/9/2005 4:08:42 PM

yeah it's a notice they sent out about an hour ago

the full email:

Quote :

"This letter is directed to users of the campus Unity WebMail service (webmail.ncsu.edu). On or about August 4th, 2005, the web servers that are part of the webmail.ncsu.edu service were compromised by outside forces. Although the extent of the intrusion is not yet known, it is possible that WebMail users who accessed the system between August 4th and August 9th could have had their passwords captured. To prevent the possibility of your account being accessed unknowingly, it is highly recommended that you change your Unity password immediately. To change your password, please go to: http://www.ncsu.edu/password While selecting a new password, please follow the recommendations for a secure password referenced on the password change page. ITD apologizes for the inconvenience that this may cause. Please keep in mind that there is only evidence of a security breach -- ITD is not currently aware of any active attempts to extract data from the WebMail servers or from users' IMAP mail accounts. The request for you to change your password is only precautionary, but again, it is highly recommended. Also, if you use Webmail to access other email accounts, it is suggested that you change those passwords as well. Please note that this does not include email accounts that are automatically forwarded to your Unity account, but other accounts that you access with WebMail. For more information about this incident, please contact the NC State University Help Desk at help@ncsu.edu or 515-HELP (4357). -- Information Technology Division North Carolina State University"

[Edited on August 9, 2005 at 4:09 PM. Reason : full email]

8/9/2005 4:08:43 PM

Quote :

"Return-Path: Received: from uni05mr.unity.ncsu.edu (uni05mr.unity.ncsu.edu [152.1.1.168]) by uni30map.unity.ncsu.edu (Cyrus v2.2.10) with LMTPA; Tue, 09 Aug 2005 15:49:07 -0400 X-Sieve: CMU Sieve 2.2 Received: from uni01du.unity.ncsu.edu (uni01du.unity.ncsu.edu [152.1.13.101]) by uni05mr.unity.ncsu.edu (8.13.4/8.13.3/N.20050331.02) with ESMTP id j79Jmms7013508; Tue, 9 Aug 2005 15:48:48 -0400 (EDT) Received: from localhost (hmn@localhost) by uni01du.unity.ncsu.edu (8.11.7+Sun/8.10.2) with SMTP id j79Jmli16092; Tue, 9 Aug 2005 15:48:47 -0400 (EDT) X-Authentication-Warning: uni01du.unity.ncsu.edu: hmn owned process doing -bs Received: by uni01du.unity.ncsu.edu (bulk_mailer v1.5); Tue, 9 Aug 2005 15:48:47 -0400 From: NCSU Help Desk Date: Tue, 9 Aug 2005 14:00:00 -0500 To: undisclosed-recipients:; Subject: NCSU Information Technology Division Priority Notification Message-ID: X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.0.3.2, Antispam-Data: 2005.8.9.22 X-Spam-Status: No, Hits=7% X-Spam-Level: IIIIIII "

8/9/2005 4:09:47 PM

was just about to post this

8/9/2005 4:10:01 PM

I never got this email

8/9/2005 4:16:16 PM

^ me neither

8/9/2005 4:23:40 PM

I never got it either

8/9/2005 4:26:03 PM

webmail has been raped.

8/9/2005 4:26:15 PM

so happy I sent up blind forwarding to my gmail account.

8/9/2005 4:27:50 PM

Nevermind, I just got this message.

8/9/2005 4:30:01 PM

Someone post it on Slashdot.

8/9/2005 4:39:39 PM

ECU makes all students change PWDs every 6 months.

8/9/2005 5:02:19 PM

It's every semester at UNC

8/9/2005 5:03:51 PM

Here, our passwords are only valid for 90 days.

At State, I actually used the same one for all four years.

8/9/2005 5:08:37 PM

got this e-mail too.

8/9/2005 5:21:28 PM

But the link they gave doesn't work... oh well.

8/9/2005 5:23:47 PM

I wonder which servers got hacked. Just one or two, or all of them.

8/9/2005 5:59:37 PM

IT got hax

8/9/2005 6:05:02 PM

they had a huge hole in their shit for 5 days and no one noticed?

they should seriously fire everyone that works over there

8/9/2005 6:25:10 PM

fucking terrific

Quote :

"WebMail users who accessed the system between August 4th and August 9th"

...everyone?

8/9/2005 6:31:13 PM

hey its not that big a deal!

especially not for the people that used their SSN as their password!

its not like they have access to any of your personal information!

8/9/2005 6:35:30 PM

or have you password to access tracs or you financial information.

8/9/2005 6:41:35 PM

I think this is a phishing email

I mean, if webmail really was compromised how do we know this is legit...

8/9/2005 6:50:20 PM

and it is funny how the change password website is swamped and does not work...

8/9/2005 7:09:31 PM

it took like 10 mins, but i finally got through


u just gotta be patient

8/9/2005 7:09:55 PM

just got it as well...the link points to the real deal though, wtf? any word from you 31337 h4ck3r5 on the 51tu4t10n?

8/9/2005 7:10:50 PM

Funny thing is, attackers could have comprimised the password changing site and sent out the email in order to get thousands of user's account information.

8/9/2005 7:30:37 PM

wouldn't that be ironic?

8/9/2005 7:37:24 PM

i mean duh. that's what i did

8/9/2005 7:40:59 PM

so do we think this is legit


or not

8/9/2005 7:43:03 PM

it's legit

8/9/2005 8:01:34 PM

http://sysnews.ncsu.edu/news/42f935b7

8/9/2005 8:16:44 PM

omlol some body h4x3d sysnews!1

8/9/2005 8:18:51 PM

thx for the info

password changed

8/9/2005 9:11:39 PM

This is almost as bad as when all the credit card numbers NCSU Transportation had on file were stolen last year.(they literally broke in the building and stole the hard copies)

8/9/2005 9:44:06 PM

Quote :

"If you really want to use a word as your password, you can abide by these rules with some simple modifications. For example, mydoggie would be valid if changed to m1D0gg1e"

so there are advantages to l33t sp33k after all...

8/9/2005 10:50:02 PM

^^ didn't they open up the computers and steal the actual hard drives? hard copies would be pieces of paper correct?

8/10/2005 12:42:21 AM

Quote :

"Your password must: be at least 6 characters be no more than 127 characters"

holy shit

8/10/2005 12:47:39 AM

^^maybe, either way I know a physical burglary was involved.

I will always use six letter english words as my passwords. The odds of someone trying a brute force dictionary attack on my meager account are far, far less than the headache typing and remembering numerous complicated passwords adds to my life.

Google's fucking anal about acceptable passwords. The way I see it, it's the provider's responsibility to ensure that passwords are entered and kept securely. Trusting end users to protect the system is a mistake.

[Edited on August 10, 2005 at 12:59 AM. Reason : .]

8/10/2005 12:58:00 AM

this is pointless. If they already have my password, they can access nearly everything I have ever signed onto.

They SHOULD recommend changing every account's password in which a ditto password from your webmail is used.

8/10/2005 12:59:42 AM

yeah, now they know that my password to everything i use is qwerty123

GOSH

8/10/2005 2:34:55 AM

On the topic of simple 6-letter word passwords... It's not called a dictionary attack for nothing. All they do is scan trying to login to a system.

At the very least, change it to leet-speak. Then at least you've got some numbers in there and it increases the amount of time to break it a little.

8/10/2005 9:06:30 AM

so since I didn't get an email, then I wasn't compromised?

8/10/2005 9:22:08 AM

From what I've read, no. It seems like they went through the logs and sent out an e-mail to everyone that logged in and could have been compromised.

If you were using a client to access your e-mail, you should not have been affected either.

[Edited on August 10, 2005 at 9:32 AM. Reason : asdf]

8/10/2005 9:31:45 AM

anyone have links to more information about the kind of IRC servers installed by the "hackers" and the vulnerability exploited?

8/10/2005 9:34:09 AM