FYI, folks,
Excerpt: Linux Australia discovered the breach on March 24 after it noticed conference management software it uses called Zookeepr started sending a large number of error reporting emails, Hesketh wrote. A server had been attacked two days prior.
“It is the assessment of Linux Australia that the individual utilized a currently unknown vulnerability to trigger a remote buffer overflow and gain root level access to the server,” Hesketh wrote.
The attacker installed a remote access tool and then botnet command and control software. --- end excerpt ---
http://www.cio.com/article/2906814/linux-australia-breached-personal-details-leaked.html
mark
On Tue, 2015-04-07 at 12:28 -0400, m.roth@5-cent.us wrote:
“It is the assessment of Linux Australia that the individual utilized a currently unknown vulnerability to trigger a remote buffer overflow and gain root level access to the server,” Hesketh wrote.
The attacker installed a remote access tool and then botnet command and control software. --- end excerpt ---
http://www.cio.com/article/2906814/linux-australia-breached-personal-details-leaked.html
Its stupid and unprofessional to store personal data on a public accessible server when there is no current public requirement for that data.
How do these people ever become 'konputar xperts' ?
I would like to know what operating system was used and the method used to gain access.
On 4/7/2015 3:20 PM, Always Learning wrote:
Its stupid and unprofessional to store personal data on a public accessible server when there is no current public requirement for that data.
um, this mail list server is a 'public accessible server' and it has our email addresses, and possibly full names, which are 'personal data'.
a web forum often has more info that that, depending one what you filled in on your user profile. for instance, my registrations on several car-related forums include a list of the car year/models I own.
-
Always Learning -
John R Pierce -
m.roth@5-cent.us -
Peter Lawler