It doesn't say so in the report
|
| Author | Content |
|---|---|
| tracyanne May 09, 2009 12:52 AM EDT |
But, if you follow the link http://datatheft.berkeley.edu provided in the report, it's pretty obvious which Database and which Server software were being used, the Web Server is IIS6. |
| chalbersma May 09, 2009 1:46 AM EDT |
Another sad episode of IIS6 failing again. |
| tracyanne May 09, 2009 3:28 AM EDT |
@chalbersma, No it wasn't a case of IIS failing, as far as I know, but IIS only runs on one operating system. |
| gus3 May 09, 2009 8:11 AM EDT |
ta, I looked it over, and I don't see anything that identifies the platform. How can you tell? |
| tracyanne May 09, 2009 8:53 AM EDT |
Follow the link to the website, if you have server spy installed on firefox, it will identify the Webserver that the website is running on. Chances are that if this particular web server is being used the rest of the systems will rely on the same operating system. |
| phsolide May 09, 2009 12:35 PM EDT |
Wait, you mean it was a *Windows* breach, but the press reported it as a generic "computer" break in!?! Shocking, just shocking! Why, when a Linux or Mac OSX problem occurs, it's all over the headlines, like this: http://blogs.zdnet.com/security/?p=3346 even though it's "lame" ( http://www.sophos.com/blogs/gc/g/2009/05/05/lame-email-worm-... ) and one would guess that a similarly "lame" Windows worm appears at least daily. It's hard not to believe in a paid-off industry trade press, but stranger things have happened. |
| tracyanne May 09, 2009 5:03 PM EDT |
Yes phsolide was - And I am so surprised...... Not - it was Once Again a Microsoft Windows Server product that the security breach occured on. Hands up all those who really thought it was some other operatings system. |
| azerthoth May 10, 2009 12:17 AM EDT |
tracyanne I hate to say this, but having one computer on there serving up IIS in now way even remotely indicts the rest of berkely.edu of doing so. Take into account some on the other major projects coming from there and I am more likely to believe IIS there is an exception, not the norm. |
| tracyanne May 10, 2009 1:26 AM EDT |
@azerthoth, if their website is running on IIS, the database that is serving it, and it is database drive - it's a web application, they will have other related stuff using the same web server and database, That will be IIS and MS SQL Server. There is an probability very close to 1 that all the student records were stored on a MS SQL database, and there student logons are via an IIS served website. It doesn't make financial sense to buy MS SQL Server, and Windows Server just for a public facing website. |
| vainrveenr May 10, 2009 3:08 AM EDT |
Quoting:it was Once Again a Microsoft Windows Server product that the security breach occured on. Hands up all those who really thought it was some other operatings system.Both hands down here. And there are likely other pieces of evidence for a strong conjecture that at least some berkeley.edu webmaster(s) and/or sysadmin(s) have close ties to MS-Windows. Published at the UC Berkeley's Job site, http://jobs.berkeley.edu/, for the public to face : Quoting:Browser Compatibility Talent Acquisition Manager/Candidate Gateway has been tested on:Fairly clear from this alone which OS's the UC Berkeley 'Jobs' webmaster(s) and admin(s) prefer. Also somewhat ironic that the UC Berkeley 'Jobs' site posted a Hiring Freeze, and yet UC Berkeley with Waggener et al have now been impelled to go out of their way to hire an "outside Internet security firm" to assist fixing the breach on the university's own internal and restricted UHS computer databases -- as well as to maintain their 'Data theft' site http://datatheft.berkeley.edu/ -- Two clear and leading questions following this : Should UC Berkeley's Waggener et al make more use of the *nix OS it originally distributed (http://en.wikipedia.org/wiki/Berkeley_Software_Distribution) for future hardening of its public-facing database servers ?? Does anyone think that this particular OS-hardening step or something similar would NOT have made any significant difference in the security breach of the UHS databases ?? |
| azerthoth May 10, 2009 3:16 AM EDT |
tracyanne using the tool you recommended, you need only move off of that subdomain http://www.berkeley.edu/ to loose IIS and find apache. sub domains dont even have to be in the same hemisphere let alone be served up from the same server setup, you already knew this. Not saying that the entire thing isnt being served up by some MS monster, I'm saying that the facts dont support the statement that the rest of the system at the home of BSD, Boinc, and a few others is the same as an individual sub domain that had to get propped up fairly quickly. They dont even support saying that anything other than this sub domain is. edit following a few links I found apache on fedora listed in a few spots too. /edit |
| tracyanne May 10, 2009 3:54 AM EDT |
@Az, the report at http://datatheft.berkeley.edu/news.shtml reads "The University of California, Berkeley, today (Friday, May 8) began notifying students, alumni and others that their personal information may have been stolen after hackers attacked restricted computer databases in the campus's health services center." That's the Health Services Databases, a quick look at the Health Services public site http://uhs.berkeley.edu/ shows that the web server is IIS6. To my mind that gives us a probability of 1 that it was a breach of a Windows Sever. |
| TxtEdMacs May 10, 2009 7:19 AM EDT |
tracyanne, Sorry, on the basis of probability (even ignoring quantum effects), the probability must begin with a zero even if there a lots of nines following the decimal point or comma, U.S. or European representation, respectively. Best practices too would put the database server on its own server, which could easily be nix based. While that affords some protection, if the scripts could be read, from what I have seen the db passwords are in clear text*. Given a proper account the database could be owned by an external user to at very least plunder the data whatever server OS it resided upon. Using Windows type servers might make it easier, however, as the break in on the Fedora and / or Redhat servers showed none are necessarily invulnerable to a skilled attacker. [all serious, well mostly] YBT * I do not know if that is universal, but it drove me insane (if that's possible) when I first saw this. Luckily if just run (php, perl, python ... server based) scripts disappear, the external user only sees the results not the code, however, if they can trace the location (which should be off the web server) and they can gain read access they are one step closer to a successful break in. |
| azerthoth May 10, 2009 11:28 AM EDT |
TA thats not the claim you madeQuoting:Chances are that if this particular web server is being used the rest of the systems will rely on the same operating system. |
| tracyanne May 10, 2009 5:14 PM EDT |
Oh dear, I was imprecise. I'll take myself down to the dungeon for some punishment. |
| NoDough May 11, 2009 3:38 PM EDT |
http://toolbar.netcraft.com/site_report?url=http://datatheft... |
| tuxchick May 11, 2009 3:57 PM EDT |
Quoting: I'll take myself down to the dungeon for some punishment. We're ready for you. An entire network of Windows ME PCs. |
| caitlyn May 11, 2009 4:32 PM EDT |
ME or CE or both? CE was pretty much torture when I tried it. Oooh... maybe we can find a few to run Microsoft Bob as well. |
| tuxchick May 11, 2009 4:33 PM EDT |
Wince. Giggle. At last, truth in naming. |
| caitlyn May 11, 2009 4:34 PM EDT |
I've called it wince for years. but... What about Bob? |
| tuxchick May 11, 2009 5:10 PM EDT |
Ah, good ole Microsoft Bob. I believe he has a new career as Smiling Bob, for Enzyte. |
| tracyanne May 11, 2009 5:27 PM EDT |
I've decided to forego the punishment, I'm not sure I'll survive that. |
| caitlyn May 11, 2009 8:47 PM EDT |
tuxchick has mentioned possibly the only thing more torturous than running Windows. Watching those commercials would be insanely painful, possibly deadly in very short order. |
| gus3 May 11, 2009 9:07 PM EDT |
Actually, Microsoft Bob was re-factored into Clippy the Psycho Office Nag. ("Psycho" because only a total nut-job can smile like that while everything is falling apart.) |
| tracyanne May 11, 2009 9:48 PM EDT |
The idea is to make the user feel good about what's happening, smiles al round. |
| NoDough May 12, 2009 11:47 AM EDT |
>> Watching those commercials would be insanely painful, possibly deadly in very short order. Not to worry. The makers and distributors of Enzyte have been sued into oblivion. However, I'm sure Bob will again resurface in yet another situation in which he fails to perform. |
| gus3 May 12, 2009 12:05 PM EDT |
NoDough, if I understand correctly, the Enzyte corp got bought out. In any case, the commercials are showing again. Which is good, because they're more fun to watch than the two bathtubs. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!