Feeds

Unix fiends attack universities

Have Solaris or Linux - will hack

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

A number of research institutions and high performance computing hubs have come under attack with software miscreants performing "sophisticated" attacks on Solaris and Linux boxes.

Stanford University last week issued a notice about the assaults, posting a rich explanation of how the coders have cracked the Unix systems.

"An unknown attacker (or group) has compromised numerous multi-user Solaris and Linux computers on Stanford's campus using a variety of mechanisms," the notice said. "In most cases, the attacker gets access to a machine by cracking or sniffing passwords. Local user accounts are escalated to root privileges by triggering a variety of local exploits, including the do_brk() and mremap() exploits on Linux and the sadmind, arbitrary kernel loading modules and passwd vulnerabilities on Solaris."

Surprisingly, a Slashdot discussion about the attacks steered clear of Microsoft conspiracy theories. A plot to damage the good names of Solaris and Linux is not to blame for the attacks but rather poor patching policies. Fixes to block the attacks have been available for some time.

Stanford has urged admins to bring their systems up to date. ®

Related stories

Auditing the mind of a hacker
Stopping the enemy at the gate
The perils of Googling
Homeland insecurity starts at home

Intelligent flash storage arrays

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.