One of last week’s major event was the compromise of the NCSU Webmail system by hackers. What is surprising to me is the fact that the hackers had an IRC server running on 2 webmail servers for about 5 days before the IT Department staff noticed that the attackers might have captured user passwords.

The NCSU ITD system news bulletin has more information on the event. The NCSU password change facility was bogged down due to excessive network load after emails were sent to those that might have been affected by the exploit.

It seems that the attach was based on an April 2005 advisory posted on the Internet. It is named “Cacti Remote Command Execution Vulnerability”, and basically exposes vulnerability in the Cacti graphing tool. Cacti is a an RRDtool based package that uses mySQL databases to record various statistics about the network/server.

It is amazing to find out in conversations that some people do not change their passwords regularly, or have really funny password management tactics. Some people still use their SSN as passwords. Everyone should follow the guidelines on this website to choose passwords !