Now it's NUS getting screwed over

[laksaboy]

http://www.scmagazine.com.au/News/285906,singapore-university-hacked.aspx

Singapore University hacked
By Darren Pauli on Jan 5, 2012 3:15 PM

Usernames, passwords, and domain information exposed.

 

[spotter542]

First POSB / DBS now NUS , who's next ?
www.harrymustdie.com ? :p

 

[scroobal]

intra 2 comments collapsed CollapseExpand Okay,
Lets clear some stuff up

This hack was NOT targeted, it was simply a demonstration of how weak their security was. In no way do we have any problem with the University.

A) File_Priv = Y (We could have defaced the University's hompage if we wanted to, by writing a backdoor onto their server)

B) They try to prevent hackers by sending out a simple statement "If you're trying to use the SQL error message to dig for juicy information, get lost.” , however they do nothing to actually ensure that they are safe. It only took 5 minutes of WAF bypassing to get past their weak security.

C) Yeah their passwords WERE hashed. But let me remind you, it took our team less then 4-5 hours to decrypt all staff hashes. They were not MD5 but rather mysql hashes. All passwords were very easy.

D) Agreed upon, the article did have some flaws, but im sure my mate darren may have been in a hurry.

E) Just clearing this up, it is not our intentions to LEAK any private data to the public. We are just here to show the poor security standards some websites have. We have our best intentions. NOTHING was changed on the server, and NO ONE was harmed.

F) A hack is still a hack. Someone at sometime, did have access to the same database and god knows what they did with it. This is known as we searched for one of the hashes and the whole dump of hashes only were posting on a password cracking forum, also known as InsidePro. No one on that server is safe, if this is absolutely the case.

G) Sorry for making this a pain to read, however National University of Singapore had and still has many more holes in their website.

Thanks,
Team Intra