[funsec] Question for the group

Paul Schmehl pauls at utdallas.edu
Sun Feb 12 13:48:24 CST 2006


--On February 12, 2006 9:02:07 AM -0500 TheGesus <thegesus at gmail.com> wrote:

> On 2/11/06, Paul Schmehl <pauls at utdallas.edu> wrote:
>> Recently we discovered that some message boards in China were posting the
>> urls for web proxies at various universities, along with "login
>> credentials".  In our case that meant the url and a sixteen digit number
>> that represented our "Comet Card" IDs, smart cards that we issue to every
>> student, staff and faculty member when they arrive.
>>
>
> Do you think maybe what they're after is the Comet Card # and they are
> only using the proxy to generate & test valid #'s?
>
> What else can you get with a Comet Card?
>
Nothing digital.  The library proxy is the only use of that ID that allows 
remote access.  Everything else it's used for (like checking out books) 
requires a physical presence.

> I suppose this is the place...
>
> http://libproxy.utdallas.edu/login

Yes, that's it.

Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/


More information about the funsec mailing list