109 lines
5.1 KiB
Plaintext
109 lines
5.1 KiB
Plaintext
Date: Wed, 16 Dec 92 18:41:37 PST
|
|
Reply-To: <cocot@osc.versant.com>
|
|
Message-ID: <surfpunk-0014@SURFPUNK.Technical.Journal>
|
|
Mime-Version: 1.0
|
|
Content-Type: text/plain
|
|
From: cocot@osc.versant.com (Captain COCOT)
|
|
To: surfpunk@osc.versant.com (SURFPUNK Technical Journal)
|
|
Subject: [surfpunk-0014] SECURITY: MIT Athena Incident
|
|
Keywords: surfpunk, security, athena
|
|
|
|
I would call this the worst Internet security incident I know of. I
|
|
suppose we'll read about this one in years to come. Kaptain Kludge
|
|
sends it.
|
|
|
|
Telnet, sending usernames and passwords in plaintext throughout the
|
|
net, is asking for trouble. This is part of the reason I'm interested
|
|
in the Public Key techniques of encryption *and* authentication.
|
|
|
|
Captain Cocot
|
|
________________________________________________________________________
|
|
________________________________________________________________________
|
|
|
|
Return-Path: <cec@MIT.EDU>
|
|
Date: Mon, 14 Dec 92 19:14:37 EST
|
|
To: infosys@MIT.EDU
|
|
Subject: FYI - Computer Security Incident
|
|
|
|
Over the weekend Information Systems staff discovered that one of the
|
|
Institute's Athena dialup servers had been compromised through an
|
|
unauthorized modification of the machine's system software.
|
|
|
|
If you have used the Athena dialup service during the last
|
|
two months to telnet to other machines, read on. Your
|
|
accounts on other machines may have been compromised.
|
|
|
|
Specifically, each time the telnet command was executed on this Athena
|
|
dialup machine the userid, password, and name of the system to which the
|
|
Athena user was connecting were evidently captured by an unauthorized user.
|
|
This individual is now in a position to use the captured information to
|
|
gain access to other systems. Our official system logs indicate that
|
|
during the time the modified version of the telnet program was in place,
|
|
over 4000 individuals used this particular dialup server. Those
|
|
individuals who executed the telnet command from this machine within the
|
|
past two months may have had their accounts on other machines compromised.
|
|
|
|
Check your username
|
|
|
|
To determine whether you are among the 4000 individuals most at risk, you
|
|
can use a command called checkmyid located in the Athena info locker. From
|
|
your Athena account, at the athena% prompt, type:
|
|
|
|
attach info
|
|
/mit/info/checkmyid
|
|
|
|
Change your password
|
|
|
|
We recommend that all Athena users change their passwords frequently - once
|
|
a semester is recommended. If checkmyid verifies that you are one of the
|
|
4000 people who used this specific dialup server during the last two
|
|
months, we STRONGLY recommend that you change your passwords immediately on
|
|
ALL systems, including Athena, to which you may have telneted. You must
|
|
assume that all accounts you may have reached using telnet are compromised.
|
|
|
|
Your new Athena password should be at least 6 characters long, and can
|
|
contain any combination of UPPER- and lower-case letters, numbers, or other
|
|
symbols that appear on the computer keyboard. For further information on
|
|
choosing a secure password, see Athena's On-Line Help Service.
|
|
|
|
Alert others
|
|
|
|
In addition please inform the system manager of any machines - including
|
|
Athena workstations in faculty offices - to which you may have connected,
|
|
since it is possible that the intruder may have used your account to
|
|
compromise those machines as well.
|
|
|
|
The individual who compromised our system used a pattern of attack
|
|
identical to one used by an individual operating from outside the MIT
|
|
community to attack a number of systems across the country during the past
|
|
year. In all likelihood, if you are among those whose accounts were
|
|
compromised, you will probably not find any damage to your files. This
|
|
individual's mode of operation is believed to be limited to breaking into
|
|
accounts for the sole purpose of discovering any userids and passwords
|
|
stored there to enable him to break into additional systems.
|
|
|
|
We sincerely apologize for the inconvenience this causes our user
|
|
community. We have taken immediate steps to eliminate this particular
|
|
security threat and we are reviewing and modifying our operational
|
|
procedures to limit our vulnerability to this and other types of attacks in
|
|
the future.
|
|
|
|
If you have any questions or comments, please send electronic mail to
|
|
<netsecurity@mit.edu> or contact your Athena cluster manager.
|
|
|
|
________________________________________________________________________
|
|
________________________________________________________________________
|
|
|
|
The SURFPUNK Technical Journal is a dangerous multinational hacker zine
|
|
originating near BARRNET in the fashionable western arm of the northern
|
|
California matrix. Quantum Californians appear in one of two states,
|
|
spin surf or spin punk. Undetected, we are both, or might be neither.
|
|
________________________________________________________________________
|
|
|
|
Send postings to <surfpunk@osc.versant.com>, subscription requests
|
|
to <surfpunk-request@osc.versant.com>. MIME encouraged.
|
|
Xanalogical archive access soon. Confusion to our enemies.
|
|
________________________________________________________________________
|
|
________________________________________________________________________
|
|
|