[15225] in Hotline Meeting
Possibly hacked workstation
daemon@ATHENA.MIT.EDU (dethomas@Athena.MIT.EDU)
Tue Apr 20 15:57:59 1993
From: dethomas@Athena.MIT.EDU
Date: Tue, 20 Apr 93 15:57:52 -0400
To: hotline@Athena.MIT.EDU
Cc:
--------
We got a question from someone who reported that someone had
logged in under her on an RS6000 in bldg 4 (M4-035-15). We
found it access_on even though she had not turned it on herself.
Apparently utmp was hacked so that you couldn't finger at the
machine and tell who else was logged on. There was a process
owned by weiming that was idle for 28 days or so.. Access was
turned off a short time later even though she claims not to
have done it herself.
Might be a good idea to check out the workstation (or at least
reboot it).
Drea Thomas
Athena Consultant
