[22431] in Hotline Meeting
[ericolaf@MIT.EDU: Xlogin hacked]
daemon@ATHENA.MIT.EDU (Kimberly Carney)
Fri Apr 29 13:38:01 1994
To: hotline@MIT.EDU
Cc: op@MIT.EDU
Date: Fri, 29 Apr 94 13:37:51 EDT
From: Kimberly Carney <kim@MIT.EDU>
------- Forwarded Message
Received: from ATHENA-AS-WELL.MIT.EDU by po7.MIT.EDU (5.61/4.7) id AA29521; Fri, 29 Apr 94 13:36:52 EDT
Received: from CARBONARA.MIT.EDU by MIT.EDU with SMTP
id AA23470; Fri, 29 Apr 94 13:32:21 EDT
From: ericolaf@MIT.EDU
Received: by carbonara.MIT.EDU (5.57/4.7) id AA09740; Fri, 29 Apr 94 13:32:16 -0400
Date: Fri, 29 Apr 94 13:32:16 -0400
Message-Id: <9404291732.AA09740@carbonara.MIT.EDU>
To: ops@MIT.EDU
Subject: Xlogin hacked
Cc: sipb@MIT.EDU
Hello,
A freind of mine was just logged into m4-167-6. When he logged in
he noticed that the Xlogin program had been hacked to display the
message, "Give 'em Hell dml!!!" instead of the standard "Welcome to Athena."
When he did a 'ps -elf' he found two processes runing on his machine
by the user 'trellos'
One was a 'session_gate -logout'
the other a '/bin/sh /etc/athena/login/Xsession'
I have heard of similar reports coming from the Building 66 cluster.
Just wanted to make sure you knew about this.
Eric Richard
------- End of Forwarded Message
