[142] in Security FYI
[Security-fyi] Weak or missing Windows passwords being actively exploited
daemon@ATHENA.MIT.EDU (Bob Mahoney)
Fri Apr 12 12:17:27 2002
Mime-Version: 1.0
Message-Id: <p05010409b8dcb44defb7@[66.92.67.186]>
Date: Fri, 12 Apr 2002 12:09:01 -0400
To: netusers@mit.edu, security-fyi@mit.edu
From: Bob Mahoney <bobmah@mit.edu>
Errors-To: security-fyi-admin@mit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Over the past months the Network Security team has made regular
efforts to detect missing or weak administrative and privileged
passwords on Windows systems on campus, notifying system owners and
asking that effective passwords be put in place.
This past week we have seen a sharp rise in the number of systems
being compromised via weak or missing passwords of accounts with
Administrator privileges. This activity has largely been via
automated "worm" exploits, resulting in rapid compromise of large
numbers of systems.
Accordingly, we are adjusting our response to password problems of
this nature. Beginning last night, we are taking immediate action
when missing or weak passwords are detected on Windows systems.
Network service to these systems will be severed, and mail sent to
the listed machine contact describing how to properly set a password,
along with other relevant information. As soon as passwords are set
for these accounts, service will be restored.
Our hope is to protect vulnerable systems from compromise, which
would require a full reinstallation of the affected system to
resolve; thus, protecting user data, and limiting the need to
reformat/reinstall such systems by taking immediate action.
This becomes the second situation when we will disable a Windows
system IN ADVANCE of actual compromise, along with unpatched
vulnerabilities on the IIS web server process. In both cases the
hope is that by briefly interrupting the service to such systems, we
will prevent the spread of automated compromise, and allow users to
return to a secure state with as little disruption as possible.
We ask all Administrators of Windows NT, 2K, or XP systems check that
ALL LOCAL accounts have strong passwords. Some advice for choosing
effective passwords can be found at:
http://web.mit.edu/net-security/www/one-sheets/password-change.html
Contact information currently on file will be used. You can
verify/update your contact info via:
https:/nic.mit.edu/bin/hostupdate
Thank you.
- -Bob Mahoney, for security@mit.edu
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3
iQA/AwUBPLcGp3rxxeI5xewJEQL6WgCfQZmPgkWqAuAY+lGGpLkl9Z3nDl4An3YN
qhmy+zuGp/bHuoZuyBZFDZK3
=OPk/
-----END PGP SIGNATURE-----
_______________________________________________
Security-fyi mailing list
Security-fyi@mit.edu
http://mailman.mit.edu/mailman/listinfo/security-fyi
