[147] in Security FYI
[Security-fyi] Increased Windows compromises
daemon@ATHENA.MIT.EDU (Bob Mahoney)
Wed Sep 4 15:08:43 2002
Mime-Version: 1.0
Message-Id: <a05111b1ab99bfb515b3d@[18.18.1.170]>
In-Reply-To: <5.1.0.14.2.20020904091449.027b7330@hesiod>
Date: Wed, 4 Sep 2002 14:45:49 -0400
To: security-fyi@mit.edu, it-partners@mit.edu
From: Bob Mahoney <bobmah@mit.edu>
Cc: security-internal@mit.edu
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Errors-To: security-fyi-admin@mit.edu
Recently, the Network Security team has learned that a
specific individual or group of individuals is aggressively
targeting Windows machines at MIT that have weak or blank
passwords. These attacks have been very successful, and about
twenty machines have been compromised in the last month.
These machines are being broken into on an increasingly frequent
basis, and have specific characteristics of compromise activity.
We have not been able to establish a pattern of machine
selection beyond blank passwords for privileged accounts. The risk
to machines with bad passwords is equally high. If a password is a
common one such as "password" or "admin", or if it matches a user
name or the computer name, it should also be changed immediately.
Because of the critical nature of this threat, the Network Security
will begin disabling machines with blank passwords immediately.
Notification will be sent to the registered owners at that time. This
will be done to minimize damage done by a compromise and to
lessen the time required to recover from the situation.
System administrators should verify that all machines under their
control have strong passwords to prevent loss of connectivity. Information
on choosing strong passwords can be found at:
http://web.mit.edu/is/pubs/rp-07/
The Network Security Team
[ We prefer e-mail to security@mit.edu, which reaches all members of
the team. Please use e-mail communication if at all possible.
Otherwise, please refer to the names of the Network Security team
leaders at the top of http://web.mit.edu/net-security/www/team.html ]
_______________________________________________
Security-fyi mailing list
Security-fyi@mit.edu
http://mailman.mit.edu/mailman/listinfo/security-fyi
