[271] in Security FYI
[Security-fyi] Security Compromise of Athena "Quickstation"
daemon@ATHENA.MIT.EDU (Jeffrey I. Schiller)
Thu Mar 3 16:21:08 2005
Date: Thu, 3 Mar 2005 16:19:02 -0500
From: "Jeffrey I. Schiller" <jis@MIT.EDU>
To: Security-FYI@MIT.EDU
Message-ID: <20050303161901.B741@mit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
cc: it-partners@MIT.EDU
cc: it-leads@MIT.EDU
cc: is&t@MIT.EDU
Errors-To: security-fyi-bounces@MIT.EDU
On Thursday, February 24th someone compromised many Athena "Quick
Stations" by replacing the login program with a version that recorded
user names and passwords. Apparently this version of the login program
was left in place for 24 hours and then removed by the perpetrators.
Late Tuesday night March 1st the perpetrators sent IS&T Staff as well
as people on several other mailing lists, a copy of approximately 600
username/password pairs. We locked the accounts of those users and
informed them of the problem. Many have since reset their
passwords. At this point we do not have any reason to believe that any
other such password stealing programs are in operation. However if you
are concerned about the security of your password, you can choose to
change it. You can do so either from an Athena workstation or on-line
via our new web form at http://wserv.mit.edu/cpw.
IS&T is continuing to investigate these events and will make changes
to further protect our environment. In our "open Athena environment,"
there is always the possibility that some members of the community
will choose to attack our infrastructure and make it difficult for the
rest of us to do our work. This is unfortunate, and we always
recommend that members of the community practice good personal IT
security: keep personal backups of important files and change
passwords regularly http://wserv.mit.edu/cpw. The IS&T Help Desk
(x3-1101, computing-help@mit.edu) is also available to assist you.
-Jeff
--
=============================================================================
Jeffrey I. Schiller
MIT Network Manager
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue Room W92-190
Cambridge, MA 02139-4307
617.253.0161 - Voice
jis@mit.edu
============================================================================
_______________________________________________
Security-fyi mailing list
Security-fyi@mit.edu
http://mailman.mit.edu/mailman/listinfo/security-fyi
