From dpelleg+ at cs.cmu.edu Wed Apr 9 21:31:41 2003 From: dpelleg+ at cs.cmu.edu (Dan Pelleg) Date: Wed, 9 Apr 2003 21:31:41 -0400 Subject: [auton-users] UX10 & UX12 break-ins Message-ID: <16020.51581.532016.464049@toto.wburn> SCS facilities have recently announced a password sniffing incident affecting users of UX10 and UX12. The notice is posted below. If you "finger" a CS user you will see their maildrop machine, inside square brackets. I know of at least two lab members with accounts on these machines. As a precaution, I am disabling SSH access for these people. The logs indicate they haven't logged in recently anyway so this is only a minor inconvenience for them. If you are affected, contact admin at autonlab.org to have your AUTON password changed. Mention any information you received from facilities and is not shown below. Please mention if you used the same password in other places. In particular, if you used it for root access to your own desktop machine, we should notify all the other users of the machine and possibly have them change their passwords too. Note that since many machines we use allow access to all of us, you may be indirectly affected even if you're not a user of UX10 or UX12. This is a good time to remind people to use different passwords to different systems. I recommend using a password-manager to keep track of all your passwords. Personally, I use one on my PDA. If anyone has recommendations for something that runs on standard UNIX, offers strong encryption for the stored passwords, and is easy to use, please post them. -------------------- UX10.SP.CS.CMU.EDU and UX12.SP.CS.CMU.EDU were both broken into. As a result, those hosts were removed from the network so they could be re-installed and secured. They should be back in service sometime on Wednesday evening. The intruder(s) installed a password sniffer that was capable of bypassing some of the normal encryption mechanisms used to protect against such snooping. We have disabled those SCS Kerberos passwords that are known to be compromised. Mail has been sent to people affected, since many of them are still able to read their e-mail via POP. If you have problems using your password, or using UX10 or UX12, please contact the SCS Help Desk at x8-4231 (M-F, 9-5). --------------------