Computer security breached By Susan B. Jones and Cecilia d'Oliveira Information Systems Late last week, MIT's Information Systems staff learned that intruders had compromised a machine on the MIT network and used it to monitor network traffic. Files left behind by the crackers indicate that at least 700 MIT computer passwords were captured during a two-day period in November. It is possible that these individuals have been collecting passwords for several months and that many more people may be affected. We cannot be sure that they are not still active somewhere on MITnet. Because of the serious nature of this attack, IS recommends that all MITnet users change passwords on all network-accessed accounts immediately and frequently. You are at particular risk if you use rlogin, telnet or FTP to access machines across MITnet or at remote sites because these applications send unencrypted passwords across the network. In the past year, reports of intruders monitoring network traffic across the Internet have increased dramatically. Typically attackers break into a workstation and set up a "packet sniffing" program that enables them to monitor traffic on the network to which the compromised machine is connected. This lets them capture passwords on machines on other networks which may extend across a campus or around the world. What should you do? There is no "silver bullet" that protects against this type of attack on an open network like MIT's. The best defense is conscientious password management, careful system management, and use of applications that support Kerberos or public key security systems such as PGP (Pretty Good Privacy) whenever possible. Change your password If you send your password across the network in the clear for example by using telnet or FTP, change your password immediately. You are at risk. Choose a password that is more than seven characters long and is a combination of upper- and lower-case letters, numbers, or other symbols appearing on a keyboard. Change it frequently. Use Kerberos-secured applications Since all unencrypted passwords flowing over the network are vulnerable to interception, we encourage you to use network services which provide Kerberos security whenever possible. TechMail is an example of a Kerberos-secured application. If you are using an Athena workstation in a cluster or in your lab or office and do not use telnet, you are not vulnerable to this attack. Attend a seminar Information Systems is planning a series of seminars and documents for systems administrators and the general community. Check TechInfo (Computing -->Networking (general) -->Security) for dates, times, and place or on the World Wide Web http://web.mit.edu/network/security. For more information, you can find related CERT (Computer Emergency Response Team) warnings either in TechInfo by searching for the keyword "CERT" or looking in TechInfo (Computing -->Networking (general) -- >Security). Athena users can attach the "info" locker and look in the directory /mit/info/Security. E-mail other questions or comments to . .