TO: Members of the MIT Community FROM: Joanne Costello Date: 23 February 1994 Subject: Computer Security Alert In recent weeks, there has been a dramatic increase in reports of intruders monitoring network traffic across the Internet. Systems of some service providers have been compromised, and all systems that offer remote access through rlogin, telnet, and FTP are at risk. Intruders have already captured access information for tens of thousands of systems across the Internet. Change your password While we are not aware of any incident of a specific security breach at MIT, Information Systems is concerned by this increased cracking activity. Since all passwords are vulnerable to interception, we would like to take this opportunity to encourage you to change passwords on any network-accessed account. Your new password should be at least 6 characters long, and can contain any combination of UPPER- and lower-case letters, numbers, or other symbols that appear on a computer keyboard. For further information on choosing a secure password, see Athena's On-Line Help Service or read Guidelines to Choosing a Password in the Computing directory on TechInfo. We recommend that you change your password frequently - at least once every three months if not more often. If you use services outside of MIT or you access your MIT accounts from outside, you should consider changing your password more frequently SUN/OS users The current attacks involve a network monitoring tool that uses the promiscuous mode feature of your network interface. Using this feature the intruders can program your machine to monitor traffic on the network segment to which your machine is connected. This can compromise users of your machine as well as anyone else connected on the same segment. This is accomplished via a device interface called "/dev/nit". Systems known to support the /dev/nit interface include certain releases of SUNOS 4. If you are running such a system, we recommend that you read the CERT warnings. You can find the CERT warnings either in TechInfo by searching for the keyword "CERT" or looking in the menu path: Computing->Networking->Security. Athena users can attach the "info" locker and look in the directory /mit/info/Security. If you have questions or comments or would like a copy of the CERT warnings and/or Guidelines to Choosing a Password, please send electronic mail to