========================================================================= SECURITY ALERT: OVER 700 PASSWORDS COMPROMISED! ========================================================================= Joanne Costello Network Services In early January IS staff became aware that intruders had compromised a machine on MITnet and used it to monitor network traffic. Files left behind by the crackers indicate that at least 700 MIT computer passwords were captured during a two-day period in November. These individuals may have been collecting passwords for several months and many more people may be affected. The intruders may still be active somewhere on MITnet. Due to the serious nature of this attack, all MITnet users should change passwords on all network-accessed accounts immediately and frequently. You are at particular risk if you use rlogin, telnet, or FTP to access machines across MITnet or at remote sites, as these applications send unencrypted passwords across the network. In the past year reports of intruders monitoring traffic across the Internet have increased dramatically. Typically attackers break into a workstation and set up a "packet sniffing" program that lets them monitor traffic on the network to which the compromised machine is connected. They can then capture passwords on machines on other networks, across campus or around the world. WHO'S AFFECTED? =============== Applications that send passwords in the clear over the network are vulnerable to "password sniffing" attacks. Specifically, you are at risk if you: * Telnet to the Athena dialup service from a dorm room using non-secure telnet software. * Go to a public cluster, log into an Athena workstation, and use telnet, rlogin, or ftp to connect to a computer that doesn't support secure telnet. * Log into a workstation in your office or lab and use rlogin, ftp, or non-secure telnet to connect to another computer. * Log into EREQ from your office workstation using non-secure telnet. WHAT SHOULD YOU DO? =================== No "silver bullet" protects against this type of attack on an open network like MIT's. The best defense is conscientious password management, careful system management and, whenever possible, use of applications that support Kerberos or public key security such as PGP (Pretty Good Privacy). CHANGE YOUR PASSWORD Choose a password that is at least seven characters long and is a combination of upper- and lower-case letters, numbers, or other symbols appearing on a keyboard. Change it frequently. USE KERBEROS-SECURED APPLICATIONS TechMail is an example of a Kerberos-secured application. Also for telnetting to Athena dialup (athena.dialup.mit.edu) or EREQ, you can use NCSA Telnet 2.6.1d4 - or higher - for Macintosh (see page 2) or, on Athena, use the command telnet -safe. ATTEND A SEMINAR IS has scheduled two seminars on security. On January 24, Jeff Schiller will talk about Network Security for System Managers (E40-302, 1:30-3pm; repeated on January 25 and 27). On February 2, Joanne Costello will present Security On MITnet: Be Aware! Be Secure! (3-133, 11am-12:30pm). RELATED RESOURCES ================= You can find Computer Emergency Response Team warnings in TechInfo by searching on the keyword "CERT." Athena users can attach the "info" locker and look in the directory /mit/info/Security If you have questions or comments, send mail to . For more information, you can also type: athena% add sipb athena% Mosaic http://web.mit.edu:1962/tiserve.mit.edu/9000/34866.html or, if you are on a dialup machine: athena% add outland athena% lynx http://web.mit.edu:1962/tiserve.mit.edu/9000/34866.html