UpDate - Vol. 13, No. 10, Page 1
November 4, 1993
System secure after breach

     Hackers from outside the University this week breached the security of
many access codes on the central Unix computers, according to Dan Grim,
executive director of network and systems services.
     The computers were immediately secured by measures that included
changing the passwords for more than 2,300 access codes, Susan
Allmendinger, assistant director of systems security and access, said. "No
system resources were contaminated," she said.
     "Any computer system is vulnerable to attacks from sophisticated
hackers, who can sometimes attack the systems over the Internet network,"
Grim explained. "The University learned about this week's breach through
the Computer Emergency Response Team (CERT), an organization that provides
security support to users of the Internet.
     "The hackers obtained the 2,300 passwords using a program called
'Crack,'" Grim said.
     "Users can protect themselves from this kind of attack by selecting
passwords that are not proper names or words in the dictionary, which the
Crack program can guess easily," Grim said.
     Allmendinger said her staff in 002A Smith is prepared to help affected
people regain access to their accounts. "Some special procedures are in
place to make this happen as quickly as possible," she said.