[Search for users]
[Overall Top Noters]
[List of all Conferences]
[Download this site]
| Title: | Europe-Swas-Artificial-Intelligence |
|
| Moderator: | HERON::BUCHANAN |
|
| Created: | Fri Jun 03 1988 |
| Last Modified: | Thu Aug 04 1994 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 442 |
| Total number of notes: | 1429 |
315.0. "Advisory! "They'll try anything to compromise syste" by ULYSSE::ROACH (TANSTAAFL !) Sun Apr 07 1991 12:34
I N T E R O F F I C E M E M O R A N D U M
Date: 06-Apr-1991 00:26am CET
From: KARR
KARR@SELECT@SELECT@HERON@ULYSSE@MRGATE@VALMTS@VBO
Dept:
Tel No:
TO: PATRICK ROACH@VBE
Subject: Advisory! "They'll try anything to compromise systems these days.. Please
'read and heed' to the message.. Thanks (Thanks Ed!!!)...
From: SELECT::JAMES 5-APR-1991 16:53:17.11
To: KARR
CC:
Subj: Roger, for your awareness
From: RANGER::DUNNINGTON "DTN: 226-2142 05-Apr-1991 1254" 5-APR-1991
12:59:51.32
To: @[DUNNINGTON]NET_B
CC: DUNNINGTON
Subj: CERT Advisory
From: RELYON::BORRERO "I AM AT 247-2800 TWO1/1-B23 POLE C17 05-Apr-1991 1246"
5-APR-1991 12:51:08.11
To: @INTEREST
CC: @STRATEGY,ROB,VARGAS,BORRERO
Subj: fyi
---------------------------------------------------------------------------
CA-91:03 CERT Advisory
April 4, 1991
Unauthorized Password Change Requests
Via Mail Messages
---------------------------------------------------------------------------
DESCRIPTION:
The Computer Emergency Response Team/Coordination Center (CERT/CC) has
received a number of incident reports concerning the receipt of mail
instructing the user to immediately change his/her password. The user
is further instructed to change the password to one that is specified in
the mail message.
These mail messages can be made to look as if they have been sent from
a site administrator or root. In reality, they may have been sent by
an individual at a remote site, who is trying to gain access to the
local machine via the user's account.
Several variations of these mail messages are circulating via the Internet
community. We are including one such example at the end of this
advisory.
IMPACT:
An intruder can gain access to a system through the unauthorized
use of the (possibly privileged) accounts whose passwords have been
changed.
SOLUTION:
The CERT/CC recommends the following actions:
1) Any user receiving such a message should verify its authenticity
with his/her system administrator before acting on the instructions
within the mail message. If a user has changed his/her password
per the instructions, he/she should immediately change it again
to a secure password and alert his/her system administrator.
2) System administrators should check with their user communities
to ensure that no user has changed his/her password in response to
one of these mail messages. If this has occurred, immediately
have the password changed again. Further, the system should be
carefully examined for damage, or changes that may have been
caused by the intruder. We also ask that you please contact the
CERT/CC.
3) The CERT/CC recommends that system administrators NEVER mail
such a request to a user. That is, NEVER send a request for
a password change to a user and also specify the new password
that should be used.
---------------------------------------------------------------------------
SAMPLE MAIL MESSAGE as received by the CERT (including spelling errors, etc.)
:
{mail header which may or may not be local}
:
This is the system administration:
Because of security faults, we request that you change your password
to "systest001". This change is MANDATORY and should be done IMMEDIATLY.
You can make this change by typing "passwd" at the shell prompt. Then,
follow the directions from there on.
Again, this change should be done IMMEDIATLY. We will inform you when
to change your password back to normal, which should not be longer than
ten minutes.
Thank you for your cooperation,
The system administration (root)
END OF SAMPLE MAIL MESSAGE
---------------------------------------------------------------------------
If you believe that your system has been compromised, contact CERT/CC via
telephone or e-mail.
Computer Emergency Response Team/Coordination Center (CERT/CC)
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
Internet E-mail: [email protected]
Telephone: 412-268-7090 24-hour hotline:
CERT/CC personnel answer 7:30a.m.-6:00p.m. EST,
on call for emergencies during other hours.
Past advisories and other computer security related information are available
for anonymous ftp from the cert.sei.cmu.edu (128.237.253.5) system.
% ====== Internet headers and postmarks (see DECWRL::GATEWAY.DOC) ======
Received: by enet-gw.pa.dec.com; id AA11707; Thu, 4 Apr 91 14:24:49 -0800
Received: by tictac.cert.sei.cmu.edu (5.65/2.5)
id AA16388; Thu, 4 Apr 91 15:52:22 -0500
Message-Id: <[email protected]>
From: CERT Advisory <[email protected]>
Date: Thu, 4 Apr 91 15:53:45 EST
To: [email protected]
Subject: CERT Advisory - Unauthorized Password Change Requests
| T.R | Title | User | Personal
Name | Date | Lines
|
|---|