[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Storm Brewing Over Forged Bob Rae Posting?



Tim wrote:

>In yet another piece of news, Netcom has apparently been
>hacked/attacked rather badly. The "netcom.general" discussion group
>(local to Netcom) is filled with garbage posts, forged posts,
>cancelled articles, etc. Messages about "root" being forged appeared,
>then disappeared. Netcom is quiet on this, but has been running
>"crack" on all of their machines for the last several days--apparently
>to (somehow?) help to find security flaws....I have no idea why
>running crack to find weak passwords of users is such a high priority.
>Maybe the apparent attack is related, maybe not.

Netcom has unauthorized access problems for the longest time. My account
has been deleted three times in as many months. Neither sysadmin nor
accounting had any explanation or record of the deletion. No, I didn't owe
them money. This has not been an isolated incident (see the article about
Netcom under the fitting title "Sysadmins without a clue" in the Summer '94
issue of 2600).

Netcom states in their announcement in netcom.announce that the passwords
compromised were of a type that could be found in a dictionary attack. This
would explain why they are running crack. Seems someone else has run crack
before them. It also seems that [email protected] made the mistake of
choosing a pw that is subject to a dictionary attack. Well, sysadmins
without a clue.




-- Lucky Green <[email protected]>
   PGP encrypted mail preferred.