Forwarded From: phreakmoi <hackereliteat_private> From: http://www.news.com/News/Item/0,4,28303,00.html?st.ne.fd.mdh Stanford email passwords stolen By Reuters Special to CNET News.com November 3, 1998, 10:40 p.m. PT Some 4,500 students and staff at Stanford University had their email passwords stolen over the past three weeks, after hackers broke into the California school's security system and then managed to avoid detection for three weeks. It is unclear whether the hackers actually read individual email messages. School officials today said it appears the intruders broke into the system for other malicious purposes but did not say what their intentions might have been. Even so, the information they gained provided them access to the contents of all the 4,500 email accounts until this morning, when Stanford pulled the plug on the violated mail boxes and put tighter security measures in place. Stephen Hanson, director of the school's computer security, said he did not know whether Chelsea Clinton, the daughter of President Bill Clinton, was among those students whose email had been affected. "My understanding is she has her own private email account, with much different security features," he said. A flaw in the Stanford computer security allowed the hackers to gain access to so many accounts before they were discovered. The prestigious university recently added security features to its computer network but installed them improperly on a few machines and then never went back to fix them, Hanson said. The intruders happened to enter the system on one of the computers that was especially vulnerable. "It was bad luck for us," Hanson said. "Good luck for the hackers." The hackers, believed to be working from Sweden and Canada, broke into the Stanford computer system on October 11 with a data-stealing software program called a "sniffer," which intercepts passwords as users are logging on. Stanford provides students with free software that prevents such break-ins, and those who had installed the software were not violated, Hanson noted. The school is now stepping up efforts to install the security software and has started running more frequent checks to prevent future break-ins from going undetected for so long. "We're doing what we should have been doing from the beginning," Hanson said. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:10:00 PDT