[ISN] Stanford email passwords stolen by hackers

From: mea culpa (jerichoat_private)
Date: Wed Nov 04 1998 - 04:19:46 PST

  • Next message: mea culpa: "[ISN] Major Security Flaws In Int'l Web Sites"

    Forwarded From: phreakmoi <hackereliteat_private>
    From: http://www.news.com/News/Item/0,4,28303,00.html?st.ne.fd.mdh
    Stanford email passwords stolen
    By Reuters
    Special to CNET News.com
    November 3, 1998, 10:40 p.m. PT
    Some 4,500 students and staff at Stanford University had their email
    passwords stolen over the past three weeks, after hackers broke into the
    California school's security system and then managed to avoid detection
    for three weeks. 
    It is unclear whether the hackers actually read individual email messages. 
    School officials today said it appears the intruders broke into the system
    for other malicious purposes but did not say what their intentions might
    have been. Even so, the information they gained provided them access to
    the contents of all the 4,500 email accounts until this morning, when
    Stanford pulled the plug on the violated mail boxes and put tighter
    security measures in place. 
    Stephen Hanson, director of the school's computer security, said he did
    not know whether Chelsea Clinton, the daughter of President Bill Clinton,
    was among those students whose email had been affected. "My understanding
    is she has her own private email account, with much different security
    features," he said. 
    A flaw in the Stanford computer security allowed the hackers to gain
    access to so many accounts before they were discovered. The prestigious
    university recently added security features to its computer network but
    installed them improperly on a few machines and then never went back to
    fix them, Hanson said. 
    The intruders happened to enter the system on one of the computers that
    was especially vulnerable. "It was bad luck for us," Hanson said. "Good
    luck for the hackers." 
    The hackers, believed to be working from Sweden and Canada, broke into the
    Stanford computer system on October 11 with a data-stealing software
    program called a "sniffer," which intercepts passwords as users are
    logging on. Stanford provides students with free software that prevents
    such break-ins, and those who had installed the software were not
    violated, Hanson noted. 
    The school is now stepping up efforts to install the security software and
    has started running more frequent checks to prevent future break-ins from
    going undetected for so long. "We're doing what we should have been doing
    from the beginning," Hanson said. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:10:00 PDT