Forwarded From: phreakmoi <hackerelite@deathsdoor.com>
From: http://www.news.com/News/Item/0,4,28303,00.html?st.ne.fd.mdh
Stanford email passwords stolen
By Reuters
Special to CNET News.com
November 3, 1998, 10:40 p.m. PT
Some 4,500 students and staff at Stanford University had their email
passwords stolen over the past three weeks, after hackers broke into the
California school's security system and then managed to avoid detection
for three weeks.
It is unclear whether the hackers actually read individual email messages.
School officials today said it appears the intruders broke into the system
for other malicious purposes but did not say what their intentions might
have been. Even so, the information they gained provided them access to
the contents of all the 4,500 email accounts until this morning, when
Stanford pulled the plug on the violated mail boxes and put tighter
security measures in place.
Stephen Hanson, director of the school's computer security, said he did
not know whether Chelsea Clinton, the daughter of President Bill Clinton,
was among those students whose email had been affected. "My understanding
is she has her own private email account, with much different security
features," he said.
A flaw in the Stanford computer security allowed the hackers to gain
access to so many accounts before they were discovered. The prestigious
university recently added security features to its computer network but
installed them improperly on a few machines and then never went back to
fix them, Hanson said.
The intruders happened to enter the system on one of the computers that
was especially vulnerable. "It was bad luck for us," Hanson said. "Good
luck for the hackers."
The hackers, believed to be working from Sweden and Canada, broke into the
Stanford computer system on October 11 with a data-stealing software
program called a "sniffer," which intercepts passwords as users are
logging on. Stanford provides students with free software that prevents
such break-ins, and those who had installed the software were not
violated, Hanson noted.
The school is now stepping up efforts to install the security software and
has started running more frequent checks to prevent future break-ins from
going undetected for so long. "We're doing what we should have been doing
from the beginning," Hanson said.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Wed Nov 4 10:05:06 1998