A hacker recently succeeded in breaking into the computer used by Cornell Information Technologies for the Traveler's Mail service. As a result, NetID passwords used for e-mail may have been compromised.
The hacker did no damage to the CIT computer, but apparently used it as a base for nuisance attacks on other computers on the Internet, according to Doug Carlson, associate director for systems and engineering for CIT. It also is possible that the hacker could have obtained passwords being used by both Traveler's Mail and regular mail users, Carlson said.
The Traveler's Mail service, which allows users to access their mail from almost any computer, without a special e-mail program, was closed down from Friday afternoon through Monday morning. "We got a tip-off from a previous break-in victim that our machine had been compromised" Carlson explained. "We took actions immediately based on his information. This included blocking access from off-campus locations, taking the system down and rebuilding it from scratch and installing new security measures.
"We have no reason to believe that any NetID passwords were stolen, but we can't preclude the possibility that this happened," he added. "Therefore, we are asking all people who have accessed CIT mail systems with clear-text passwords since Jan. 25 to change their passwords as a precaution."
"Clear text" refers to sending the password across the Cornell network or the Internet without encryption. Traveler's Mail always uses clear-text passwords. Eudora offers the user a choice to send passwords as clear text or to encrypt them, twisting them into a burst of nonsense characters to foil Internet eavesdroppers.
Cornell supports an encryption system called Kerberos, named for the three-headed dog that guards the gates of Hades in Greek mythology. CIT strongly recommends using Kerberos wherever possible, because e-mail is typically the service people use most often, and without Kerberos, the password is sent over the network in clear text every time an e-mail program checks for new mail.
The preferred way to change a NetID password for PCs and Macs is through the Change Password icon on Bear Access, Carlson said. This has the effect of changing the password for all services associated with a NetID.
Detailed instructions for changing passwords are on the web at http://www.cit.cornell.edu/helpdesk/info/password/how-to-pass.html. Anyone having problems in changing passwords can also contact the CIT HelpDesk at 255-8990 for assistance.
According to Barbara Skoblick, assistant audit director for information technologies, a significant increase in attempted break-ins to campus computers has been seen over the past 12 to 18 months. In part, she said, this may be because system administrators are watching more closely and are reporting incidents more regularly through systems CIT has set up.
"The university is constantly being scanned by would-be hackers," Skoblick said. "Systems on campus are being scanned every day for openings. Most of our system administrators are aware of this and have monitoring programs on their machines that detect scans and attempted break-ins. They know they have to be one step ahead of the hackers. CIT is always looking into ways of improving security across campus. It's an ongoing project with no single solution."
| Cornell Chronicle Front Page | | Table of Contents | | Cornell News Service Home Page |