From: shamrock@netcom.com (Lucky Green)
Date: Sun, 11 Dec 94 17:10:40 PST
To: cypherpunks@toad.com
Subject: Re: Storm Brewing Over Forged Bob Rae Posting?
Message-ID: <v01510100ab11478ccf80@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


Tim wrote:

>In yet another piece of news, Netcom has apparently been
>hacked/attacked rather badly. The "netcom.general" discussion group
>(local to Netcom) is filled with garbage posts, forged posts,
>cancelled articles, etc. Messages about "root" being forged appeared,
>then disappeared. Netcom is quiet on this, but has been running
>"crack" on all of their machines for the last several days--apparently
>to (somehow?) help to find security flaws....I have no idea why
>running crack to find weak passwords of users is such a high priority.
>Maybe the apparent attack is related, maybe not.

Netcom has unauthorized access problems for the longest time. My account
has been deleted three times in as many months. Neither sysadmin nor
accounting had any explanation or record of the deletion. No, I didn't owe
them money. This has not been an isolated incident (see the article about
Netcom under the fitting title "Sysadmins without a clue" in the Summer '94
issue of 2600).

Netcom states in their announcement in netcom.announce that the passwords
compromised were of a type that could be found in a dictionary attack. This
would explain why they are running crack. Seems someone else has run crack
before them. It also seems that root@netcom.com made the mistake of
choosing a pw that is subject to a dictionary attack. Well, sysadmins
without a clue.




-- Lucky Green <shamrock@netcom.com>
   PGP encrypted mail preferred.