[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

mit security note



there's been a lot of pretty malicious hacking on mit machines lately
(apparently mainly from inexperienced hackers from outside mit, who may be
relatively clueless but like using prefab tools to destroy insecure linux
boxes).

so... please if you are not already doing so, be sure to use encrypted
ssh sessions to log into cran, and scp to copy files.  (the general rule:
don't type your password if it's being sent over the net unencrypted.)
if you don't you risk your password getting sniffed, which could allow
someone to log in, trivially exploit some buffer overflow or other security
flaw, and compromise the entire machine from there, not to mention allow use
of it to stage further attacks on the rest of the subnet.

anyway, my subnet seems to not be under intense attack (as opposed to some
others which have been blatantly compromised), and i tend to put at least
a reasonable effort into maintaining security on my machines, so there's no
need to be mega-paranoid; but be careful.  and if you see any suspicious
activity, let me know.

if you're not too familiar with net security issues and want some more info on
how to be on your guard, contact me and i'll give you further info/pointers.

-luka
===
SEUL-Leaders list, seul-leaders-request@seul.mit.edu
===