FW: SECURITY NOTICE: insecure passwords on your machine

Michael Bell michael.bell at stanford.edu
Thu Dec 2 09:31:12 PST 2004


Mary and Dick,

I wasn't sure who was responsible for setting the passwords on these two
pieces of equipment, but it appears as though these are general passwords
that are well known and used by a number of people. It would probably make
sense to change both the user "USER" and the password before redistributing
the information. There is a link below that talks about making good
passwords.

Regards,

Mike

-----Original Message-----
From: Information Security [mailto:security at stanford.edu]
Sent: Wednesday, December 01, 2004 6:39 PM
To: michael.bell at stanford.edu
Subject: SECURITY NOTICE: insecure passwords on your machine


Dear michael.bell at stanford.edu,

The Stanford campus has been experiencing a series of attacks by viruses
that take advantage of computer accounts with weak passwords.  Below is
a list of Windows computers that have been found to have one or more
accounts with blank or easily guessed passwords.  You are listed as an
administrative contact for these machines (or at least the most recent
person to have been associated with them).

IP Address      Machine Name                 Vulnerable Accounts
==============  ===========================
==================================
171.64.100.35   snf-sem.Stanford.EDU         User 'USER' has password 'snf'
171.64.101.112  snf-microscope.Stanford.EDU  User 'USER' has password
'stanford'

To protect your computers and those around you, it is very important
that you set good passwords for *all* the accounts on these machines (the
list provided is not guaranteed to be complete).  For more information on
setting good quality passwords, see:

http://security.stanford.edu/passwords

Setting a good password before a break-in takes only a few seconds.
Rebuilding a system after a break-in can take hours, and your lost
data may not be recoverable at all.  A small preventive effort will
significantly lower the possiblity that your machine will be compromised
and will greatly improve the security of the entire Stanford network.

Thank you for helping to secure Stanford's computing environment.

Sincerely,
David Hoffman
Information Security




More information about the computer mailing list