FW: SECURITY NOTICE: insecure passwords on your machine

Dick Crane rcrane at snf.stanford.edu
Mon Dec 6 07:21:05 PST 2004


Hi Mary,

We choose option 1 last week with the active participation of Paul J. and Mike D.
The new passwords are posted at the tool or in the tool's logbook.

Dick

Mary Tang wrote:

> Hi all --
>
> Although I know little about these machines, it seems to me that they
> have "bad" passwords because they are general-use machines -- they were
> set up so that anyone who takes a picture on the SEM or the microscope
> can upload their data on the network.  However, the network security
> concerns are serious.  We have this problem (or may have) on other
> systems in the lab as well.  It seems to me that we have a couple of
> ways to approach this:
>
> 1.  Choose better account names and passwords and post these at the
> station.  This is presuming that the security problem is from "outside"
> rather than "inside" the lab.
> 2.  Take the systems off the network.  We should then upgrade these
> systems to accomodate USB keys or other the media of choice.  (This is
> what we did for the CAD PC's.)
>
> Any other suggestions?
>
> Mary
>
> Dick Crane wrote:
>
> >Mike,
> >
> >I'll have them changed tomorrow.
> >
> >Dick
> >
> >Michael Bell wrote:
> >
> >
> >
> >>Mary and Dick,
> >>
> >>I wasn't sure who was responsible for setting the passwords on these two
> >>pieces of equipment, but it appears as though these are general passwords
> >>that are well known and used by a number of people. It would probably make
> >>sense to change both the user "USER" and the password before redistributing
> >>the information. There is a link below that talks about making good
> >>passwords.
> >>
> >>Regards,
> >>
> >>Mike
> >>
> >>-----Original Message-----
> >>From: Information Security [mailto:security at stanford.edu]
> >>Sent: Wednesday, December 01, 2004 6:39 PM
> >>To: michael.bell at stanford.edu
> >>Subject: SECURITY NOTICE: insecure passwords on your machine
> >>
> >>Dear michael.bell at stanford.edu,
> >>
> >>The Stanford campus has been experiencing a series of attacks by viruses
> >>that take advantage of computer accounts with weak passwords.  Below is
> >>a list of Windows computers that have been found to have one or more
> >>accounts with blank or easily guessed passwords.  You are listed as an
> >>administrative contact for these machines (or at least the most recent
> >>person to have been associated with them).
> >>
> >>IP Address      Machine Name                 Vulnerable Accounts
> >>==============  ===========================
> >>==================================
> >>171.64.100.35   snf-sem.Stanford.EDU         User 'USER' has password 'snf'
> >>171.64.101.112  snf-microscope.Stanford.EDU  User 'USER' has password
> >>'stanford'
> >>
> >>To protect your computers and those around you, it is very important
> >>that you set good passwords for *all* the accounts on these machines (the
> >>list provided is not guaranteed to be complete).  For more information on
> >>setting good quality passwords, see:
> >>
> >>http://security.stanford.edu/passwords
> >>
> >>Setting a good password before a break-in takes only a few seconds.
> >>Rebuilding a system after a break-in can take hours, and your lost
> >>data may not be recoverable at all.  A small preventive effort will
> >>significantly lower the possiblity that your machine will be compromised
> >>and will greatly improve the security of the entire Stanford network.
> >>
> >>Thank you for helping to secure Stanford's computing environment.
> >>
> >>Sincerely,
> >>David Hoffman
> >>Information Security
> >>
> >>
>
> --
> Mary X. Tang, Ph.D.
> Stanford Nanofabrication Facility
> CIS Room 136, Mail Code 4070
> Stanford, CA  94305
> (650)723-9980
> mtang at stanford.edu
> http://snf.stanford.edu




More information about the computer mailing list