Under the Button is part of a student-run nonprofit.

Please support us by disabling your ad blocker on our site.

Fail@seas.upenn.edu

computer-hacker-751093

By HEATHER SCHWEDEL

April 25, 2009 at 1:45 pm

Not one, not two, but THREE Penngineers forwarded us a most disconcerting e-mail from the SEAS powers that be, warning students to change their passwords or risk the consequences.  Compromised servers, intruders, encryption: sounds like there's some good old-fashioned intrigue in the normally placid Engineering quad.  (Hmm, we wonder if this has anything to do with the last time SEAS got hacked, the perpetrator of which we hear is serving out his house arrest sentence in a HamCo apartment.)  Check out the e-mail in full:

We all need to change our SEAS passwords, because the SEAS servers were compromised. The intruder probably stole the password file, and with enough time will be able to crack the encryption and recover the passwords. We want new passwords in place before that happens. If your SEAS password is not changed by 5pm Tuesday, April 28th, then we will change it for you to keep your account secure.
Please go to https://www.seas.upenn.edu/accounts/ and select Configure Your SEAS Account then select Change / Reset Password

from the list on the left.

============================================================================ If your SEAS password and your PennKey password were the same, then you will need to change your PennKey password as well, at

https://rosetta.upenn.edu/cgi-bin/websec/websec_authform?app=chgpass_pennkey ============================================================================

The intruder used a "zero day exploit", which means that the machines were compromised the same day that the security patch became available. It was also a "root level exploit", which means that the entire machine was compromised, not just one or two accounts.

The intruder doesn't seem to have looked at the contents of any accounts, or read or sent any mail. The intruder seems to have been confused by our systems administration software, and moved on to simpler prey. However, we are still investigating.

I apologize for the inconvenience and annoyance that this will cause for you. Please contact us (cets@seas) with any questions or concerns that you have.

--- Chip

Remember: never send a password by email

C omputing and | cets@seas.upenn.edu E ducational | http://www.seas.upenn.edu/cets/ T echnology | 164 Levine Building S ervices | 215-898-4707

PennConnects