From owner-freebsd-security  Mon Jun 24 03:17:32 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id DAA01850
          for security-outgoing; Mon, 24 Jun 1996 03:17:32 -0700 (PDT)
Received: from time.cdrom.com (time.cdrom.com [204.216.27.226])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id DAA01844;
          Mon, 24 Jun 1996 03:17:29 -0700 (PDT)
Received: from time.cdrom.com (localhost [127.0.0.1]) by time.cdrom.com (8.7.5/8.6.9) with ESMTP id DAA11150; Mon, 24 Jun 1996 03:15:51 -0700 (PDT)
To: Ng Pheng Siong <ngps@technet.sg>
cc: Terry Lambert <terry@lambert.org>, guido@gvr.win.tue.nl,
        hackers@FreeBSD.ORG, security@FreeBSD.ORG, ache@FreeBSD.ORG
Subject: Re: I need help on this one - please help me track this guy down! 
In-reply-to: Your message of "Mon, 24 Jun 1996 15:35:01 +0800."
             <Pine.OSF.3.91.960624152743.32448I-100000@einstein.technet.sg> 
Date: Mon, 24 Jun 1996 03:15:51 -0700
Message-ID: <11148.835611351@time.cdrom.com>
From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

We're pretty sure we know how he got in at this point but I'm going
to refrain from saying anything until we have had a chance to talk
with the FreeBSD security officers about this incident.

					Jordan

> On Sun, 23 Jun 1996, Terry Lambert wrote:
> > 1)	Do not believe this.  Assume he got root.
> 
> Fundamental question: how did the intruder get in? Telnet with reuseable
> passwords, or something else?
> 
> Note that the intruder is probably reading these lists. ;)
> 
> - PS
> --
> Ng Pheng Siong <ngps@pacific.net.sg> * Finger for PGP key.
> Pacific Internet Pte Ltd * Singapore
> 
> Fast, secure, cheap. Pick two.
>