Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site ucbvax.BERKELEY.EDU
Path: utzoo!watmath!clyde!cbosgd!ucbvax!info-vax
From: jrm%computer-science.strathclyde.ac.uk@CS.UCL.AC.UK
Newsgroups: mod.computers.vax
Subject: Security bug
Message-ID: <8601241057.AA22688@stracs.cs.strath.ac.uk>
Date: Fri, 24-Jan-86 05:57:47 EST
Article-I.D.: stracs.8601241057.AA22688
Posted: Fri Jan 24 05:57:47 1986
Date-Received: Wed, 29-Jan-86 04:32:23 EST
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 16
Approved: info-vax@sri-kl.arpa

Howdy, Malone @ Strathclyde University Scotland here.
We are having a devil of a time with Ugrads breaking the security on
our VMS 4 cluster of 3 782's.  Can anyone out there suggest what to do ?
The system logs have been checked and do not appear abnormal.
The hackers appear to have a fairly high security clearance as they can 
mod the login files and directories of any of the users in a given
sub-tree.
How do we spot when this is happening.  We believe we have tried the
obvious.
I am not on this net, and send this message as a service for a 
co-ordinator who is going white overnight !
Private return mail would be appreciated.  I relalise that there are
some problems with explaining specific security bugs over a line -
how do U know who I am ?
But a paper mail address or phone number would be VERY much appreciated
Jon