Xref: utzoo misc.headlines:2530 comp.sys.dec:593 comp.os.vms:5297
Path: utzoo!mnetor!uunet!lll-winken!lll-lcc!ames!mailrus!tut.cis.ohio-state.edu!bloom-beacon!oberon!sargas.usc.edu!tli
From: tli@sargas.usc.edu (Tony Li)
Newsgroups: misc.headlines,comp.sys.dec,comp.os.vms
Subject: Re: Hacker hits VMS
Message-ID: <7755@oberon.USC.EDU>
Date: 19 Mar 88 20:09:39 GMT
References: <3749@mtgzz.UUCP> <923@cfa.cfa.harvard.EDU>
Sender: news@oberon.USC.EDU
Reply-To: tli@sargas.usc.edu (Tony Li)
Organization: University of Southern California, Los Angeles, CA
Lines: 17
Keywords: DEC, Chaos Computer Club

In article <923@cfa.cfa.harvard.EDU> ward@cfa.harvard.EDU (Steve Ward) writes:
    
    Does anyone know if this is a REAL security hole in VMS or just the
    usual
    1) failure to change default password(s) on sys, maint, user, userp
       accounts as shipped from DEC.
    or
    2) autologins left activated by local sys manager.
    or
    3) other equivalent act of stupidity.

Yes, this is the result of a real hole.  Do you recall the V4.4
SECURESHR bug?
    
Tony Li - USC University Computing Services	"Fene mele kiki bobo"
Uucp: oberon!tli						-- Joe Isuzu
Bitnet: tli@uscvaxq, tli@ramoth
Internet: tli@sargas.usc.edu