Internet access to Jefferson Lab was interrupted from noon August 22 until
9:00 am (EDT), August 27, as a result of a security intrusion. As a
consequence, passwords for all user accounts at the laboratory have been
changed. Fortunately, the only significant effects have been the network
interruption, the need to change all passwords, the time spent on the part
of staff and Users, and the enhanced security discussed below.
The Computer Center wishes to thank two Users, Bill Bertozzi and
Sergey Malov, and staff member Steve Wood for their rapid communication
of unusal behavior on two standalone systems, one on-site and one off-site,
that percipatated the quick response that limited the potential spread of
the intrusion.
Users with computer accounts at Jefferson Lab should contact either Karen
Hokansson (757-269-5111) or Gladys Smith (757-269-7586) of the User
Liaison Office to obtain a new password. Users must provide the information
listed below when calling the ULO for a new password. Upon confirmation of
their identity, the ULO will provide the user with their new password. If a
user's identity cannot be confirmed via this method, ULO personnel will work
with the User to locate a third party to assist with verification.
Users must provide:
1. The name of their group's principal investigator.
2. The name of his/her Jefferson Lab sponsor.
3. Their social security number/passport number.
4. Their Jefferson Lab badge number.
Below are several items that many users may need to know. Please take a few
moments to review those that apply to you.
> Please change your password. Select a secure password (8 characters, no
word in a dictionary, insert numbers in the middle). DO NOT USE A
PASSWORD THAT YOU HAVE USED BEFORE AT JEFFERSON LAB. DO NOT USE A
PASSWORD THAT YOU USE AT ANY OFF-SITE LOCATION. After receiving your
new temporary password, you should change your password on CEBAF1 or
CEBAF2, and then on any one of of the Common UNIX Environment
(CUE) systems (db1, jlabs1, jlabh1, etc.). On CEBAF1, you will be
prompted to change your password. On a CUE system such as db1, you
must issue the command: passwd
> Users who access Jefferson Lab from remote sites: We are restoring
Internet access in a restricted fashion. Only the following systems
will be directly visible to the Internet:
cebaf1/2 jlabxn (i.e. jlabs1/2/3/4, jlaba1/2, jlabh1/2/3
cebaf4 web1 (www.jlab.org)
micro1/2/3/4 All registered web servers (for web access only)
> Off-site users will still be able to access other systems on the site, but
only by first logging in through one of the above systems. (Please note
that
outgoing telnet, web accesses, etc. are not restricted--only incoming
accesses.) Beginning Tuesday, Sept. 2, users with other on-site systems
needing direct access to their system from the Internet may request this
using the WAN Access Request Form (available 9/2/97) and the request will
be considered on an individual basis.
> If you logged on to another site FROM Jefferson Lab during the
week of August 17, there is some possibility that your password at the
remote institution may also be compromised. You should change that
password, inspect the remote system, and potentially alert the computing
staff at that site.
> Users running other Standalone UNIX systems (including Linux) at
Jefferson Lab: You must register your standalone system in order for
the IP address to be activated. All Linux systems must be inspected before
their IP address will be activated.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
REMINDER MESSAGE ON DNP97 MEETING
Message to members of The American Physical Society's Division of
Nuclear Physics, authorized by Ben Gibson, Sec/Treas., DNP.
*****************************************
DNP97 HOUSING REMINDER
The DEADLINE for hotel reservations for the DNP97 meeting is
5 September. PLEASE MAKE YOUR RESERVATIONS BEFORE THAT
DATE TO INSURE OBTAINING A ROOM AND THE CONFERENCE RATE!
For hotel reservations contact the Chateau Whistler Resort,
Reservations Department, 4599 Chateau Boulevard, Whistler, B.C.
V0N 1B4, Canada. Telephone: 604-938-2010 , FAX: 604-938-2055 ,
e-mail: cwrres@cwr.mhs.compuserve.com
To view the program of DNP97 in advance, please go to the APS
home page [http://www.aps.org] . To extract the file via ftp
[ftp aps.org ; login anonymous ; cd pub/baps/dnp_97] . At the
prompt, type "mget *". Type "quit" to exit.