The newest edition to our IT Department (he's been in Tech Support for 3 years) emailed me this afternoon (full email below). I didn't believe him at first so I telneted to on of our TC boxes and when prompted with "Login:" I typed adm and pressed Enter. HOLY COW! It said "Hiper:" and I had full access. I'm curious as to how many people on this list were vulnerable like us (we have 20 TC boxes throughout Southeast Missouri). Brian Brian Becker President, Poplar Bluff Internet, Inc. P.O. Box 190 | Poplar Bluff, MO 63902 | 573.686.9114 Home of http://semo.net - Southeast Missouri's Online Community http://TotallyFabricated.com Total Scrutinizer - Tech Support Just Got Easier WebGabber - All-html Web Chat Software -----Original Message----- From: Adam Barnhill Sent: Tuesday, July 24, 2001 6:41 PM To: ---interoffice DataComm List--- Subject: [datacomm] Secret access to TCs It has come to my attention that our TCs were vulnerable to anyone's attack. User : adm Would allow access to manage and login to our TCs. The fix was easy. Just 'del user adm' and then 'save all' (thanx Brian) I was actually searching for TC command references, and happened upon ;) a hack list of default and backdoor passwords. The link I originally found a hack article on is http://the.wiretapped.net/security/info/textfiles/k1ine_11.txt and the password list is in that tree somewhere.. Lots of backdoors for other RAS, switches, hubs and other.. Adam Barnhill Systems Technician / IT Dept. Semo.net / Poplar Bluff Internet, Inc. 1(877)686-9114 http://semo.net/ _______________________________________________ datacomm mailing list datacomm@lists.semo.net http://lists.semo.net/mailman/listinfo/datacomm - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.