and Jorie Green Wharton senior Melanie Parr was surprised yesterday when she logged onto PennNet with the name "Mr. Magoo" and with "some piece of profanity" as a password. Since Friday night, computer users on and off campus have been able to gain access into the University's computer network without entering a valid name or password. PennNet allows users to enter the library system, as well as sites from other schools and organizations. Servers such as "mail.sas" and "eniac.seas" require secondary verification. "I was off by a letter when typing my name," Parr said. "When the system let me through, I realized something was wrong." After successfully logging in with different combinations of names and passwords, Parr posted her discovery to the newsgroup "upenn.talk". Other users confirmed the fact that anyone with a modem would be able to enter PennNet and gain free Internet access. But Data Communications and Computing Services has remedied the security breach -- at least for the time being. George McKenna, who directs network operations for DCCS, explained that a virus attacked the authentication software that verifies users' passwords. Until the problem could be fixed, DCCS officials were faced with a tough decision: either deny access to a large number of authentic users, or allow free roam of PennNet. Ultimately, the authentication software was designed to risk security infractions instead of excluding a potentially large pool of users from accessing PennNet. But last night, DCCS restructured the software's process of authenticating codes until the department could tackle the real problem -- the virus. McKenna was unable to estimate when the bug will be removed from the system. But he said that since the revamped software went into effect at 6:15 p.m. last night, there is only a "slim chance" that a computer user would be able to enter PennNet without an authorized password. Some students with valid codes may find themselves turned away from the system, however. McKenna also said that it is unlikely that many unauthorized users accessed PennNet during the four-day security lapse. The number of users who entered the modem pool was about average during the weekend -- approximately 20,000. "It wasn't well-publicized in hackers' newsgroups; it wasn't on any public bulletin boards," he said. McKenna said the post about the problem in "upenn.talk" did not concern him. "People who get to "upenn.talk" are most certainly authenticated users," he said.
The Daily Pennsylvanian is an independent, student-run newspaper. Please consider making a donation to support the coverage that shapes the University. Your generosity ensures a future of strong journalism at Penn.
DonatePlease note All comments are eligible for publication in The Daily Pennsylvanian.