The EIES Legacy invited hacked since 1978, our first hacker, was connecting to random addresses on TelEnet, an international preinternet network, when we hit EIES, which unlike most systems of the day was friendly, is said "Welcome, Name or number?", he answered "John" which was his name, the system responded, "access code?", he typed something and the system responded, "Access code is incorrect. Type ? for help.". He typed "?" and was given an explanation of access codes, how they were assigned etc., and "Often your initials are used for your initial access code." He tried his initials, no go, "ja", "jb", Eurika====, he became John Boyde who had no used his account, The hacker chose choice 5 for the directory and found a user whose account had been established and unused for a long time, signed on using the initials and charnge the identity and screen name to his alias.

Ever since then, it seems about every 9 months or so we have had hackers at our door. Usually it meant shutting down development and rebuilding all our machines at a tremendous cost. It was not fun. They left Trojans in the system so once in they were in, without a full time system administrator there is no way of keeping them out indefinitely.

Last week, we had a web service hack attack, exploiting "holes" cause by improper installation of public domain software they allowed hackers to infest their server use it for gateway over indosat for Islamic messages on a secrete pirate IRC network they install on the server.

If you use public domain tools on your web servers and are not a security expert, be sure to have a quality company like XanthusInc do a security audit for you so that your company is not culpable in the InformationWar==== XanthusInc offers Gigahertz security managed servers for as little as $300 per month.

Are you endorsing broadening the scope of "culpability" or merely calling attention to the de-jure reality of it?

 'just calling attention to it.'

You are lucky it was terrorists types and not the child porn traders. That's a common trick for any of the warez pirates and others who wish to remain out of site. Supposedly, organized crime of a less nihilistic nature is now also doing so for the money that can be made in the exchange of 'illicit' data, but that's just rumors buzzing around as far as I know.

Did you call in the FBI, or just rebuild your system? It does sound like something they would be interested in. The originating IPs, who and what being exchanged, etc.

There are only a few major tips for most people computing on networks to stay as safe and secure as they can. They are:

1. ) Never leave accounts and applications set to the defaults.
2. ) Keep your system and applications up to date on patches.
3. ) Scan everything, even safe looking attachments from friends.

You stick to those 3 rules, you tend to stay safe. There are still lots of other gotchas, of course, but the average user shouldn't need them. Now, the average network administrator on the other hand... ;) ---StarPilot