Computer Society Discusses Security on Network

George Orwell's predictions about an omnipresent Big Brother in his novel 1984 didn't come true ten years ago. But Orwell may not have been off by much.

Members of the Harvard Computer Society (HCS) say it is now possible for Big Brother figures to monitor students' actions on the Harvard High Speed Data Network.

At a seminar last night titled, "Avoiding Big Brother," HCS, the largest student run computer organization on campus, discussed the reliability and security of the network.

The seminar, designed to increase information on security issues, reviewed how students can tell if someone has broken into their account, read their mail or sent them fake e-mail.

"Most people aren't aware of all the things that can happen on the network, and we want people to be aware of the possibilities," said Eugene E. Kim '96, president of HCS.

Greg F. Corbett '96 talked about how one's actions on the network can be monitored.

Anyone with enough technical ability can figure out when and where someone has logged on and what programs that person has used.

People can also determine when two students logged on simultaneously are talking to each other. Sometimes it is possible to discover who students are e-mailing, Corbett said.

A person can also set a "computer watch" to track and notify when a specific person logs on or off the network.

"I've heard it's possible to monitor conversations with other people through the talk command, though I

don't know it's done," Corbett said.

If one has the root access password to theHarvard system, then they can "do anything theywant," including reading people's e-mail, Kimsaid.

But Kim said the only people who have rootaccess are high ranking administrators in theHarvard Arts and Sciences Computer Services. Theseofficials use the password to solve problems andthey are "pretty trustworthy," Kim said.

If one figures out a person's password, Kimsaid, then that person can obtain all accessprivileges to the account.

But even if one merely forgets to logout,another person can enter the account and can loginto that person's account whenever he wants withfive simple commands. That person can even haveall mail received by the first personautomatically forwarded to him.

Kim says the easiest way to prevent someonefrom breaking into one's account is to be surealways to logout.

"Anytime you walk into the terminal room, youwill find terminals up where people haven't loggedout," Kim said.

Kim also advised users to pick passwords thatcan't be decoded by commercial programs on themarket. Kim recommended using a mixture oflowercase and capital letters, a mixture ofletters and numbers and changing passwords eachmonth.

Phil Cartagena '96, another member of HCS,spoke about how to send fake e-mail and how torecognize if e-mail is fake.

For obvious security reasons, he didn't revealexactly how to send fake e-mail. But he said it ispossible to recognize fake e-mail by the headerson elm and mail programs

don't know it's done," Corbett said.

If one has the root access password to theHarvard system, then they can "do anything theywant," including reading people's e-mail, Kimsaid.

But Kim said the only people who have rootaccess are high ranking administrators in theHarvard Arts and Sciences Computer Services. Theseofficials use the password to solve problems andthey are "pretty trustworthy," Kim said.

If one figures out a person's password, Kimsaid, then that person can obtain all accessprivileges to the account.

But even if one merely forgets to logout,another person can enter the account and can loginto that person's account whenever he wants withfive simple commands. That person can even haveall mail received by the first personautomatically forwarded to him.

Kim says the easiest way to prevent someonefrom breaking into one's account is to be surealways to logout.

"Anytime you walk into the terminal room, youwill find terminals up where people haven't loggedout," Kim said.

Kim also advised users to pick passwords thatcan't be decoded by commercial programs on themarket. Kim recommended using a mixture oflowercase and capital letters, a mixture ofletters and numbers and changing passwords eachmonth.

Phil Cartagena '96, another member of HCS,spoke about how to send fake e-mail and how torecognize if e-mail is fake.

For obvious security reasons, he didn't revealexactly how to send fake e-mail. But he said it ispossible to recognize fake e-mail by the headerson elm and mail programs