HASCS Warns: Don't Tell Password

Several Harvard students have received a false e-mail message over the last few days signed "Harvard-FAS Systems Administrator" and asking for their passwords.

"A friend of mine received a message Tuesday night an [America Online] account requesting his password," said Richard B. Osterberg '96.

Osterberg said he immediately posted the e-mail message on the newsgroup harvard.general, warning people that the message was fraudulent. He said he also notified the aol postmaster and Harvard's network and UNIX managers.

Frankline M. Steen, the director of the Harvard Arts and Science Computer Service (HASCS), said HASCS is checking with aol to see if they can identify the person who sent the message.

He said HASCS also put a warning in the message of the day that people should not give out their passwords to anyone.

The message, seen whenever a person logs on to the Harvard network, reads, "WARNING: Your password is private. Never give it to *anyone*--including Systems Administrators--whether by e-mail, phone or in person."

Osperberg and Steen warned that the situation could have serious consequences for people who were tricked into believing the message was real.

"A lot of people could unknowingly send intheir password thinking they were doing the rightthing but log in the next day and find out theiraccount was wiped out and perhaps even that theirpassword had been changed," Osterberg said.

"This is a dangerous situation because...if[the individual] gets any- one's password, he orshe could do damage to the account or oursystems," Steen said.

"Overall we are trying very hard to make peopleaware of the importance of keeping their passwordprivate," Steen said. "If users divulge theirpasswords to others, any security we put in willbe compromised."

Osterberg said he was not sure if people wouldbelieve the message was a hoax.

"I only have confirmation that one person gotit." Osterberg said. ``I would imagine that if oneperson got it, then other people would probablyhave too."

"I'm not sure if people know that it was ahoax," he said. "It is possible that it being theend of the year that people might have sent intheir passwords and not even thought about it andgone home for the summer."

Former president of the Harvard ComputerSociety EugeneE. Kim '96 said it was a good excuse for Harvardto educate its users.

"I think that it's a reminder that not everyoneout there on the net is a good person." Kim said."There are mischievous people out there and it isimportant for Harvard as an Internet provider toeducate its users of such potential dangers suchas giving away your password.

"A lot of people could unknowingly send intheir password thinking they were doing the rightthing but log in the next day and find out theiraccount was wiped out and perhaps even that theirpassword had been changed," Osterberg said.

"This is a dangerous situation because...if[the individual] gets any- one's password, he orshe could do damage to the account or oursystems," Steen said.

"Overall we are trying very hard to make peopleaware of the importance of keeping their passwordprivate," Steen said. "If users divulge theirpasswords to others, any security we put in willbe compromised."

Osterberg said he was not sure if people wouldbelieve the message was a hoax.

"I only have confirmation that one person gotit." Osterberg said. ``I would imagine that if oneperson got it, then other people would probablyhave too."

"I'm not sure if people know that it was ahoax," he said. "It is possible that it being theend of the year that people might have sent intheir passwords and not even thought about it andgone home for the summer."

Former president of the Harvard ComputerSociety EugeneE. Kim '96 said it was a good excuse for Harvardto educate its users.

"I think that it's a reminder that not everyoneout there on the net is a good person." Kim said."There are mischievous people out there and it isimportant for Harvard as an Internet provider toeducate its users of such potential dangers suchas giving away your password.