[ Thanks to Noel
for this link. ]
“We were using shadow passwords but had been making all of our
connections in the clear. We were not using anything like Kerberos
or Secure Shell to log in with. In hind sight we were also not
really keeping up with all of the publicly announced security
problems. To be fair to us we were all volunteers working in our
spare time and not working full time.”
“That was the situation we were in the day my phone rang. It was
the community network’s executive director, he had been called by
the owner of an ISP who told him that his ISP had been cracked and
that the cracker had been making some of their connections from our
site. They said that this guy was really good and were convinced
that if he was on a site he had cracked it.”
“I was very skeptical, after all how could he have cracked
us, we read bugtraq, we upgraded Sendmail every few months we were
tight, at least that was what I thought then. I was to become much
more humble and experienced over the course of the next few
months.”