|   | CIAC Advisory number A- 22NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
 ________________________________________________________________________
 THE COMPUTER INCIDENT ADVISORY CAPABILITY
 
 CIAC
 
 INFORMATION BULLETIN
 ________________________________________________________________________
 
 Logon Messages and Hacker/Cracker Attacks
 
 March 16, 1990, 1200 PST                                        Number A-22
 
 CIAC has published several recent information bulletins and advisory notices
 about hacker/cracker attacks on computers connected to the Internet.  This
 bulletin suggests a strategy for your site that is important for legal reasons.
 In addition, this strategy may help deter some hacking activity.
 
 In many systems a logon screen is displayed during or before the time the user
 is asked to enter a user name and password.   Sometimes this screen contains a
 message which welcomes the potential user to the system.  Court cases involving
 unauthorized use of computing systems may be thrown out because a welcoming
 message was initially displayed.  We strongly recommend, therefore, that (when
 feasible to implement) every machine at your site should display a warning
 message before or during the logon sequence, and that all phrases suggesting
 that users are welcome to use the system be removed.   An example of a warning
 message is the following:
 
 WARNING:  Unauthorized access to this computer system is prohibited, and
 is subject to criminal and civil penalties.
 
 This type of warning message may also discourage casual hackers from intruding
 into a system.
 
 If feasible to implement, it is also important to display to users any failed
 logon attempts on their account, and to inform users who they should contact if
 their account was probed or accessed by someone else.  Finally, we recommend
 that the logon screen should advise users to logout when they are through with a
 session or when they leave their terminal.
 
 For additional information or assistance, please contact CIAC:
 
 Eugene Schultz
 (415) 422-8193 or (FTS) 532-8193
 FAX: (415) 423-0913 or (415) 422-4294
 
 You may also send e-mail to:
 
 [email protected]
 
 Neither the United States Government nor the University of California nor any of
 their employees, makes any warranty, expressed or implied, or assumes any legal
 liability or responsibility for the accuracy, completeness, or usefulness of any
 information, product, or process disclosed, or represents that its use would not
 infringe privately owned rights.  Reference herein to any specific commercial
 products, process, or service by trade name, trademark manufacturer, or
 otherwise, does not necessarily constitute or imply its endorsement,
 recommendation, or favoring by the United States Government or the University of
 California.  The views and opinions of authors expressed herein do not
 necessarily state or reflect those of the United States Government nor the
 University of California, and shall not be used for advertising or product
 endorsement purposes.
 |   |