I'm also from CMU. They didn't run any password guessing programs. If people used a password like mp3, they entered it. If it didn't work, they moved on. Some people have lists of passwords for other computers in their shared folders so naturally, they would use those to get into password protected shared folders but they certainly didn't make any real effort to break into anyone's computers. Think about it - if they had, why did they get only 71 of the 250 students? You know almost all of those students had mp3s in shared folders - it's just that the rest of them didn't use mp3 as the password.
Slashdot Mirror
I'm also from CMU. They didn't run any password guessing programs. If people used a password like mp3, they entered it. If it didn't work, they moved on. Some people have lists of passwords for other computers in their shared folders so naturally, they would use those to get into password protected shared folders but they certainly didn't make any real effort to break into anyone's computers. Think about it - if they had, why did they get only 71 of the 250 students? You know almost all of those students had mp3s in shared folders - it's just that the rest of them didn't use mp3 as the password.