Well, I’ve spent most of the day trying to determine how someone got into the machine which runs Bullet and changed the password for the demo account.
Alec was a brilliant help here, not only on the phone but via the write(1) command.
Anyway, the upshot was that no-one did get onto the machine. In fact it was software doing what it was designed to do. Unfortunately, this “correct” operation changed when I installed a huge patch cluster the other day. Oh well!
Anyway, thanks to Alec, I now have a set of tools to test the integrity of files on the system using checksums held at Sun and a security lockdown tool call JASS. So it wasn’t a total loss.