On Sun, 23 Oct 1994, That Whispering Wolf... wrote: > > I got this in the mail today (10-23). > > > > Seems like someone is knocking on io.com now. > [some deleted] > > Received: from (helix.net [142.231.37.2]) by trance.helix.net > [poof -- more deleted] > > Do not tell your system administrator. I am > > conducting an investigation on your system. Thank you > > At least one user on one of my systems got a simular message yesterday -- > The actual content was different, but along the same lines. In my case, > the person said they were hacking accounts, but promised not to hack that > user's if they'd send the password file in email. > > What catches my eye is that the user to which our users were asked to > respond was @helix.net, the same host that this mail passed through, > above. I dismissed it as a forgery, though, as the message had a > umn.edu message ID, instead of a helix.net message ID. > > I don't know what's going on, but I don't like it. We're safe from this > particular threat (aren't shadowed passwords grand?), but I still have > to wonder what else is on the horizon. Event one: A user at umn.edu forges mail (supposedly from helix.net). Event two: A user at helix.net forges mail (supposedly from sfu.ca). Both events designed to cause as much mail as possible to be dumped on the the forge-ee; not to acquire password files. And not a single person sent their password files. It's social engineering, all right, but designed for a less-obvious goal. > [Wonderful -- We've gone from computer hacking to social hacking... What's > next?] Biological hacking. Then atomic hacking. :-) -- Charles Howes -- chowes@helix.net Always tell the truth, then you make it the other bloke's problem! - Sean Connery, 1971