Re: Another request for passwords
Charles Howes (chowes@helix.net)
Sun, 23 Oct 1994 19:55:57 -0700 (PDT)
On Sun, 23 Oct 1994, That Whispering Wolf... wrote:
> > I got this in the mail today (10-23).
> >
> > Seems like someone is knocking on io.com now.
> [some deleted]
> > Received: from (helix.net [142.231.37.2]) by trance.helix.net
> [poof -- more deleted]
> > Do not tell your system administrator. I am
> > conducting an investigation on your system. Thank you
>
> At least one user on one of my systems got a simular message yesterday --
> The actual content was different, but along the same lines. In my case,
> the person said they were hacking accounts, but promised not to hack that
> user's if they'd send the password file in email.
>
> What catches my eye is that the user to which our users were asked to
> respond was @helix.net, the same host that this mail passed through,
> above. I dismissed it as a forgery, though, as the message had a
> umn.edu message ID, instead of a helix.net message ID.
>
> I don't know what's going on, but I don't like it. We're safe from this
> particular threat (aren't shadowed passwords grand?), but I still have
> to wonder what else is on the horizon.
Event one: A user at umn.edu forges mail (supposedly from helix.net).
Event two: A user at helix.net forges mail (supposedly from sfu.ca).
Both events designed to cause as much mail as possible to be dumped
on the the forge-ee; not to acquire password files. And not a
single person sent their password files. It's social engineering,
all right, but designed for a less-obvious goal.
> [Wonderful -- We've gone from computer hacking to social hacking... What's
> next?]
Biological hacking. Then atomic hacking. :-)
--
Charles Howes -- chowes@helix.net
Always tell the truth, then you make it the other bloke's problem!
- Sean Connery, 1971