[87] in bugtraq
Re: Another request for passwords
daemon@ATHENA.MIT.EDU (That Whispering Wolf...)
Sun Oct 23 14:02:34 1994
From: "That Whispering Wolf..." <elfchief@lupine.org>
To: dfloyd@paris.eng.utsa.edu (Douglas R. Floyd)
Date: Sun, 23 Oct 1994 12:24:53 +0000 (BST)
Cc: bugtraq@crimelab.com
In-Reply-To: <9410230054.ZM10281@paris.eng.utsa.edu> from "Douglas R. Floyd" at Oct 23, 94 00:54:14 am
> I got this in the mail today (10-23).
>
> Seems like someone is knocking on io.com now.
[some deleted]
> Received: from (helix.net [142.231.37.2]) by trance.helix.net
[poof -- more deleted]
> Do not tell your system administrator. I am
> conducting an investigation on your system. Thank you
At least one user on one of my systems got a simular message yesterday --
The actual content was different, but along the same lines. In my case,
the person said they were hacking accounts, but promised not to hack that
user's if they'd send the password file in email.
What catches my eye is that the user to which our users were asked to
respond was @helix.net, the same host that this mail passed through,
above. I dismissed it as a forgery, though, as the message had a
umn.edu message ID, instead of a helix.net message ID.
I don't know what's going on, but I don't like it. We're safe from this
particular threat (aren't shadowed passwords grand?), but I still have
to wonder what else is on the horizon.
[Wonderful -- We've gone from computer hacking to social hacking... What's
next?]
