Bugtraq mailing list archives
Problems delivering a message
From: MAILER () BGUVMS BGU AC IL (Automatic answer system)
Date: Fri, 16 Dec 94 4:44 0200
Your message could not be delivered to some or all of it's receipients. The problem is: Too many Received lines headers; Probably a loop. The erronous address was: dubman () ivory bgu ac il If you have problems locating your addressee, try writing to POSTMASTER@BGUVMS or INFO@BGUVMS ----------------------------------- Received: from BGUVMS by black.bgu.ac.il (4.1/SMI-4.1) id AA15365; Fri, 16 Dec 94 04:38:47-020 Errors-To: owner-bugtraq-digest () fc net Received: by BGUVMS via SMTP (HUyMail-V6l); Fri, 16 Dec 94 04:43:58 0200 Received: from BGUVMS by black.bgu.ac.il (4.1/SMI-4.1) id AA15362; Fri, 16 Dec 94 04:38:34-020 Errors-To: owner-bugtraq-digest () fc net Received: by BGUVMS via SMTP (HUyMail-V6l); Fri, 16 Dec 94 04:43:45 0200 Received: from BGUVMS by black.bgu.ac.il (4.1/SMI-4.1) id AA15359; Fri, 16 Dec 94 04:38:21-020 Errors-To: owner-bugtraq-digest () fc net Received: by BGUVMS via SMTP (HUyMail-V6l); Fri, 16 Dec 94 04:43:32 0200 Received: from BGUVMS by black.bgu.ac.il (4.1/SMI-4.1) id AA15356; Fri, 16 Dec 94 04:38:09-020 Errors-To: owner-bugtraq-digest () fc net Received: by BGUVMS via SMTP (HUyMail-V6l); Fri, 16 Dec 94 04:43:20 0200 Received: from BGUVMS by black.bgu.ac.il (4.1/SMI-4.1) id AA15353; Fri, 16 Dec 94 04:37:56-020 Errors-To: owner-bugtraq-digest () fc net Received: by BGUVMS via SMTP (HUyMail-V6l); Fri, 16 Dec 94 04:43:07 0200 Received: from BGUVMS by black.bgu.ac.il (4.1/SMI-4.1) id AA15350; Fri, 16 Dec 94 04:37:44-020 Errors-To: owner-bugtraq-digest () fc net Received: by BGUVMS via SMTP (HUyMail-V6l); Fri, 16 Dec 94 04:42:55 0200 Received: from BGUVMS by black.bgu.ac.il (4.1/SMI-4.1) id AA15347; Fri, 16 Dec 94 04:37:28-020 Errors-To: owner-bugtraq-digest () fc net Received: by BGUVMS via SMTP (HUyMail-V6l); Fri, 16 Dec 94 04:42:39 0200 Received: from BGUVMS by black.bgu.ac.il (4.1/SMI-4.1) id AA15344; Fri, 16 Dec 94 04:37:06-020 Errors-To: owner-bugtraq-digest () fc net Received: by BGUVMS via SMTP (HUyMail-V6l); Fri, 16 Dec 94 04:42:17 0200 Received: from BGUVMS by black.bgu.ac.il (4.1/SMI-4.1) id AA15334; Fri, 16 Dec 94 04:16:18-020 Errors-To: owner-bugtraq-digest () fc net Received: by BGUVMS via SMTP (HUyMail-V6l); Fri, 16 Dec 94 04:21:29 0200 Received: from eandm.co.il (bones.eandm.co.il) by black.bgu.ac.il (4.1/SMI-4.1) id AA15308; Fri, 16 Dec 94 04:11:55-020 Errors-To: owner-bugtraq-digest () fc net Received: from freeside.fc.net by eandm.co.il (4.1/SMI-4.0) id AA08750; Fri, 16 Dec 94 04:11:03 IST Errors-To: owner-bugtraq-digest () fc net Received: (from majordom@localhost) by freeside.fc.net (8.6.8.1/8.6.6) id OAA04881 for bugtraq-digest-outgoing; Thu, 15 Dec 1994 14:11:10 -0600 Date: Thu, 15 Dec 1994 14:11:10 -0600 Message-Id: <199412152011.OAA04881 () freeside fc net> From: owner-bugtraq-digest () fc net To: bugtraq-digest () fc net Subject: bugtraq-digest V1 #71 Reply-To: bugtraq () fc net Errors-To: owner-bugtraq-digest () fc net Precedence: bulk bugtraq-digest Thursday, 15 December 1994 Volume 01 : Number 071 ---------------------------------------------------------------------- From: Pete Hartman <pwh () bradley bradley edu> Date: Tue, 13 Dec 94 10:35:54 -0600 Subject: [none] If people want to rant and argue about security through obscurity and disclosure issues, sign up on disclosure () elmegil bradley edu. The administrative address is disclosure-request () elmegil bradley edu On the other hand if all you want to do is flame people, maybe it should be sent to /dev/null. ------------------------------ From: Casper Dik <casper () fwi uva nl> Date: Tue, 13 Dec 1994 17:40:32 +0100 Subject: Re: SunOS's xterm pb : again !
The pb is : Under SunOS, the terminal devices (/dev/ttyp?) are owned by root, with rights rw-rw-rw-. When you log on the machine, the login process changes the owner of the terminal, so the tty belongs to you, with minimum access rights. BUT when using an xterm, you don't have the permissions to change the owner and access rights of the newly allocated tty. So the device stays owned by root, WORLD READABLE and WORLD WRITEABLE !!! I think this introduces a major security hole...yes, 666 is not the best mode for tty.. :)I've turned this into Sun as a Security problem, as well as a bug. So far the only response I've gotten from Sun is that this problem was opened a while back, but closed as not a bug. Well, I don't see that happening this time since I have way too many SunOS 4.x machines running around. Of course it's 'fixed in the current release of the OS', unless you count SunOS 4.1.4 as current.
Note that if Sun is to fix this problem, cmdtool and shelltool would be higher on the list of applications with the same problem. (Not to mention script and some other programs). Use R5 xterm, you have to install R5 anyway to get a decent X server under SunOS 4.1.x. The System V way of allocating ptys is really superior. Casper ------------------------------ From: jsz () ramon bgu ac il (jsz) Date: Tue, 13 Dec 94 19:28:47 IST Subject: Re: Security through obscurity, etc.
On Tue, 13 Dec 1994, jsz wrote:CERT consists of beaurocrats; 8lgm of posers -- what's a difference, after all?8lgm does not pretend to be god's gift to the net.
True: but IMHO, posting scripts that would add a "+ +" to /.rhosts -- or add a root entry into passwd file are useless; It'd make me respect Neil & Karl, if they didn't post such scripts, and instead would give detailed information about the vulnerability they found. I do respect the amount of work they did already though.
At least you can't use CERT's advisory to crack root on a site, and wipe out important files; 8lgm's advisories were, and in fact are being used for those purposes as well.I am sure this has been said by doozens of people but: If you restrict exploits to the script hackers then only the script hackers will know what they are. In turn, organizations like CERT will not know what they are until some time after the release; when the effects can be exaimed second hand. Pick your posion.
My position is pretty clear: posting a breakin code on public lists causes nothing but chaos, and needless panic. I vote no for full disclosure, I vote for free information -- but without breakin scripts that give you a root prompt. I am interested in statistics how many times 8lgm scripts were used in malicious purposes. Maybe CERT might tell us? B-) Consider it another fruitless noise on bugtraq. ------------------------------ From: Oliver Friedrichs <iceman () MBnet MB CA> Date: Tue, 13 Dec 1994 11:45:57 -0600 (CST) Subject: Re: Security through obscurity, etc. On Tue, 13 Dec 1994, James M. Chacon wrote:
Wrong...I've used the information in CERT advisories to give me a good idea where and what I'm looking for. I've "reverse-engineered" so to speak a fair amount of Cert's announcements into actaul problems I could show people around here. All Cert's announcements do is delay the time people get to even know a bug exists....I'm not really for the 8lgm concept completely, but at least there they don't feel this overwhelming need to not hurt the various manufacturers feelings....
Poor comparison. A script that guarantee's root on a site is equal to a CERT advisory? I don't know which advisories your reading. (send me one?). The difference is too large to even argue about. A CERT advisory doesn't give root to someone on any unprotected system on the Internet. Perhaps 1 in 10 people will figure out the problem, would you rather have 10 out of 10 people be guaranteed to? Think about it. - - Oliver ------------------------------ From: Timothy Newsham <newsham () wiliki eng hawaii edu> Date: Tue, 13 Dec 1994 09:24:04 -1000 (HST) Subject: Re: Stallman and enable-local-variables in bugtraq-digest V1 #64
/* jladwig () soils umn edu writes: */rms has said to me in mail that he "doesn't like security". Would that I (and others) had that luxury.Just because someone doesn't "like" something, doesn't mean they don't understand the need for it. It's a shame anyone *has* to deal with it at all. I'd much rather *not have* to type a password when su'ing, but the consequences of a password-less root are obvious. I don't like having to take the extra time to do it, but the alternative is even less appealing.
Its the mission of the FSF to wedge the philosophies of RMS upon everyone. This is accomplished through writing free software which becomes a defacto standard with dependancies on other free software which must become a defecto standard. I'm not saying they dont do a good job, but disreguarding other people's need for security just because RMS thinks society should be free and open is evil.
~mitch
------------------------------ From: Leo Bicknell <bicknell () ussenterprise async vt edu> Date: Tue, 13 Dec 1994 15:27:15 -0500 (EST) Subject: Re: Security through obscurity, etc.
The difference is too large to even argue about. A CERT advisory doesn't give root to someone on any unprotected system on the Internet. Perhaps 1 in 10 people will figure out the problem, would you rather have 10 out of 10 people be guaranteed to?
It doesn't matter if 1 in 10, or 10 in 10 can get into your site as root. One person with root access, can, in one command obliterate everything on your system. Frankly, I look at it this way. If the advisory doesn't tell you specifically what the problem is, someone will have to go look for it. If they look and find it, this tells me they have some intelegence/experience -- ie might be able to cover up their tracks, at least for a little while. With exploit scripts the odds are some bozo who doesn't know what it is will run it wrong and you'll notice right way because it's such a botched attempt. If one person knows how to get root on my site, I want to know too. And if that means that 10 other people learn in the process that's ok, because knowing is the only way I'll be able to stop that first person from doing something I don't want them to do. Keeping people in the dark only keeps those who don't already know from finding out. Those who do already know are still just as dangerous (if not more so because no one is looking for them). Also, vendors are (in a relative sense) slow to fix problems. As bad as it may sound, things will get fixed a lot faster if someone breaks into 50 of vendor x's systems and makes the news. I've seen vendors not release a patch for months because "no one knew about it". Perhaps a newspaper headline like "50 sites running x wiped out last night" would make them work a little faster. Of course, I wouldn't want it to be my site, but that's a risk you run being on the Internet, at any moment you might be destroyed. - -- Leo Bicknell - bicknell () vt edu | Make a little birdhouse bicknell () csugrad cs vt edu | in your soul...... bicknell () ussenterprise async vt edu | They Might http://ussenterprise.async.vt.edu/~bicknell/ | Be Giants ------------------------------ From: mitch () corp cirrus com (Mitch Wright) Date: Tue, 13 Dec 1994 13:12:38 +0800 Subject: Re: this is interesting... /* dave () esi com au writes: */
On Mon, 12 Dec 1994, Mark wrote:but who identd says is pbergman () netcom com, who's apparently taken it uponWe wont be hearing from that account for a while.Does this mean that IDENTD is actually useful? :-)
Assuming you trust what identd returned. As far as you know it could have been joeuser () netcom com that did it, but was able to trick identd on netcom to return pbergman () netcom com. Given Netcom's track record, I don't think you can rule out this possibility. do svidanya, ~mitch ------------------------------ From: John Ladwig <jladwig () Soils Umn EDU> Date: Tue, 13 Dec 1994 15:27:20 -0600 Subject: Re: Stallman and enable-local-variables in bugtraq-digest V1 #64
On Tue, 13 Dec 1994 09:24:04 -1000 (HST), Timothy Newsham <newsham () wiliki eng hawaii edu> said:
>> >> /* jladwig () soils umn edu writes: */ >> >> >rms has said to me in mail that he "doesn't like security". >> >Would that I (and others) had that luxury. >> > >> Just because someone doesn't "like" something, doesn't mean >> they don't understand the need for it. It's a shame anyone >> *has* to deal with it at all. I'd much rather *not have* to >> type a password when su'ing, but the consequences of a >> password-less root are obvious. I don't like having to take >> the extra time to do it, but the alternative is even less >> appealing. Exactly. TN> Its the mission of the FSF to wedge the philosophies of RMS TN> upon everyone. This is accomplished through writing free TN> software which becomes a defacto standard with dependancies on TN> other free software which must become a defecto standard. I'm TN> not saying they dont do a good job, *Please* let's not get into a big public to-do over FSF philosophy and politics. If you must vent about it, please feel free to do so with me, or privately to others, and not on Bugtraq. TN> but disreguarding other people's need for security just TN> because RMS thinks society should be free and open is evil. Personality aside, I thought it relevant to mention on Bugtraq the philosophical viewpoint of the maintainer of several important software packages. -jml ------------------------------ From: Oliver Friedrichs <iceman () MBnet MB CA> Date: Tue, 13 Dec 1994 15:21:52 -0600 (CST) Subject: Re: Security through obscurity, etc. On Tue, 13 Dec 1994, Leo Bicknell wrote:
It doesn't matter if 1 in 10, or 10 in 10 can get into your site as root. One person with root access, can, in one command obliterate everything on your system.
I've taken this to email.. - - Oliver ------------------------------ From: Kenneth.Kron () EBay Sun COM (Kenneth Kron - Network Security) Date: Tue, 13 Dec 1994 13:40:01 -0800 Subject: Re: Stallman and enable-local-variables Excuse me. I'd just like to point out. It's free. Source is included. The idea is if you don't like it modify it. If you have a bug/rfe send it to the author/distributor. If you have a patch distribute it. That's the "price" you pay for free software. If you use it without reviewing it, you're getting what you paid for. I fully support the right of an other to produce exactly what he/she wants. Those who don't appreciate the product need not accept it. This is now very far off the bugtraq charter. If you'd like to continue this discussion you can flame me in a private email :^). ====================== Kenneth Kron -- Network Security Group kron () aiki ebay sun com
From bugtraq-owner () fc net Tue Dec 13 13:21 PST 1994 From: Timothy Newsham <newsham () wiliki eng hawaii edu> Subject: Re: Stallman and enable-local-variables in bugtraq-digest V1 #64 To: mitch () corp cirrus com (Mitch Wright) Cc: jladwig () soils umn edu, bugtraq () fc net Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="US-ASCII" Content-Length: 944 X-Lines: 21/* jladwig () soils umn edu writes: */rms has said to me in mail that he "doesn't like security". Would that I (and others) had that luxury.Just because someone doesn't "like" something, doesn't mean they don't understand the need for it. It's a shame anyone *has* to deal with it at all. I'd much rather *not have* to type a password when su'ing, but the consequences of a password-less root are obvious. I don't like having to take the extra time to do it, but the alternative is even less appealing.Its the mission of the FSF to wedge the philosophies of RMS upon everyone. This is accomplished through writing free software which becomes a defacto standard with dependancies on other free software which must become a defecto standard. I'm not saying they dont do a good job, but disreguarding other people's need for security just because RMS thinks society should be free and open is evil.~mitch
------------------------------ From: Jason Matthews <jason () dickory SDSU Edu> Date: Tue, 13 Dec 1994 14:24:02 -0800 (PST) Subject: Re: this is interesting... yeah, I got the same message. On Mon, 12 Dec 1994, *Hobbit* wrote:
I'm getting mail spammery from someone claiming to be ghoast () gnu ai mit edu but who identd says is pbergman () netcom com, who's apparently taken it upon himself to become a net-cop and WARN any sites from which I may have posted to alt.2600, ever, in the past, that I'm a walking security hole. Oh my. I wonder how many messages are landing in postmaster () anon penet fi's mailbox.. _H*
------------------------------ From: mlvyxk01 () ntmtv com (Stagiaire Yacine Kheddache) Date: Tue, 13 Dec 94 18:51:06 +0100 Subject: Need Info. Hi Who can I receive your digest and could you send me some further more informations on your stuff. Yours. ------------------------------ From: der Mouse <mouse () Collatz McRCIM McGill EDU> Date: Tue, 13 Dec 1994 19:52:08 -0500 Subject: Re: SunOS's xterm pb : again !
[...ownership and permissions of /dev/ttyp*, as they affect security of non-setuid xterm...][...]
The System V way of allocating ptys is really superior.
Which way is that? The one that gave us pt_chmod, or was it pt_chown? (Sorry, cheap shot.) Seriously, speaking as an application author, I have been unable to perceive a "System V way of allocating ptys". I have one piece of code that allocates ptys the Berkeley way, and it works with zero changes on every Berkeley-based system I've encountered. I have one more piece of code for _each_ SysV variant I've managed to port pty-allocating code to. Each one seems to have invented its own way of allocating ptys, all incompatible and all documented as being the only supported way ("other methods may not be supported in future releases" is a typical phrase). Sometimes, even, different releases of the same OS use different and incompatible ways. Whatever its technical flaws may be, the Berkeley way has the advantage of being significantly less nonportable. At least one SV-based system I've seen has arranged for BSD-style pty allocation to work, or at least claims to have; I didn't put it to the test. As for relevance to bugtraq, well, when every vendor is inventing its own way, sometimes re-inventing it for each release, guess what that does to the bug density :-) der Mouse mouse () collatz mcrcim mcgill edu ------------------------------ From: sameer <sameer () c2 org> Date: Tue, 13 Dec 1994 20:30:49 -0800 (PST) Subject: Re: this is interesting...
Gee, last time I reported cracking activity to netcom they emailed me with a note that basicly blew me off saying for me to fix he holes at my site and they they do not have any security problems.
Last time I reported activity to netcom they told me that all their logs were nuked for that week, because of some problem they were having.. - -- sameer Voice: 510-841-2014 Network Administrator Pager: 510-321-1014 Community ConneXion: The NEXUS-Berkeley Dialin: 510-549-1383 http://www.c2.org (or login as "guest") sameer () c2 org ------------------------------ From: "Paul 'Shag' Walmsley" <ccshag () cclabs missouri edu> Date: Tue, 13 Dec 1994 23:20:54 -0600 (CST) Subject: Re: 8lgm's SCO "at" hole On Sat, 10 Dec 1994, Steinar Haug wrote:
In HP-UX 9.05 getcwd() traverses the path upwards - it does *not* use popen(). getwd() doesn't exist.
IRIX 5.2 also traverses the tree upwards for getcwd(). - - Paul "Shag" Walmsley <ccshag () everest cclabs missouri edu> "The only difference between myself and a madman is that I am not mad." - Salvador Dali ------------------------------ From: "Paul 'Shag' Walmsley" <ccshag () cclabs missouri edu> Date: Wed, 14 Dec 1994 01:00:50 -0600 (CST) Subject: Re: Stallman and enable-local-variables in bugtraq-digest V1 #64 On Tue, 13 Dec 1994, Timothy Newsham wrote:
/* jladwig () soils umn edu writes: */rms has said to me in mail that he "doesn't like security". Would that I (and others) had that luxury.Just because someone doesn't "like" something, doesn't mean they don't understand the need for it. It's a shame anyone *has* to deal with it at all. I'd much rather *not have* to type a password when su'ing, but the consequences of a password-less root are obvious. I don't like having to take the extra time to do it, but the alternative is even less appealing.Its the mission of the FSF to wedge the philosophies of RMS upon everyone. This is accomplished through writing free software which becomes a defacto standard with dependancies on other free software which must become a defecto standard. I'm not saying they dont do a good job, but disreguarding other people's need for security just because RMS thinks society should be free and open is evil.
By the same token, couldn't one say that it is the mission of Bugtraq to wedge the philosophies of full disclosure upon everyone? Authors of free software really don't have to pander to anyone's needs other than their own; if you think some aspect of what they produce is flawed, you're welcome to fix/enhance it. - - Paul "Shag" Walmsley <ccshag () everest cclabs missouri edu> "The only difference between myself and a madman is that I am not mad." - Salvador Dali ------------------------------ From: hobbit () bronze lcs mit edu (*Hobbit*) Date: Wed, 14 Dec 1994 06:58:02 -0500 Subject: toward a binmail replacement I've done some minor hacks to 44bsd mail.local so it runs on sunos, and it seems to be working as I type... has anyone else already done this, possibly more elegantly than I would, and I just missed any announcements? If not, I'll hang my dinked source out on the net for other folks to grab and beat on. _H* ------------------------------ From: "Michael S. Hines" <MSHINES () freh-02 adpc purdue edu> Date: 14 Dec 94 07:59:27 EST Subject: Re: this is interesting... Pete Shipley says ...
Gee, last time I reported cracking activity to netcom they emailed me with a note that basicly blew me off saying for me to fix he holes at my site and they they do not have any security problems. I fixed this by just blocking all IP traffic from *.netcom.com, (and letting email get delivered via. a MX host) since almost every time someone would telnet/rlogin from *.netcom.com their passwd would be stolen.
And a message yesterday to bobr () netcom com got a reply from the vacation program saying he was away for a while and would read his mail when he returned.... lots a luck!!! - ---------------------------------------------------------------------- Internet: mshines () ia purdue edu | Michael S. Hines Bitnet: michaelh@purccvm | Sr. Information Systems Auditor Purdue WIZARD Mail: MSHINES | Purdue University GTE Net Voice: (317) 494-5845 | 1065 Freehafer Hall GTE Net FAX: (317) 496-1814 | West Lafayette, IN 47907-1065 CompuServe: 73240,1631 | ------------------------------ From: "Jim Littlefield" <little () ragnarok hks com> Date: Wed, 14 Dec 1994 08:17:22 -0500 Subject: Re: Security through obscurity, etc. On Dec 13, 9:04am, James M. Chacon wrote: : : ....I'm not really for the 8lgm concept completely, but at least : there they don't feel this overwhelming need to not hurt the various : manufacturers feelings.... 8lgm gives the vendor some "incentive" to correct the problem in a timely manner, unlike CERT where the problem is reported only to the affected vendors. We never hear a peep until (a) we find the same bug as a result of a breakin of our site, or (b) CERT announces that the vendor (months/years later) has a fix available. Sorry folks, I'll take (c) 8lgm (or equivalent) providing full disclosure. The initial announcement means a scramble to disable/work around the problem, but at least I know if my systems are vulnerable. - -- Jim Littlefield "I've got a bad feeling about this..." -- Han Solo <little () hks com> ------------------------------ From: long-morrow () CS YALE EDU (H Morrow Long) Date: Wed, 14 Dec 1994 13:27:42 -0500 Subject: Re: this is interesting... shipley () merde dis org (Pete Shipley) wrote:
Gee, last time I reported cracking activity to netcom they emailed me with a note that basicly blew me off saying for me to fix he holes at my site and they they do not have any security problems.
sameer <sameer () c2 org> wrote:
Last time I reported activity to netcom they told me that all their logs were nuked for that week, because of some problem they were having..
I don't know... I got a nice note back from them in response to a forwarded copy of a spam to a bunch of mailing lists by a user at their site (the actuary () ix netcom com "Choice Trading Company, Court Appointed Liquidators" spam): |Thank you for your report. This user has been permanently removed |from the system for abuse of Usenet and mailing lists. We apologize |for any inconvenience that was caused. | |Margaret H. Morrow Long, Mgr of Dev., Yale Univ., Comp Sci Dept, 011 AKW, New Haven, CT 06520-8285, VOICE: (203)-432-{1248,1254} FAX: (203)-432-0593 INET: Long-Morrow () CS Yale EDU UUCP: yale!Long-Morrow BITNET: Long-Morrow@YaleCS WWW: http://www.cs.yale.edu/HTML/YALE/CS/HyPlans/long-morrow.html ------------------------------ From: hoodr () hoodr slip netcom com Date: Wed, 14 Dec 1994 21:42:49 +0000 Subject: Re: this is interesting...
shipley () merde dis org (Pete Shipley) wrote:Gee, last time I reported cracking activity to netcom they emailed me with a note that basicly blew me off saying for me to fix he holes at my site and they they do not have any security problems.
Ah...you've met Bruce :-) On a more serious note, we do take security VERY seriously at NETCOM. At times we get too busy to handle some events, so I appologize to those who get dropped. With 40,000 to 50,000 customers, security/spamming incedents are happening every day now. For those who are interested, we are hiring sysadmins, network admins, and I believe we have a position open for a security person too. Send me a resume at work (hoodr () netcom com), and I will make sure it gets seen by the appropriate people.
sameer <sameer () c2 org> wrote:Last time I reported activity to netcom they told me that all their logs were nuked for that week, because of some problem they were having..
When we run low on disk space, logs are usually the first to go. We are currently up to 2.2 GIGs of logs every week (and thats just the shell accounts)!
I don't know... I got a nice note back from them in response to a forwarded copy of a spam to a bunch of mailing lists by a user at their site (the actuary () ix netcom com "Choice Trading Company, Court Appointed Liquidators" spam):
------------------------------ From: hoodr () hoodr slip netcom com Date: Wed, 14 Dec 1994 21:44:50 +0000 Subject: Re: this is interesting...
Pete Shipley says ...Gee, last time I reported cracking activity to netcom they emailed me with a note that basicly blew me off saying for me to fix he holes at my site and they they do not have any security problems. I fixed this by just blocking all IP traffic from *.netcom.com, (and letting email get delivered via. a MX host) since almost every time someone would telnet/rlogin from *.netcom.com their passwd would be stolen.And a message yesterday to bobr () netcom com got a reply from the vacation program saying he was away for a while and would read his mail when he returned.... lots a luck!!!
Bobr is the wrong person to send this stuff to. If you read the vacation message, it will tell you where to send it. You can send your spamming problems to netmail () netcom com, and security incedents to me at hoodr () netcom com. ------------------------------ From: alex () c3ot saic com (Alex Tosheff) Date: Thu, 15 Dec 94 12:05:32 PST Subject: UNSUBSCRIBE UNSCUBSCRIBE ------------------------------ End of bugtraq-digest V1 #71 ****************************
Current thread:
- Problems delivering a message Automatic answer system (Dec 15)