Bugtraq mailing list archives
Re: Another request for passwords
From: chowes () helix net (Charles Howes)
Date: Sun, 23 Oct 1994 19:55:57 -0700 (PDT)
On Sun, 23 Oct 1994, That Whispering Wolf... wrote:
I got this in the mail today (10-23). Seems like someone is knocking on io.com now.[some deleted]Received: from (helix.net [142.231.37.2]) by trance.helix.net[poof -- more deleted]Do not tell your system administrator. I am conducting an investigation on your system. Thank youAt least one user on one of my systems got a simular message yesterday -- The actual content was different, but along the same lines. In my case, the person said they were hacking accounts, but promised not to hack that user's if they'd send the password file in email. What catches my eye is that the user to which our users were asked to respond was @helix.net, the same host that this mail passed through, above. I dismissed it as a forgery, though, as the message had a umn.edu message ID, instead of a helix.net message ID. I don't know what's going on, but I don't like it. We're safe from this particular threat (aren't shadowed passwords grand?), but I still have to wonder what else is on the horizon.
Event one: A user at umn.edu forges mail (supposedly from helix.net). Event two: A user at helix.net forges mail (supposedly from sfu.ca). Both events designed to cause as much mail as possible to be dumped on the the forge-ee; not to acquire password files. And not a single person sent their password files. It's social engineering, all right, but designed for a less-obvious goal.
[Wonderful -- We've gone from computer hacking to social hacking... What's next?]
Biological hacking. Then atomic hacking. :-) -- Charles Howes -- chowes () helix net Always tell the truth, then you make it the other bloke's problem! - Sean Connery, 1971
Current thread:
- Another request for passwords Douglas R. Floyd (Oct 22)
- Re: Another request for passwords Charles Howes (Oct 23)
- Re: Another request for passwords That Whispering Wolf... (Oct 23)
- Re: Another request for passwords Charles Howes (Oct 23)
- Re: Another request for passwords christopher williams (Oct 24)
- Re: Another request for passwords Brett Watson (Oct 25)
- Re: Another request for passwords Charles Howes (Oct 23)
- Stupid crackers exploiting stupid users der Mouse (Oct 23)
- Re: Stupid crackers exploiting stupid users Peter Van Epp (Oct 23)
- Re: Stupid crackers exploiting stupid users Charles Howes (Oct 23)
- Re: Stupid crackers exploiting stupid users pluvius (Oct 25)
- Re: Stupid crackers exploiting stupid users Charles Howes (Oct 26)
- Sun Mouse Bug David J. Bianco (Oct 26)
- Network Volumetric Analysis (NVA) software Frank R. Swift (Oct 26)