Re: Another request for passwords

[chowes () helix net (Charles Howes)]

On Sun, 23 Oct 1994, That Whispering Wolf... wrote:

> > I got this in the mail today (10-23).
> >
> > Seems like someone is knocking on io.com now.
> [some deleted]
> > Received: from  (helix.net [142.231.37.2]) by trance.helix.net
> [poof -- more deleted]
> > Do not tell your system administrator.  I am
> > conducting an investigation on your system.  Thank you
>
> At least one user on one of my systems got a simular message yesterday --
> The actual content was different, but along the same lines. In my case,
> the person said they were hacking accounts, but promised not to hack that
> user's if they'd send the password file in email.
>
> What catches my eye is that the user to which our users were asked to
> respond was @helix.net, the same host that this mail passed through, 
> above. I dismissed it as a forgery, though, as the message had a
> umn.edu message ID, instead of a helix.net message ID.
>
> I don't know what's going on, but I don't like it. We're safe from this
> particular threat (aren't shadowed passwords grand?), but I still have
> to wonder what else is on the horizon.

Event one: A user at umn.edu forges mail (supposedly from helix.net).
Event two: A user at helix.net forges mail (supposedly from sfu.ca).

  Both events designed to cause as much mail as possible to be dumped
  on the the forge-ee; not to acquire password files.  And not a
  single person sent their password files.  It's social engineering,
  all right, but designed for a less-obvious goal.

> [Wonderful -- We've gone from computer hacking to social hacking... What's
>  next?]

Biological hacking.  Then atomic hacking.  :-)

--
Charles Howes -- chowes () helix net
 Always tell the truth, then you make it the other bloke's problem! 
 - Sean Connery, 1971