From: bbyer@BIX.com
Date: Mon, 14 Jun 93 17:53:26 PDT
To: hughes@soda.berkeley.edu
Subject: Re: CERT: the letter from CERT to berkeley.edu admin
Message-ID: <9306142046.memo.62427@BIX.com>
MIME-Version: 1.0
Content-Type: text/plain


In-Reply-To: <9306081620.AA07331@soda.berkeley.edu>
> Here, in its almost full glory, is the letter that CERT sent to the
> admin at berkeley.  I've removed the addressee, since there's no need
> to involve that person.  I have not, however, removed the name of the
> sender.
> ...
> 
>  We have been passed information that indicates that the anonymous FTP
>  archive on the following host(s) may be in use by intruders for
                                 ^
>  illegal trading of commercial software:
> 
> >>>>>>>  soda.berkeley.edu    /pub/cypherpunks
>
>  We have not confirmed this information, nor have we identified that
>  the anonymous FTP configuration on the above-listed host(s) is open
>  for abuse.                                               ^
> 
>  ...

This look suspiciously like a form letter.  The possible plurals
("(s)") and the fact that the site name is in a "list type" format
indicate this is probably a form letter.  This is even more
disturbing; do they have a form letter because they use it often or
do they have a daemon that searches for highly undesirable things
such as ftp sites with lots of encryption related things and
automatically fires off this harassing form letter?

Ben Byer <bbyer@bix.com>