From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 28 Apr 1996 14:20:54 +0800
To: cypherpunks@toad.com
Subject: Re: www.WhoWhere.com selling access to my employer's passwd file
In-Reply-To: <2.2.32.19960427162824.00ab39d4@mail.teleport.com>
Message-ID: <Pine.GUL.3.93.960427172022.9454F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Apr 1996, Alan Olsen wrote:

> >Of course there is little that one can do about this kind of invasion of
> >privacy. But they don't have to be so fucking blatant and stupid about it.
> >They have the email addresses of DAEMONS from our password files in their
> >database.
> 
> I wonder if those addresses are from a "finger @sitename.org" hack.  It
> becomes worrysome when the methods of hackers intersect with those of
> database compilers.

They did that too. They got recursive whois and finger sweeps dated
mid-1993 (we catch people doing whois aaaa*, aaab*, and so on every once
in a while), a Usenet-wide sweep dated early 1994, a sweep of local,
firewalled su.* newsgroups last December/January 95/96, and an outright
theft of the master shadow password file for most stanford.edu accounts
(address, real name, and UID only, no group ID or encrypted password) in
January 1996.

I'm sure they bought the first two from some other source.

As much as I'm tempted to call these jokers at home early tomorrow
morning, I know that a slow roasting by lawyers and the newsmedia is
likely to be more effective.

-rich