1996-04-28 - Re: www.WhoWhere.com selling access to my employer’s passwd file

Header Data

From: Rich Graves <llurch@networking.stanford.edu>
To: cypherpunks@toad.com
Message Hash: a6bd5435d5c6824375dba9d74fda40e9d660d3da504e4e0ae962992b6a561b5e
Message ID: <Pine.GUL.3.93.960427172022.9454F-100000@Networking.Stanford.EDU>
Reply To: <2.2.32.19960427162824.00ab39d4@mail.teleport.com>
UTC Datetime: 1996-04-28 06:20:54 UTC
Raw Date: Sun, 28 Apr 1996 14:20:54 +0800

Raw message

From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 28 Apr 1996 14:20:54 +0800
To: cypherpunks@toad.com
Subject: Re: www.WhoWhere.com selling access to my employer's passwd file
In-Reply-To: <2.2.32.19960427162824.00ab39d4@mail.teleport.com>
Message-ID: <Pine.GUL.3.93.960427172022.9454F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Apr 1996, Alan Olsen wrote:

> >Of course there is little that one can do about this kind of invasion of
> >privacy. But they don't have to be so fucking blatant and stupid about it.
> >They have the email addresses of DAEMONS from our password files in their
> >database.
> 
> I wonder if those addresses are from a "finger @sitename.org" hack.  It
> becomes worrysome when the methods of hackers intersect with those of
> database compilers.

They did that too. They got recursive whois and finger sweeps dated
mid-1993 (we catch people doing whois aaaa*, aaab*, and so on every once
in a while), a Usenet-wide sweep dated early 1994, a sweep of local,
firewalled su.* newsgroups last December/January 95/96, and an outright
theft of the master shadow password file for most stanford.edu accounts
(address, real name, and UID only, no group ID or encrypted password) in
January 1996.

I'm sure they bought the first two from some other source.

As much as I'm tempted to call these jokers at home early tomorrow
morning, I know that a slow roasting by lawyers and the newsmedia is
likely to be more effective.

-rich






Thread