1996-04-29 - ANNOUNCING The WhoWhere? Hack Stanford Contest!

Header Data

From: Rich Graves <llurch@networking.stanford.edu>
To: Gunjan Sinha <gunjan@parsecweb.com>
Message Hash: b1c95cd9ff9f75de5e7a3f3b09e1e41b93cab2ba6181dfc3a7780168cae3209d
Message ID: <Pine.GUL.3.93.960428224543.13032V-100000@Networking.Stanford.EDU>
Reply To: <199604281351.GAA16852@parsecweb.com>
UTC Datetime: 1996-04-29 15:53:33 UTC
Raw Date: Mon, 29 Apr 1996 23:53:33 +0800

Raw message

From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 29 Apr 1996 23:53:33 +0800
To: Gunjan Sinha <gunjan@parsecweb.com>
Subject: ANNOUNCING The WhoWhere? Hack Stanford Contest!
In-Reply-To: <199604281351.GAA16852@parsecweb.com>
Message-ID: <Pine.GUL.3.93.960428224543.13032V-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


               FOR IMMEDIATE RELEASE ON CYPHERPUNKS
                A Publicly Available Announcement

Hey folks! A challenge. Using only legal and ethical means that would not
embarrass you at your IPO, and using only publicly available sources on
the Internet, please describe in detail how you found: 

1. Where and when "siockman@leland.stanford.EDU (Larry Schwimmer)"
   appeared in a publicly available source. NOTE: this is not Larry's
   real email address.
2. Where and when "sitn0001@leland.stanford.EDU (SITN Account 0001)"
   appeared in a publicly available source.
3. Robert Tharp's kerberos principal @ir.stanford.edu. Note: this nym
   has no email address or home directory, just a kerberos principal.
4. The current names and email addresses of all whowhere.com and
   parsecweb.com affiliates.

Employees of whowhere.com and their families are not eligible for prizes. 
Current and former affiliates of Stanford University are not eligible for
prizes, whether you use Stanford computers for the solution or not. You
must be able to demonstrate your solution from a private ISP such as
whowhere.com or netcom.com; solutions requiring other than publicly
available access to any major university's computer system will be
disqualified. To be eligible for prizes, I request that the source NOT be
made publicly available until I have had a chance to make it unavailable. 

A consolation prize may be awarded to the first person who identifies
whowhere.com's answers for challenges 1 and 2. This may not be the same
answer as was given above. 

Void where prohibited by law. Your mileage may vary. Trix are for kids.

On Sun, 28 Apr 1996, Gunjan Sinha <gunjan@parsecweb.com> wrote:

> I am sorry if you misunderstood my previous email. We are ex-Stanford
> grad, not current students!

I apologize for assuming that your message was written in standard
english, using the normal and customary (and publicly available) meanings
of words such as, "WhoWhere? is an effort by a team from Stanford GSB and
engineering school," and for assuming that the use of the Stanford name on
a number of publicly available web pages indicated an active Stanford
affiliation. In retrospect, I recognize that these were typographical
errors, just like the four glaring HTML bugs and handful of security holes
we've found so far (which are now publicly available information). 

Please take care to avoid such misunderstandings in the future by
refraining from introducing yourselves in these ways, especially where
such claims are likely to become publicly available information. 

> The WhoWhere? database is collected through
> a combination of technolofy, partnerships, and self-registrations by
> end-users.
> 
> Our content is from publicly available sources.

No, some of it is clearly not. Or if we do have such a serious security
breach, then Stanford is violating Federal laws concerning the privacy of
student records, and I would very much like to fix the problem, because I
do not wish to go to prison. As I asked you and your technical droid
before, please let me know how you obtained the "SITN Account" entries
without delay. If your selection of publicly available information
repositories is not considered publicly available information, then I
would be happy to sign a nondisclosure agreement. The fact that I have
signed such a nondisclosure agreement would, of course, become publicly
available information. 

Please identify the publicly available source that associates the name
Larry Schwimmer with the email address siockman@leland.Stanford.EDU. We
believe that this association only happened once, where it would not have
become publicly available information.

I have every hope that we will be able to settle this to our mutual
satisfaction privately. It sucks for everyone when disagreements such as
this become publicly available information.

Oh, there are some other problems with your site and its management, but
I'm sure you'll be able to find those problems, because they have been
posted as publicly available information. 

.signature publicly available






Thread