From: Robert Hettinga <rah@shipwright.com>
To: cypherpunks@cyberpass.net
Message Hash: 04918bb2e0200299eb1b15ef712faef04d80454c8554679d2fefe8a14f842972
Message ID: <v04020a07b24e7a179d1b@[139.167.130.247]>
Reply To: N/A
UTC Datetime: 1998-10-17 18:30:11 UTC
Raw Date: Sun, 18 Oct 1998 02:30:11 +0800
From: Robert Hettinga <rah@shipwright.com>
Date: Sun, 18 Oct 1998 02:30:11 +0800
To: cypherpunks@cyberpass.net
Subject: Now *this* is funny...
Message-ID: <v04020a07b24e7a179d1b@[139.167.130.247]>
MIME-Version: 1.0
Content-Type: text/plain
--- begin forwarded text
Delivered-To: ignition-point@majordomo.pobox.com
X-Sender: believer@telepath.com
Date: Sat, 17 Oct 1998 11:06:07 -0500
To: believer@telepath.com
From: believer@telepath.com
Subject: IP: Fake Message Sends AOL E-Mail Astray
Mime-Version: 1.0
Sender: owner-ignition-point@majordomo.pobox.com
Precedence: list
Reply-To: believer@telepath.com
Source: Washington Post
http://www.washingtonpost.com/wp-srv/washtech/wtech001.htm
Fake Message Sends AOL E-Mail Astray
By Leslie Walker
Washington Post Staff Writer
Friday, October 16, 1998
A fake e-mail sent to the keeper of the Internet's global address book
yesterday erased America Online Inc.'s spot on the global computer
network, causing thousands of incoming e-mails to go to the wrong place
and preventing many people from visiting AOL's World Wide Web site.
AOL officials said all the misdirected e-mail should show up eventually in
the correct mailboxes. But the incident highlighted a security issue
involving how the central addresses known as domains are administered
on the Internet.
The incident began before 5 a.m. when someone impersonating an AOL
official sent e-mail to InterNIC, the Herndon organization that maintains
the domain name registry for the Internet, InterNIC spokesman
Christopher Clough said. The message requested the electronic address of
AOL's domain be changed.
Because AOL had chosen the lowest of three security levels possible for
making such a change, it was made automatically, with no review by any
person at Network Solutions Inc., the company that runs InterNIC,
Clough said.
The new address assigned was that of Autonet.net, an Internet service
provider. Mail meant for AOL automatically was diverted to Autonet,
overwhelming computers at the service.
In AOL's network monitoring center in Dulles, people monitoring traffic
volumes noticed a drop in the volume of e-mail coming in from the
Internet. They began investigating and found the change, AOL
spokeswoman Ann Brackbill said.
AOL rented a computer to lend to Autonet.net yesterday to reroute the
e-mail back to AOL while company officials simultaneously working with
InterNIC to correct AOL's address, Brackbill said.
AOL's actual Internet domain - AOL.com - was not changed, but the
directions the Internet uses in sending Web surfers there were changed
because of the fraudulent e-mail, so they couldn't get to the site. Instead,
error messages appeared on their screens.
"It's like if the phone book published the wrong address for AAA, and
you went there to get a map," Brackbill said. "You wouldn't be able to get
anything."
Clough said the e-mail came as a form message that was accepted
automatically because it appeared to come from the correct person and
address at AOL.com that was authorized to change AOL's InterNIC
records. Computer buffs call an incident of this kind "a spoof" - an
impersonation of someone by e-mail.
By 4:30 p.m., AOL's address had been corrected in the main Internet
address book, but it often takes hours for changes to travel throughout the
global network, Clough said.
AOL officials estimated that 12 percent to 15 percent of its e-mail was
affected Only about half of AOL's e-mail traffic comes from the Internet;
the other half is internal. In addition, 10 percent to 20 percent of the
people trying to access its Web site received error messages.
AOL officials asked InterNIC yesterday to change the security level for its
domain name records. The two higher levels available - and apparently
used by most commercial Internet operations - involve either a password
or encryption in the request for a change to the address.
Brackbill couldn't explain why AOL chose the lowest security level,
except to note that the record was created "a long time ago."
"We've never had a problem before with this and our goal is to make sure
we don't have it again," she said. AOL is cooperating with law
enforcement officials to identify the culprit.
(c) Copyright The Washington Post Company
-----------------------
NOTE: In accordance with Title 17 U.S.C. section 107, this material is
distributed without profit or payment to those who have expressed a prior
interest in receiving this information for non-profit research and
educational purposes only. For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml
-----------------------
****************************************************
To subscribe or unsubscribe, email:
majordomo@majordomo.pobox.com
with the message:
(un)subscribe ignition-point email@address
or (un)subscribe ignition-point-digest email@address
****************************************************
www.telepath.com/believer
****************************************************
--- end forwarded text
-----------------
Robert A. Hettinga <mailto: rah@philodox.com>
Philodox Financial Technology Evangelism <http://www.philodox.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Return to October 1998
Return to “Robert Hettinga <rah@shipwright.com>”
1998-10-17 (Sun, 18 Oct 1998 02:30:11 +0800) - Now this is funny… - Robert Hettinga <rah@shipwright.com>