E-mail spoofing

Subject: E-mail spoofing
From: George Mena <George -dot- Mena -at- ESSTECH -dot- COM>
Date: Tue, 21 Apr 1998 18:21:54 -0700

Hi folks =)

Roger Peterson wrote:

>Mine might just be a contrarian viewpoint, but I just don't see where
>Ron Brown fellow has committed any real crime ( other than maybe poor
>survey construction ). Yes, I received the survey, and yes I
>Took all of about 20 seconds of my VERY valuable time. *-)

>Now, if he had subverted the list in some way, that would be a
>different matter altogether. In other words, if he had found a way to
>post when that privilege had been revoked by the list owner, then that
>would indeed be cause for concern.


I think the big concern is a not-so-little thing known as e-mail
spoofing. For those of you who don't know, e-mail spoofing is an
excellent way to subvert not only lists like this one, but also things
like firewalls and system passwords that let unauthorized users into a
system's root directory to change superuser privileges and read-only
attributes of key files. Write the right kind of code and your system
can pick up just about any kind of system information and the firewalls
be damned.

Eric Ray's point seems to deal with the fact that a non-subscriber was
able to access *everyone* on the list. Plain and simple, he should
*not* have been able to do that. Everyone on this listserver knows they
have to subscribe to it in order to post here. The fact that a
*non-subscriber* was able to do that is a very large red flag to a lot
of system administrators, and rightfully so. Nobody in their right mind
wants to see their domains compromised by some unscrupulous individual,
especially one whose intentions are unclear. This is but one way that
people who used to belong to the Chaos Computer Club would access
systems they had no business accessing. This is also an excellent way
to spread something like the Michelangelo virus to a lot of otherwise
unsuspecting systems.

To learn more about computer espionage, read "The Cuckoo's Egg" by Cliff
Stoll. In paperback, about $6, good read. True story about Stoll
himself being asked to discover a 75 cent accounting error at the
Lawrence Berkeley Lab's computers and discovering a guy named Markus
Hess, who was looking for classified material at various system servers
(Star Wars secrets, strategic --read nuclear-- theater of operations war
plans and the like) throughout the country from his desktop computer in
Hannover, Germany (then West Germany). Hess, who was working for the
old Soviet KGB, was looking for top secret material so he could feed his
coke habit. He wound up going to prison, did his time and is now
working somewhere in Germany as a security consultant.

There's also a Web site that specifically deals with Internet secuirty
issues planetwide, complete with a great library on such things as virus
writing groups and a lot more. If you do a search on Yahoo or Alta
Vista, you should be able to find it. =)

A contrarian viewpoint? I wish it were that simple. =)

George Mena
Technical Writing Consultant
George -dot- Mena -at- esstech -dot- com
ESS Technology, Inc.
48401 Fremont Blvd.
Fremont, CA 94538

Previous by Author: Defining The Entry Level Tech Writer
Next by Author: A Last Post on Secretary's Day?
Next by Thread: ADMIN: List Review Disabled

What this post helpful? Share it with friends and colleagues:

Sponsored Ads