 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
How is your network set up at work? Is it switched ethernet? Anyone at your work could have sniffed your pop password and sold it to spammers, I have seen that before. Also they could have broke into harvard.nets servers, they do not have the most secure network(but better than most ISPs) and h.net was telling you it was your fault, Demand headers from the so called spammers to be sent to you, they wouldn't make you change your password without actually proof.. Also your dial up pass and system passwords should really be differant, especially if your sending it over clear text. A trick some people use is they get your mail pass and get you to send an e-mail to them, then the look at the headers and log onto your box as you with that pass. Do you use FTP with that pass? -Good luck, and demand those headers! Kris Loranger Network Systems Engineer Belenosinc.com kris at kancer.978.org IRC:efnet, #978 AIM:KancerKris Run Linux, keep the net free! On Mon, 10 Jul 2000, Ron Peterson wrote: > My ISP (HarvardNet) just had me change my dial-up password. It seems > they had been getting SPAM complaints which implicated me. The SPAM > wasn't appearing as coming from my account, but it was suspected that > the perpetrators were logging in using my dial-up username and password. > > Now I'm paranoid. > > How did they get my password? I use the same password for my user > account on my linux laptop. That's the only other place I use it. So > as far as I can tell, it must have been intercepted in one of three > places: (1) when establishing my dial-up connection, (2) when retrieving > my POP email (which I often do from my office LAN, in addition to when > I'm dialed in, and (3) when I'm logging in to my laptop. Am I > forgetting anything? > > I'm guessing someone got me on number (2). Which means I'll probably > stop getting my email except when I have a dial-in connection. > > Any other suggestions about what I should do at this point to make sure > I haven't been further compromised? Let's just say, for the sake of > argument, that I haven't compiled lists of the suid and guid programs on > my laptop in a known secured state. > > ________________________ > Ron Peterson > rpeterson at yellowbank.com > - > Subcription/unsubscription/info requests: send e-mail with > "subscribe", "unsubscribe", or "info" on the first line of the > message body to discuss-request at blu.org (Subject line is ignored). > - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
