fitz@mml0.meche.rpi.edu (Brian Fitzgerald) (04/16/91)
For anyone who is interested, on April 8, someone placed a commercial announcement for a "credit card indemnification club" in world writable anonymous ftp directories from here to Finland. | Dear Reader: | We are a multi-service comapny that needs your help. We need | to secure as many banks in our computer banks as possible. We don't | want no one else's help, but yours. For each submitted bank you will | receive $5.00. If you are a member of the credit indemnification club, | then you will receive $7.50/submission. Look under CREDIT_CARD_PROTECTION | for more details and the address of the company. | Sincerely, | P. L. Miller | President | Miller's Comsumer Service I wonder why the bankers won't give him the list. Look for: -rw-rw-rw- 1 ftp 1394 Apr 8 05:55 CREDIT_CARD_INDEMNIFICATION -rw-rw-rw- 1 ftp 473 Apr 8 05:55 MONEY_FOR_BANKS -- We need to secure as many banks in our computer banks as possible. We don't want no one else's help, but yours. Miller's Comsumer Service
tgp@sei.cmu.edu (Tod Pike) (04/16/91)
In article <!vkg8.#@rpi.edu> fitz@mml0.meche.rpi.edu (Brian Fitzgerald) writes: >For anyone who is interested, on April 8, someone placed a commercial >announcement for a "credit card indemnification club" in world writable >anonymous ftp directories from here to Finland. > >| Dear Reader: >| We are a multi-service comapny that needs your help. We need Well, I got this same file on my server here, but I have logging turned on to trace connections; I was able to track down where the files came from and when they had been put there. It turns out that the files came from a machine in the auburn.edu domain. I contacted the admin there, and the person who did the file transfers has been identified. According to the admin at auburn, the perpetrator has been spoken to, and should not be a problem in the future. Sorry to be so vague about the details, but I see no reason to cause a big stink about what is essentially a prank. If anyone wants the name of the person I spoke to at auburn, I will be happy to supply it. The people there were very responsive and polite, which is refreshing when dealing with security problems. Tod Pike Internet: tgp@sei.cmu.edu Mail: Carnegie Mellon University Software Engineering Institute Pittsburgh, PA. 15213-3980
dct@mdaali.mda.uth.tmc.edu (David C. Tuttle) (04/16/91)
fitz@mml0.meche.rpi.edu (Brian Fitzgerald) writes: < < For anyone who is interested, on April 8, someone placed a commercial < announcement for a "credit card indemnification club" in world writable < anonymous ftp directories from here to Finland. < >|Dear Reader: >| We are a multi-service comapny that needs your help. We need >|to secure as many banks in our computer banks as possible. We don't >|want no one else's help, but yours. For each submitted bank you will >|receive $5.00. If you are a member of the credit indemnification club, >|then you will receive $7.50/submission. Look under CREDIT_CARD_PROTECTION >|for more details and the address of the company. >|Sincerely, >|P. L. Miller >|President >|Miller's Comsumer Service < < I wonder why the bankers won't give him the list. < < Look for: < -rw-rw-rw- 1 ftp 1394 Apr 8 05:55 CREDIT_CARD_INDEMNIFICATION < -rw-rw-rw- 1 ftp 473 Apr 8 05:55 MONEY_FOR_BANKS Thanks for the tip! After reading your message, I found these files on our FTP archive, too. I've tried contacting the company by phone, but there's no phone number listed in the directory (that sounds suspicious...). A quick look at our logs reveals that the Internet address of the machine used to perpretrate this is 131.204.21.12 . Anyone know whose machine this is? I'm not well-versed in Internet name-lookup-type things. At best, this is one of those credit "services" that prey on people with bad credit. At worst, it could be a bizarre pyramid-type con game where the guy skips town before paying out what he promises. Either way, it has "DON'T TOUCH" written all over it, and I'm not happy about our machine being a part of it. We've now shut off "world-writable" FTP permissions. Is there another newsgroup discussing this in greater detail? If so, somebody please e-mail me that info. -- David C. Tuttle dct@mdaali.mda.uth.tmc.edu Software Systems Specialist Department of Biomathematics University of Texas M.D. Anderson Cancer Center Houston, Texas
fitz@mml0.meche.rpi.edu (Brian Fitzgerald) (04/17/91)
David C. Tuttle writes: > that I write: >< >< For anyone who is interested, on April 8, someone placed a commercial >< announcement for a "credit card indemnification club" in world writable >< anonymous ftp directories from here to Finland. >We've now shut off "world-writable" FTP permissions. Please reconsider. I never intended to mean sysadmins everywhere should shut down the "incoming" side of anonymous ftp. It's one of the easiest ways I know to submit a large package to an archive (it's also a potential way to introduce a worm or virus, so watch out!), or for users to exchange large amounts of data conveniently or to exchange software packages or conference papers, and so on. Part of "open computing" is dealing with, or just putting up with stuff like this on the rare occasions it happens. How much to tolerate depends on your threshold and your schedule. Please don't turn off "incoming", everybody! By the way, this is my opinion, and does not necessarily reflect the policy of the RPI site administration, but I sure do appreciate their input (Thanks Herb!) Brian -- We need to secure as many banks in our computer banks as possible. We don't want no one else's help, but yours. Miller's Comsumer Service
emv@ox.com (Ed Vielmetti) (04/17/91)
In article <x4kg8t_@rpi.edu> fitz@mml0.meche.rpi.edu (Brian Fitzgerald) writes: >We've now shut off "world-writable" FTP permissions. Please reconsider. A reasonable thing to do is to have a world-writable directory separate and off on its own (like "incoming"), which is not read-permitted by anyone. Sites like e.g. atari.archive.umich.edu set up something like this to allow anonymous submissions but to avoid having their site be a vector for malicious doings or pirated software. An anonymous dark drop-box only allows you to fetch things if you know the name already. -- Msen Edward Vielmetti /|--- moderator, comp.archives emv@msen.com "With all of the attention and publicity focused on gigabit networks, not much notice has been given to small and largely unfunded research efforts which are studying innovative approaches for dealing with technical issues within the constraints of economic science." RFC 1216
dct@mdaali.mda.uth.tmc.edu (David C. Tuttle) (04/17/91)
fitz@mml0.meche.rpi.edu (Brian Fitzgerald) writes: > that I write: >> that he writes: >>< >>< For anyone who is interested, on April 8, someone placed a commercial >>< announcement for a "credit card indemnification club" in world writable >>< anonymous ftp directories from here to Finland. > >>We've now shut off "world-writable" FTP permissions. > > Please reconsider... <a case not to shut off write permissions follows> Our archive is currently quite restricted in its scope. Its only purpose (currently) is to facilitate distribution of our half-dozen-or-so home-grown statistical software packages, and we've never had reason or cause to use the archive for two-way data exchange. But you make a good case, and it's not that big a problem, so I'll re-open write permissions... partially. -- David C. Tuttle dct@mdaali.mda.uth.tmc.edu Software Systems Specialist Department of Biomathematics University of Texas M.D. Anderson Cancer Center Houston, Texas
fmayhar@hermes.ladc.bull.com (Frank Mayhar) (04/20/91)
In article <4971@lib.tmc.edu>, dct@mdaali.mda.uth.tmc.edu (David C. Tuttle) writes:
-> [...] A quick look at our logs reveals that the Internet
-> address of the machine used to perpretrate this is 131.204.21.12 . Anyone
-> know whose machine this is? I'm not well-versed in Internet
-> name-lookup-type things.
host -t ptr 12.21.204.131.in-addr.arpa
12.21.204.131.in-addr.arpa PTR ohm.ee.eng.auburn.edu
Auburn University?
--
Frank Mayhar fmayhar@hermes.ladc.bull.com (..!{uunet,hacgate}!ladcgw!fmayhar)
Bull HN Information Systems Inc. Los Angeles Development Center
5250 W. Century Blvd., LA, CA 90045 Phone: (213) 216-6241