Lyle Leavitt wrote: >Do we really know if this is 'real' or is forensicsbox@private a >stolen account and the perp is trying to scam this group regarding >Heidi's account. The last posts from Heidi appear fairly benign while >this post from Wendy is rather bazaar. > I regard Heidi's account as compromised. I got an e-mail from mcps@private, delivered via hotmail.com, that claimed that other posts from mcps@private were forged. From there, it is a theorem that one or the other posts was a forgery. Both came via hotmail.com machines. Therefore mcps@private has been compromised. Which doesn't surprise me very much. It was last year that Heidi came to this group, asking for advice on how to secure some kind of business practice, in which a core element was outsourcing all e-mail activities to Hotmail. Everyone here said "you must be nuts." I guess we were right :) >Is this a PRS training exercise to evaluate the CRIME group's ability >to respond? What's the proper protocol here. It doesn't seem right to >immediately act on Wendy's request to block Heidi's messages. > I have no idea who "Wendy" is. Without some better credentials, I wouldn't take an anonymous yahoo mail account at face value. Blocking seems wrong. Just be cautious of pronouncements from mcps@private, because we already know that any of them could be forged. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html
This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 19:24:47 PDT