Re: CRIME postings/e-mail from Heidi Henry -mcps@private

From: Crispin Cowan (crispin@private)
Date: Wed Jun 19 2002 - 18:07:46 PDT

  • Next message: Lyle Leavitt: "CRIME Password Security Risk with Local ISP's"

    Lyle Leavitt wrote:
    
    >Do we really know if this is 'real' or is forensicsbox@private a
    >stolen account and the perp is trying to scam this group regarding
    >Heidi's account. The last posts from Heidi appear fairly benign while
    >this post from Wendy is rather bazaar. 
    >
    I regard Heidi's account as compromised. I got an e-mail from 
    mcps@private, delivered via hotmail.com, that claimed that other posts 
    from mcps@private were forged. From there, it is a theorem that one or 
    the other posts was a forgery. Both came via hotmail.com machines. 
    Therefore mcps@private has been compromised.
    
    Which doesn't surprise me very much. It was last year that Heidi came to 
    this group, asking for advice on how to secure some kind of business 
    practice, in which a core element was outsourcing all e-mail activities 
    to Hotmail. Everyone here said "you must be nuts." I guess we were right :)
    
    >Is this a PRS training exercise to evaluate the CRIME group's ability
    >to respond? What's the proper protocol here. It doesn't seem right to
    >immediately act on Wendy's request to block Heidi's messages. 
    >
    I have no idea who "Wendy" is. Without some better credentials, I 
    wouldn't take an anonymous yahoo mail account at face value. Blocking 
    seems wrong. Just be cautious of pronouncements from mcps@private, 
    because we already know that any of them could be forged.
    
    Crispin
    
    -- 
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc. http://wirex.com/~crispin/
    Security Hardened Linux Distribution:       http://immunix.org
    Available for purchase: http://wirex.com/Products/Immunix/purchase.html
    



    This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 19:24:47 PDT