Re: CRIME postings/e-mail from Heidi Henry -mcps@private

From: John E Jewkes-AAA0OR-AAA0ID (aar0mi@private)
Date: Wed Jun 19 2002 - 22:19:56 PDT

  • Next message: Jimmy S.: "Re: CRIME postings/e-mail from Heidi Henry -mcps@private"

    One note many of you may have already known, but ignored....
    MSN and Hotmail use the same servers. They are in each others pockets, 
    as both are owned by Mssr. Gates. Hotmail is simply a 'web-mail' solution
    that MSN users also get access to. Hotmail addresses and vice-versa in 
    certain circumstances. On the Good side, MSN grants the initial Password
    as
    a randomly based combination of Alphas and Numbers, and Hotmail allows
    the user to select their initial passwords themselves. MSN/Hotmail does,
    However use their 'PASSPORT' technology to allow buffered/cookied access
    each time you login. All it would take would be someone visiting Heidi's
    PC
    when she's out to lunch or down the hall to login when the 'cookies' are
    not set to 
    expire on exit, and boom!!
    
    de John Jewkes
    
    On Wed, 19 Jun 2002 18:07:46 -0700 Crispin Cowan <crispin@private>
    writes:
    > Lyle Leavitt wrote:
    > 
    > >Do we really know if this is 'real' or is forensicsbox@private a
    > >stolen account and the perp is trying to scam this group regarding
    > >Heidi's account. The last posts from Heidi appear fairly benign 
    > while
    > >this post from Wendy is rather bazaar. 
    > >
    > I regard Heidi's account as compromised. I got an e-mail from 
    > mcps@private, delivered via hotmail.com, that claimed that other 
    > posts 
    > from mcps@private were forged. From there, it is a theorem that one 
    > or 
    > the other posts was a forgery. Both came via hotmail.com machines. 
    > Therefore mcps@private has been compromised.
    > 
    > Which doesn't surprise me very much. It was last year that Heidi 
    > came to 
    > this group, asking for advice on how to secure some kind of business 
    > 
    > practice, in which a core element was outsourcing all e-mail 
    > activities 
    > to Hotmail. Everyone here said "you must be nuts." I guess we were 
    > right :)
    > 
    > >Is this a PRS training exercise to evaluate the CRIME group's 
    > ability
    > >to respond? What's the proper protocol here. It doesn't seem right 
    > to
    > >immediately act on Wendy's request to block Heidi's messages. 
    > >
    > I have no idea who "Wendy" is. Without some better credentials, I 
    > wouldn't take an anonymous yahoo mail account at face value. 
    > Blocking 
    > seems wrong. Just be cautious of pronouncements from mcps@private, 
    > because we already know that any of them could be forged.
    > 
    > Crispin
    > 
    > -- 
    > Crispin Cowan, Ph.D.
    > Chief Scientist, WireX Communications, Inc. 
    > http://wirex.com/~crispin/
    > Security Hardened Linux Distribution:       http://immunix.org
    > Available for purchase: 
    > http://wirex.com/Products/Immunix/purchase.html
    > 
    > 
    > 
    
    
    John Jewkes, SMD US ARMY MARS
    Oregon/Idaho State Director
    AAA0OR OR/AAA0ID ID/AAR0MI OR
    W6HNC
    
    ________________________________________________________________
    GET INTERNET ACCESS FROM JUNO!
    Juno offers FREE or PREMIUM Internet access for less!
    Join Juno today!  For your FREE software, visit:
    http://dl.www.juno.com/get/web/.
    



    This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 08:23:07 PDT