Yea well, this was during the dirtcom boom of 8745BC -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Daniel Chenault Sent: Friday, October 19, 2001 3:41 PM To: Exchange Discussions Subject: Re: Investigating a Forged Message
You had the wheel when you were young? Gee... all we had was the square. Took five guys to move it anywhere and if someone didn't move fast enough it'd crush him and then we didn't have enough guys to get it off him. And we LIKED IT 'cuz we didn't know any better! ----- Original Message ----- From: "Martin Blackstone" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Friday, October 19, 2001 5:34 PM Subject: RE: Investigating a Forged Message > That is old school. > > Back when I was young, if you didn't leave a straw covered pit in > front of your cave, other Cro-Magnon dudes would come in and paint > pictures of the donkey god on your walls and write hieroglyphics about > your woman. Then you could come back and find a piece of saber tooth > tiger dung under your straw mat. Once after we discovered fire and > wheels, we rolled a flaming wheel of crap into a cave that was vacant. > The guy had gone off to the weekly sacrifice. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Smith, Ronni > Sent: Friday, October 19, 2001 3:20 PM > To: Exchange Discussions > Subject: RE: Investigating a Forged Message > > > Back in the old days at my old job we still didn't have e-mail[1] so > we couldn't forge messages. But if you left your terminal unlocked you > ran the risk of one or more nasty things happening to you (and this > was just the other users mind you). > > Your files were all moved to some other directory so you had to track > down who hid them and then make them tell you where. > > Your prompt changed to something nasty. "What do you want, moron?" was > mild. > > Or my personal favorite[2]: You had been logged off and when you tried > to log back in a login script popped up a nice official looking notice > that said your account had been deleted for violating policies and to > see the sys admins and then immediately logged you off. You had to > have very very fast reflexes and the system had to be very very > heavily loaded for you to be able to control out of the script before > it logged you out. So you still had to see the admins to get the > script removed from your login directory even if you didn't believe > the notice. Our admins had trained at the BOFH school so either way > that was a sure cure. > > Ronni > > [1] Users only got an e-mail address if you had a demonstrable > business need to send e-mail. Yes in many ways I am an old fart. > > [2] Although the admins might not have been as amused. > > > -----Original Message----- > > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > > Sent: Friday, October 19, 2001 3:00 PM > > To: Exchange Discussions > > Subject: RE: Investigating a Forged Message > > > > > > I just zip the contents of their my documents folder and password > > protect it. Then collect $50 for the password. Not terribly > > original, but quite > > profitable. > > > > > > > -----Original Message----- > > > From: Darcy Adams [mailto:[EMAIL PROTECTED]] > > > Sent: Friday, October 19, 2001 4:18 PM > > > To: Exchange Discussions > > > Subject: RE: Investigating a Forged Message > > > > > > > > > In our office, if your workstation is found unlocked the most > > > likely penalty is the note sent from your mailbox inviting > > > everyone to a mocha (if in the morning) or a beer (if in the > > > evening) at your expense. > > > > > > Ah, yeah - along with your screensaver being changed to display > > > something like "Luser left his workstation unlocked, again". . . > > > even our VP isn't immune to that one. > > > > > > Darcy > > > > > > -----Original Message----- > > > From: Monteleone-Haught Matt - Millville > > > [mailto:[EMAIL PROTECTED]] > > > Sent: Friday, October 19, 2001 1:36 PM > > > To: Exchange Discussions > > > Subject: RE: Investigating a Forged Message > > > > > > > > > Said prankster should have in addition to sending the message [1] > > > changed his password to "Don'tLeaveYourWorkstationUnlockedFool" > > > and then locked the workstation. > > > > > > Matthew > > > [1] I don't advocate what said prankster did [2] > > > [2] although I did get a good chuckle out of it [3] > > > [3] considering I had a rotten day because of a clueless VP.[4] > > > [4] I don't know Sherry [5] but I think your supposed to say Hi, > > > so Hi Sherry [5] Not that I've had the opportunity or wouldn't > > > welcome the opportunity. > > > > > > > > > >>>-----Original Message----- > > > >>>From: Chris Scharff [mailto:[EMAIL PROTECTED]] > > > >>>Sent: Friday, October 19, 2001 3:57 PM > > > >>>To: Exchange Discussions > > > >>>Subject: RE: Investigating a Forged Message > > > >>> > > > >>> > > > >>>So, the only head which really needs to on a pike is that of > > > >>>one Mr. McDonald? > > > >>> > > > >>>Chris > > > >>>-- > > > >>>Chris Scharff > > > >>>Senior Sales Engineer > > > >>>MessageOne > > > >>>If you can't measure, you can't manage! > > > >>> > > > >>> > > > >>>> -----Original Message----- > > > >>>> From: Tim Ault [mailto:[EMAIL PROTECTED]] > > > >>>> Sent: Friday, October 19, 2001 2:58 PM > > > >>>> To: Exchange Discussions > > > >>>> Subject: RE: Investigating a Forged Message > > > >>>> > > > >>>> > > > >>>> ha.. actually I just learned he 'was' asked that question.. > > > >>>> > > > >>>> Turns out, ol' McDonald was away from his desk from 9 > > > till 10am and > > > >>>> left his box accessible. All indications are that the > > > message was > > > >>>> sent from the client on his desk. The message was found > > > in the Sent > > > >>>> Items of his mailbox. There appears to have been no > > > logon recorded > > > >>>> in Admin during that hour (implying his mailbox was not > > > opened from > > > >>>> another PC), and there were no suspicious 1016's (implying > > > >>>> the Admin was not in on it). The message was of blue Arial > > > >>>> font (implying OWA was not used to send it, and his password > > > is secure), > > > >>>> and there was no access recorded by the box acting as the > > > >>>> SMTP server (implying O.E. was not used to send it, and his > > > >>>> creds are secure). Oh.. and someone saw somebody at his desk > > > >>>> around the time (implying.. oh > > > >>>> hell..) > > > >>>> > > > >>>> so they figured it out. > > > >>>> this was not quite the challenge I thought it'd be. > > > >>>> > > > >>>> Tim. > > > >>>> > > > >>>> -----Original Message----- > > > >>>> From: Tom Meunier [mailto:[EMAIL PROTECTED]] > > > >>>> Sent: Friday, October 19, 2001 12:38 PM > > > >>>> To: Exchange Discussions > > > >>>> Subject: RE: Investigating a Forged Message > > > >>>> > > > >>>> > > > >>>> Ask McDonald, "Where exactly were you at 9:19AM this > > > morning, and > > > >>>> for how long before that, and who knew?" > > > >>>> > > > >>>> i.e. was he in the washroom with his $250 Italian > > > leathers poking > > > >>>> out underneath the stall, making noises that indicated > > > >>>> extreme abdominal discomfort... :) > > > >>>> > > > >>>> > > > >>>> > -----Original Message----- > > > >>>> > From: Tim Ault [mailto:[EMAIL PROTECTED]] > > > >>>> > Posted At: Friday, October 19, 2001 11:13 AM Posted To: > > > >>>> > MSExchange Mailing List > > > >>>> > Conversation: Investigating a Forged Message > > > >>>> > Subject: RE: Investigating a Forged Message > > > >>>> > > > > >>>> > > > > >>>> > Thanks. > > > >>>> > > > > >>>> > I believe item #1 (of my post) is most probable.. hell, > > > >>>I must leave > > > >>>> > OL2k open and unattended on my PC a dozen times every day > > > >>>> > for > > > >>>> minutes at a > > > >>>> > stretch. > > > >>>> > > > > >>>> > However, this takes balls. Considering the length and > > > articulate > > > >>>> > phrasing of the message, it seems the person would > > > have spent an > > > >>>> > inordinate amount of > > > >>>> > time at McDonald's desk. Certainly someone should have seen > > > >>>> > somebody there. > > > >>>> > > > > >>>> > I have recommended they check the EV on the server which > > > >>>McDonald's > > > >>>> > mailbox resides for EV 1016's.. just incase the Admin > > > >>>was in on it. > > > >>>> > > > > >>>> > Tim. > > > >>>> > > > > >>>> > > > > >>>> > -----Original Message----- > > > >>>> > From: Wright, Steven [mailto:[EMAIL PROTECTED]] > > > >>>> > Sent: Friday, October 19, 2001 11:47 AM > > > >>>> > To: Exchange Discussions > > > >>>> > Subject: RE: Investigating a Forged Message > > > >>>> > > > > >>>> > > > > >>>> > It appears that it was send via Exchange since there are no > > > >>>> internet > > > >>>> > addresses in the TO: FROM: fields. Also, if you check the > > > >>>> headers and > > > >>>> > there is nothing there, then you have the culprit in-house > > > >>>> and logging > > > >>>> > on legitimately via the user's account. The original > > > >>>suggestions > > > >>>> > below are probably what occurred. > > > >>>> > > > > >>>> > How accessible is the VP's computer? May be someone > > > took a quick > > > >>>> > opportunity at an unattended computer. If they were very > > > >>>> clever, they > > > >>>> > might have set the message to delay a day or so before > > > delivery. > > > >>>> > > > > >>>> > Hope everyone at the company took it seriously and > > > went home ;-) > > > >>>> > > > > >>>> > Steve > > > >>>> > > > > >>>> > -----Original Message----- > > > >>>> > From: Martin Blackstone > > [mailto:[EMAIL PROTECTED]] > > > >>>> > Sent: Friday, October 19, 2001 11:39 AM > > > >>>> > To: Exchange Discussions > > > >>>> > Subject: RE: Investigating a Forged Message > > > >>>> > > > > >>>> > > > > >>>> > Headers, Let us see the headers. > > > >>>> > > > > >>>> > -----Original Message----- > > > >>>> > From: [EMAIL PROTECTED] > > > >>>> > [mailto:[EMAIL PROTECTED]] On Behalf > > > Of Tim Ault > > > >>>> > Sent: Friday, October 19, 2001 8:33 AM > > > >>>> > To: Exchange Discussions > > > >>>> > Subject: Investigating a Forged Message > > > >>>> > > > > >>>> > > > > >>>> > Here's a little something some of you may enjoy this fine > > > >>>> Friday.. put > > > >>>> > on your investigator hats.. > > > >>>> > > > > >>>> > My wife forwarded this message to me: > > > >>>> > > > > >>>> > > From: McDonald, Arthur K. > > > >>>> > > Sent: Friday, October 19, 2001 9:19 AM > > > >>>> > > To: EPDS Contractors; EPDS - EPI Data Systems > > > >>>> > > Subject: Much to be grateful for... > > > >>>> > > > > > >>>> > > All of us in this division have much to be grateful for > > > >>>> > > and > > > >>>> > for that > > > >>>> > > reason, I would like to encourage each of you to go > > > >>>home at noon > > > >>>> > > today. You may use my annual leave since I have far more > > > >>>> > than I will > > > >>>> > > ever use. Go home, be with your families, talk with your > > > >>>> neighbors, > > > >>>> > > love life and be grateful for all we have in this > > > >>>great nation of > > > >>>> > > ours. Then come back on Monday refreshed and ready to > > > >>>> take on the > > > >>>> > > world! > > > >>>> > > > > >>>> > ahem.. *chortle* ..well, in any event, "Arthur", VP > > > >>>(Very Pissed), > > > >>>> > wants a head on a pike. I will offer to him (via my > > woman) the > > > >>>> > following likely prospects: > > > >>>> > > > > >>>> > 1) The culprit got direct access to OL2k on the desktop; > > > >>>> > 2) The culprit knew Arthur's username & password; > > > >>>> > 3) A confederate Exchange Admin granted "User" or "Send as" > > > >>>> permission > > > >>>> > to culprit > > > >>>> > 4) Culprit spoofed the message from an SMTP srvr, or > > > >>>used a similar > > > >>>> > serve from the web. > > > >>>> > > > > >>>> > Feel free to presume the obvious; and I can pass along a > > > >>>> few details > > > >>>> > that have be provide me. Care to contribute? > > > >>>> > > > > >>>> > Tim. > > > >>>> > > > > >>>> > > > > _________________________________________________________________ > > > >>>> > List posting FAQ: > > > >>>http://www.swinc.com/resource/exch_faq.htm > > > >>>> > Archives: > > > >>>http://www.swynk.com/sitesearch/search.asp > > > >>>> > To unsubscribe: mailto:[EMAIL PROTECTED] > > > >>>> > Exchange List admin: [EMAIL PROTECTED] > > > >>>> > > > > >>>> > > > > >>>> > > > > _________________________________________________________________ > > > >>>> > List posting FAQ: > > > >>>http://www.swinc.com/resource/exch_faq.htm > > > >>>> > Archives: > > > >>>http://www.swynk.com/sitesearch/search.asp > > > >>>> > To > > > >>>unsubscribe: mailto:[EMAIL PROTECTED] > > > >>>> > Exchange List admin: [EMAIL PROTECTED] > > > >>>> > > > > >>>> > > > > _________________________________________________________________ > > > >>>> > List posting FAQ: > > > >>>http://www.swinc.com/resource/exch_faq.htm > > > >>>> > Archives: > > > >>> http://www.swynk.com/sitesearch/search.asp > > > >>>> > To unsubscribe: mailto:[EMAIL PROTECTED] > > > >>>> > Exchange List admin: [EMAIL PROTECTED] > > > >>>> > > > > >>>> > > > > _________________________________________________________________ > > > >>>> > List posting FAQ: > > > >>>http://www.swinc.com/resource/exch_faq.htm > > > >>>> > Archives: > > > >>> http://www.swynk.com/sitesearch/search.asp > > > >>>> > To unsubscribe: mailto:[EMAIL PROTECTED] > > > >>>> > Exchange List admin: [EMAIL PROTECTED] > > > >>>> > > > > >>>> > > > >>>> > > _________________________________________________________________ > > > >>>> List posting FAQ: > > > http://www.swinc.com/resource/exch_faq.htm > > > >>>> Archives: > > > http://www.swynk.com/sitesearch/search.asp > > > >>>> To unsubscribe: mailto:[EMAIL PROTECTED] > > > >>>> Exchange List admin: [EMAIL PROTECTED] > > > >>>> > > > >>>> > > _________________________________________________________________ > > > >>>> List posting FAQ: > > > http://www.swinc.com/resource/exch_faq.htm > > > >>>> Archives: > > > http://www.swynk.com/sitesearch/search.asp > > > >>>> To unsubscribe: mailto:[EMAIL PROTECTED] > > > >>>> Exchange List admin: [EMAIL PROTECTED] > > > >>>> > > > >>> > > > >>>_______________________________________________________________ > > > >>>__ > > > >>>List posting FAQ: > http://www.swinc.com/resource/exch_faq.htm > > >>>Archives: http://www.swynk.com/sitesearch/search.asp > > >>>To unsubscribe: mailto:[EMAIL PROTECTED] > > >>>Exchange List admin: [EMAIL PROTECTED] > > >>> > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
