On Tue, 16 May 2000, Jim Roland wrote about, URGENT!!!!!!! Pine hacking attack: DOS attack, log file attached! (fwd): > > (I've BCC'd several people I personally know that could find this > information useful). > > I'm sure some of you might have been hit with something like this, but > this is the first time that in my 3 years of using Pine, has Pine been > used to attempt to hack into my system. This is a little too scary, and a > little too close to similar attacks against Microsoft email software. > > For everyone's sake, I hope it was just me that was attacked, but it > appears that the person who sent out the message used to attack, put > addresses in the BCC field, which probably spammed several people. If you > receive a message with "DOS attack, log file attached!" and you're on Unix > or Linux, DO NOT, I REPEAT, DO NOT OPEN the message. I'm not speaking > like the media press that says "do not open the message" when they really > mean to say "do not open the attachment", this type of attack using *nix > systems (Linux, etc) literally to start running a program while a message > is being looked over for attachments via Pine. If you open the message to > view the headers or body, IT'S TOO LATE! One question comes to mind, if your so concerned about this, do you read mail as "root", if so dont, if you read it as a user then you have not so many worries as you think. > Like a good admin, I thought this was a real message, and wanted to find > out what was going on. I was too tired to be suspicious that the from and > to address never contained anything from my domain name. Unfortunately, > Pine does not show the "To" address, and thinking it was sent to my "root" > or one of the "*master" accounts (why the "+" does not show up in front of > the message--I have admin accounts forwarded to my user-level account), I > opened it. You know about not opening "unknown attachments" but you still did, however why open it to read whats in thier, simply use any editor or even (z)less to read that sort of thing first "outside" of the mailer. > > --------------------------- > > For those of you experienced, please do not get frustrated, I want to make > this serve as a warning to newbies about properly using Linux and > unknowingly sending out their passwords to a 3rd party. Therefore, I > might be a little less-advanced in explanations in here, but I do not want > anyone to get nailed like I did. The message quoted below was used to > attempt to steal passwords from my system. Yes, that's right, the message > below (changed to make it harmless while you read this warning) was used > to attempt to steal passwords from my system from inside Pine. But passwd's are encrypted, and /etc/passwds is world readable, so anyone loged in your system can read it, so whats the secret there.? /etc/shadow has encrypted passwd's as well, but should only be readable by root. -- Regards Richard [EMAIL PROTECTED] http://people.zeelandnet.nl/pa3gcu/ - To unsubscribe from this list: send the line "unsubscribe linux-newbie" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.linux-learn.org/faqs
