Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!cwjcc!gatech!mcdchg!ddsw1!karl From: karl@ddsw1.MCS.COM (Karl Denninger) Newsgroups: comp.dcom.modems Subject: Re: PC Pursuit uucp information Summary: Yes, it used to be possible; no idea about now. Message-ID: <2362@ddsw1.MCS.COM> Date: 6 Dec 88 16:59:34 GMT References:Reply-To: karl@ddsw1.MCS.COM(Karl Denninger) Organization: Macro Computer Solutions, Inc., Mundelein, IL Lines: 35 In article dkpurks@nessus.UUCP (System Administrator) writes: >Our security people are trying to track down a rumor regarding >hacking of PC Pursuit ID/PWs during uucp transmissions. If you >have ever accidentally ended up with someone else's ID and >PW in a log file somewhere, have had your ID/PW stolen during >a uucp transmission, or have any ideas about how such a thing >might happen, please let me know. We've ended up with a hacker trying to get our password and ID! The way it works is this: The "cracker" tells the network to connect to the dialin port (I assume he needs the PAD's address, which may or may not be hard to get). He then spoofs the "@" prompt, and you send your merry password and id, and he gets it. Nice! It's a Classic Trojan Horse. I called Telenet customer support immediately. Telenet tried to tell me what I had seen was impossible. How about "@ Hello there from Cleveland." (!!!!!). Yep, that was what I saw once.... THAT particular person wasn't malicious, but others.... Then there were several hours on our id when they cut over to "really" billing for daytime usage.... hours which we couldn't have possibly really used. We had quite a nice spat with Telenet over those; they were finally dropped as "improper charges" (who knows what that meant). Be real careful with PC Persuit and your id/pw. From my experience it would appear that it is quite possible to be "horsed"..... -- Karl Denninger (karl@ddsw1.MCS.COM, ddsw1!karl) Data: [+1 312 566-8912], Voice: [+1 312 566-8910] Macro Computer Solutions, Inc. "Quality solutions at a fair price"