Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uwm.edu!bionet!agate!usenet.ins.cwru.edu!tut.cis.ohio-state.edu!sei.cmu.edu!tgp
From: tgp@sei.cmu.edu (Tod Pike)
Newsgroups: comp.unix.admin
Subject: Re: MONEY_FOR_BANKS offer
Message-ID: <24115@as0c.sei.cmu.edu>
Date: 16 Apr 91 15:28:52 GMT
References: <!vkg8.#@rpi.edu>
Sender: netnews@sei.cmu.edu
Reply-To: tgp@sei.cmu.edu (Tod Pike)
Organization: Software Engineering Institute, Pittsburgh, PA
Lines: 28

In article <!vkg8.#@rpi.edu> fitz@mml0.meche.rpi.edu (Brian Fitzgerald) writes:
>For anyone who is interested, on April 8, someone placed a commercial
>announcement for a "credit card indemnification club" in world writable
>anonymous ftp directories from here to Finland.
>
>| Dear Reader:
>|         We are a multi-service comapny that needs your help.  We need

  Well, I got this same file on my server here, but I have logging turned on
to trace connections; I was able to track down where the files came from and
when they had been put there.  It turns out that the files came from a
machine in the auburn.edu domain.  I contacted the admin there, and the
person who did the file transfers has been identified.  According to the
admin at auburn, the perpetrator has been spoken to, and should not be a
problem in the future.

  Sorry to be so vague about the details, but I see no reason to cause a big
stink about what is essentially a prank.  If anyone wants the name of the
person I spoke to at auburn, I will be happy to supply it.  The people there
were very responsive and polite, which is refreshing when dealing with
security problems.

			Tod Pike

Internet: tgp@sei.cmu.edu
Mail:     Carnegie Mellon University
	  Software Engineering Institute
	  Pittsburgh, PA. 15213-3980