[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Fake E-mail message from Nir Simionivich - a report
Well, I just ntalked with Sachar and Nir and we agreed that I write a
report that summerizes what we found and concluded. Here goes:
As we all know a message was sent to me and the mailing list in responce
to my suggestion about the Linux Kernel page, which included an offeding
message. It appeared to be sent from Nir Simionich
(nirs@vipe.technion.ac.il) and with his signature. Nir had later denied
that he ever sent this message, and people started to wonder where did
security went wrong.
The fact is that fake E-mail can be sent easily, without breaking into
one's account, simply by connecting into the appropriate SMTP server from
remotely. The Hackers' FAQ gives details about how to do that. There used
to be a page which enabled more ignorant people to send fake E-mail
message (e.g from president@whitehost.gov), and an article about it
appeared in Time Magazine.
In any case since there is no way to tell the difference between an
original message and a fake one than the problem is not in the
mailing-list management software or in linux.org.il's firewall. They can
both do their job fine, and it will still happen.
However, it seems that in this occasion, faqe E-mail was not the case.
Shachar Tal (sachar@vipe) is the Sys-Admin of vipe, on which Nir
Simionovich has his E-mail account. A studying of the login logs revelead
that Nir was logged into vipe 2 minutes before the message was sent, and
logged out 15 minutes afterwards. (no second login at that time) Nir
confirmed that he logged in there from a terminal, left it for a short
time while active, and returned. Schahar deduced, therefore that some
other guy sat at the terminal while Nir was gone, and sent the E-mail
(probably out of mischief).
Without any further evidence, we have to conclude that there is no reason
to suspect there was a security hole somewhere, and we can all relax.
Anycase, it is a good idea not to live one's account active while going
away, to avoid this or worse incidents.
Now, once this stuff is resolved: does anyone has anything to say about
the Linux Kernel Experiments page idea? (besides "F**K OFF" :) )
Shlomi Fish
----------------------------------------------------------------------
The American Lottery - All you need is a dollar and a dream. We will
take the dollar, but you can keep the dream.
Shlomi Fish
Faculty of Electrical Engineering
The Technion
University E-mail: shlomif@t2.technion.ac.il
Home E-mail: shlomif@ibm.net
Home Page: http://t2.technion.ac.il/~shlomif/
----------------------------------------------------------------------