On Sat, 27 Apr 1996, Alan Olsen wrote:
Of course there is little that one can do about this kind of invasion of privacy. But they don't have to be so fucking blatant and stupid about it. They have the email addresses of DAEMONS from our password files in their database.
I wonder if those addresses are from a "finger @sitename.org" hack. It becomes worrysome when the methods of hackers intersect with those of database compilers.
They did that too. They got recursive whois and finger sweeps dated mid-1993 (we catch people doing whois aaaa*, aaab*, and so on every once in a while), a Usenet-wide sweep dated early 1994, a sweep of local, firewalled su.* newsgroups last December/January 95/96, and an outright theft of the master shadow password file for most stanford.edu accounts (address, real name, and UID only, no group ID or encrypted password) in January 1996. I'm sure they bought the first two from some other source. As much as I'm tempted to call these jokers at home early tomorrow morning, I know that a slow roasting by lawyers and the newsmedia is likely to be more effective. -rich