Snooping ISP admin??
Greetings All, Question for the group: I have encountered a situation that causes me to believe an ISP is snoopingthrough encrytped mail. It seems that PGP'd mail has aroused the curiosity of an ISP (not hooked.net).. I have encountered "POP3 account in use by another user" several times in the past few days and I am the only user... wondering if that "in use" messsage is the result of a clumsy sysadmin being caught with his hand in the cookie jar. Any thoughts from the group??? If those more knowledgeable than I deem these NOISE... my sincere apologies. regards, Michael E. Carboy carboy@hooked.net carboy@carboy.com
Michael E. Carboy writes:
Greetings All,
Question for the group: I have encountered a situation that causes me to believe an ISP is snoopingthrough encrytped mail. It seems that PGP'd mail has aroused the curiosity of an ISP (not hooked.net).. I have encountered "POP3 account in use by another user" several times in the past few days and I am the only user... wondering if that "in use" messsage is the result of a clumsy sysadmin being caught with his hand in the cookie jar.
It's from a clumsy programmer- popd is known to hang up under certain conditions.
Any thoughts from the group???
If the sysadmin is reading your PGP mail, let him. It's very very unlikely that he has the resources available to crack a PGP message in this century. -- Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF
Greetings All,
Question for the group: I have encountered a situation that causes me to believe an ISP is snoopingthrough encrytped mail. It seems that PGP'd mail has aroused the curiosity of an ISP (not hooked.net).. I have encountered "POP3 account in use by another user" several times in the past few days and I am the only user... wondering if that "in use" messsage is the result of a clumsy sysadmin being caught with his hand in the cookie jar. Any thoughts from the group??? If those more knowledgeable than I deem these NOISE... my sincere apologies. All I got to say is that if a admin wanted to get your mail using POP3 would be last thing one would try. Since the admin reign over the machine he could just copy your mail file and do what he wishes at this
On Mon, 23 Sep 1996, Michael E. Carboy wrote: point. Besides most admins including myself really want to bother talking to users most of the time let alone read there mail. Carlos
Greetings All,
Question for the group: I have encountered a situation that causes me to believe an ISP is snoopingthrough encrytped mail. It seems that PGP'd mail has aroused the curiosity of an ISP (not hooked.net).. I have encountered "POP3 account in use by another user" several times in the past few days and I am the only user... wondering if that "in use" messsage is the result of a clumsy sysadmin being caught with his hand in the cookie jar. Any thoughts from the group??? If those more knowledgeable than I deem these NOISE... my sincere apologies.
An admin could just copy the mail spool file to a safer place, then read through at their leisure. Unless its someone totally clueless (which some ISP's are), I doubt that they are pulling off the pop3d. It could be that your mail spool file is locked by a mail transport agent, and that is why that error message is occuring. Any thoughts?
On Mon, 23 Sep 1996, Douglas R. Floyd wrote:
Greetings All,
Question for the group: I have encountered a situation that causes me to believe an ISP is snoopingthrough encrytped mail. It seems that PGP'd mail has aroused the curiosity of an ISP (not hooked.net).. I have encountered "POP3 account in use by another user" several times in the past few days and I am the only user... wondering if that "in use" messsage is the result of a clumsy sysadmin being caught with his hand in the cookie jar. Any thoughts from the group??? If those more knowledgeable than I deem these NOISE... my sincere apologies.
An admin could just copy the mail spool file to a safer place, then read through at their leisure.
Unless its someone totally clueless (which some ISP's are), I doubt that they are pulling off the pop3d. It could be that your mail spool file is locked by a mail transport agent, and that is why that error message is occuring.
Any thoughts?
This is probably somewhat system dependant, but I'm guessing that any lock on the file "could" generate the message that the account is "in use." Could be a lock which was not cleared from a previous session, a backup system that wants exclusive reads on the files, etc., not necessarily another POP3 session. As for the sysadmin side, yes, there are other, easier methods of getting at the mail file. OTOH, could be someone inside an ISP (or not), who does not have access to the file structure, but did somehow obtain passwords through other means. Any ISP of any size will have different levels of access for different employees, and the graveyard helpdesk shift can get fairly dull ... It is more than likely a system-related problem with a file lock, though. I'd suggest changing your password, and making sure that you don't use a dictionary word or obvious permutation thereof. If you continue to have problems, check with the ISP about your "technical difficulties", and see what they come up with. Just my $.02 - r.w.
Question for the group: I have encountered a situation that causes me to believe an ISP is snoopingthrough encrytped mail. It seems that PGP'd mail has aroused the curiosity of an ISP (not hooked.net).. I have encountered "POP3 account in use by another user" several times in the past few days and I am the only user... wondering if that "in use" messsage is the result of a clumsy sysadmin being caught with his hand in the cookie jar. Any thoughts from the group??? If those more knowledgeable than I deem these NOISE... my sincere apologies.
An admin could just copy the mail spool file to a safer place, then read through at their leisure.
Unless its someone totally clueless (which some ISP's are), I doubt that they are pulling off the pop3d. It could be that your mail spool file is locked by a mail transport agent, and that is why that error message is occuring.
Any thoughts?
As someone who has operated an ISP himself, I would say that the likelihood of this being a system problem is very high. Especially if this is a relatively new ISP, or if they've upgraded anything at all on their mail server, it's pretty easy to break the delicate balance of daemons and permissions such that this problem could easily occur. It's worth a call to their technical support line (I know.. I'm sure it's always busy) just to inform them of the problem. Sometimes it'll time out (if it's one kind of problem) and sometimes it'll hang there until a lock file is specifically removed (a different kind of problem). All other comments regarding the likelihood that a sysadmin would try to read mail in the real environment apply. Jason
-----BEGIN PGP SIGNED MESSAGE----- On Mon, 23 Sep 1996, Michael E. Carboy wrote:
Greetings All,
Question for the group: I have encountered a situation that causes me to believe an ISP is snoopingthrough encrytped mail. It seems that PGP'd mail has aroused the curiosity of an ISP (not hooked.net).. I have encountered "POP3 account in use by another user" several times in the past few days and I am the only user... wondering if that "in use" messsage is the result of a clumsy sysadmin being caught with his hand in the cookie jar. Any thoughts from the group??? If those more knowledgeable than I deem these NOISE... my sincere apologies.
Any sysadmin using POP3 to snoop through your mail would have to be a complete moron. It's much easier to just "cat /usr/spool/mail/user" which is undetectable. The sysadmin could then use touch to set the "last read" value to the previous value. Anyone with complete access to the POP3 server would be able to snoop through anyone's mail undetected. My guess is that you are getting that error from a stale lockfile. If any sysadmin is snooping through your mail, you wouldn't know it. Mark - -- PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMka/4CzIPc7jvyFpAQGc8gf/WgKKIzTnh+FO3V8YLEn4ZjFL1SVtMzyT SsOQ+DXiEPt4Cul4PKGaBtmkvJoVgUuVp6HanbQAtsQhCBi/P5xrVU2lvIjx4K/+ c0PfSmbpc8GrAy8QeCpGMRkBYOgPyqG3A+v7nG7NGcxsShiGewMbAfjpKz/mKjsU tqAc5VUHTAIbuvUW8OUss0u8/6DmRFcfxNmtGJXw7bgfnxilwpRsW5cUEyJaO0ni pBbiN41nssXP5pYN75odZBzEpycmwdRfLaEHCIV0yKFSfugYNI5mUWqpMVxe25bL csel/zdg07B3NRvLg3LJ6kf73WUS3U+KDl7Rgt7Yv0qbEZRl+hk4fA== =DIH1 -----END PGP SIGNATURE-----
participants (7)
-
Douglas R. Floyd -
Eric Murray -
Jason Vagner -
Mark M. -
Michael E. Carboy -
Rabid Wombat -
somebody@tempest.ashd.com