[Obviously, this passwd file couldn't have been recreated to this level as she claims. This mail proves she had knowledge of at least one of the attackers, and was unwilling to provide me with that information.] From cmeinel@techbroker.com Thu Feb 5 12:40:39 1998 Received: from Rt66.com (root@mack.rt66.com [198.59.162.1]) by blackhole.dimensional.com (8.8.7/8.8.nospam) with ESMTP id IAA18848 for ; Thu, 5 Feb 1998 08:18:47 -0700 (MST) Received: from Lovely_lady (pma29.rt66.com [198.59.176.190]) by Rt66.com (8.8.7/8.8.6) with SMTP id IAA05322 for ; Thu, 5 Feb 1998 08:20:10 -0700 (MST) Date: Thu, 5 Feb 1998 08:20:10 -0700 (MST) Message-Id: <2.2.16.19980205081735.10df6e4e@techbroker.com> X-Sender: cmeinel@techbroker.com X-Mailer: Windows Eudora Pro Version 2.2 (16) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: jericho@dimensional.com From: "Carolyn P. Meinel" Subject: Does this look familar? Brain, anyone could have created this password file simply by using info on who had been sending mail from sekurity.org. I'm not going to fall for the idea that it is proof someone has broken into your box. Your experience with that so-called bash history file taught me a thing or two:):) Hopwever, if this builds up into a major assault on Dimensional for hosting the static IPs for 303 and sekurity, I will be delighted to write it up for a GTMHH and the Hacker Wars book I'm working on now, and to cooperate fully with the FBI. I have made no agreements with ANYONE to hide felonies in exchange for inside information. root:x:0:0:root,,,:/root:/bin/bash bin:x:1:1:bin:/bin:/dev/null daemon:x:2:2:daemon:/sbin:/dev/null adm:x:3:4:adm:/var/adm:/dev/null lp:x:4:7:lp:/var/spool/lpd:/dev/null admin:x:6:100:sekurity admin:/home/admin:/bin/bash mail:x:8:12:mail:/var/spool/mail:/dev/null news:x:9:13:news:/usr/lib/news:/dev/null uucp:x:10:14:uucp:/var/spool/uucppublic:/dev/null nobody:x:65534:100:nobody:/dev/null: info:x:11:100:system info:/home/.info:/bin/pine ftp:x:404:1::/home/ftp:/bin/false guest:x:405:100:guest:/dev/null:/dev/null alias:x:9901:2108:alias:/var/qmail/alias:/bin/true jericho:x:1000:100:Perpetual Abuse:/home/jericho:/bin/bash tpublic:x:1001:100:John Q. Public:/home/tpublic:/bin/bash rage:x:1002:100:the alien,,,:/home/rage:/bin/bash tacd:x:1003:100:TACD,,,:/home/tacd:/bin/bash swb:x:1004:100:Scott W. Bell:/home/swb:/bin/bash cavalier:x:1007:100:Carl Valier:/home/cavalier:/bin/bash voyager:x:1008:100:Vance Yager:/home/voyager:/bin/bash phalanx:x:1010:100:phalanx:/home/phalanx:/bin/false sekmail:x:1016:100:Sekurity.Org Mail Administration,,,:/home/sekmail:/bin/bash bogus:x:1021:100:Ignore -- Test,,,:/home/bogus:/bin/bash major:x:1027:100:Mark Jor:/home/major:/bin/bash demonika:x:1036:99:Monika DeMire:/home/demonika:/bin/bash shok:x:1083:100:Shok,,,:/home/shok:/bin/bash mdy:x:9933:100:Modify,,,:/home/mdy:/bin/bash preacher:x:2000:100:Preacher:/home/preacher:/bin/tcsh bmartin:x:2001:100:Brian Martin:/home/bmartin:/bin/bash presence:x:1011:100:The Presence:/home/presence:/bin/bash peedee:*:9934:100:peedee:/home/peedee:/bin/bash fyber:*:9935:100:fyber:/home/fyber:/bin/bash drno:*:9936:100:Doctor No:/home/drno:/bin/tcsh jobe:*:9937:100:Jobe:/home/jobe:/bin/bash radium:*:9938:100:Radium:/home/radium:/bin/bash trensant:*:10001:99:trensant:/home/trensant:/bin/pine vol:*:10002:100:Volatile:/home/vol:/bin/bash solar:*:10003:100:Solar Diz:/home/solar:/bin/bash Carolyn Meinel M/B Research -- The Technology Brokers http://techbroker.com "Inside every digital circuit, there's an analog signal screaming to get out." -- Al Kovalick, Hewlett-Packard "Hex, Bugs, Rock & Roll" -- Bruce Conklin, Space Dynamics Lab, Utah State U.