|
|
| Author |
Message |
jstraw
|
|
Refugees From The WELL
| 
Feb 21 20:10 UTC 1995 |
Who is here?
|
| 69 responses total. |
jstraw
|
|
response 1 of 69:
|
Feb 21 20:11 UTC 1995 |
Well, obviously, *I* am. :-)
|
hchan
|
|
response 2 of 69:
|
Feb 21 20:22 UTC 1995 |
Well, I wouldn't call myself a "refugee", but here I am. Looks like
a nice place here.
|
steve
|
|
response 3 of 69:
|
Feb 21 20:28 UTC 1995 |
I wonder why that particular title was chosen for this item. Has
there been some sort of policy change there or something?
|
carson
|
|
response 4 of 69:
|
Feb 21 22:34 UTC 1995 |
I wonder too.
Brenner and bubbles are sort of refugees.
|
brenner
|
|
response 5 of 69:
|
Feb 22 01:47 UTC 1995 |
The well has been down for two days.
Is bubbles still around?
|
jstraw
|
|
response 6 of 69:
|
Feb 22 01:47 UTC 1995 |
No policy change, just 2 days of downtime for a hardware and security upgrade
due to some major system cracking you may have read about in the national
press. Keven Mitnick...are you familiar with this? Made the New York Times.
Anyway, I'm Michael Newman, 4.5 year veteran of the WELL, and host of several
conferences over there. Nice to be here.
|
jstraw
|
|
response 7 of 69:
|
Feb 22 01:50 UTC 1995 |
brenner slipped in (so, that happens here too) FYMW ;-)
|
raven
|
|
response 8 of 69:
|
Feb 22 01:52 UTC 1995 |
Nice to have you here jstraw. Have you checked out the other
conferences. The cyberpunk conference that I fairwitness has some
info on Mitnick's latest activities.
|
steve
|
|
response 9 of 69:
|
Feb 22 02:32 UTC 1995 |
Welcome to Grex Michael. Hope you stick around after the Well comes
back up. Hopefully the security measures being taken will do the intended
things, and not create any new holes. I hadn't known about Mitnick using
the Well.
|
scg
|
|
response 10 of 69:
|
Feb 22 04:12 UTC 1995 |
From what I read, the people who run The Well sat there and watched as
Mitnick hacked at them for several weeks, so as not to tip him off that he
was being watched. It was by watching him on The Well that the Feds were
able to figure out where he was.
|
omni
|
|
response 11 of 69:
|
Feb 22 05:49 UTC 1995 |
Welcome to Grex, everyone. Hope you find Grex to be better than the Well.
(it is!)
|
nephi
|
|
response 12 of 69:
|
Feb 22 08:10 UTC 1995 |
What is the address of the WELL? Also, I'm very curious about Mitnick.
What is the story concerning him?
|
popcorn
|
|
response 13 of 69:
|
Feb 22 15:55 UTC 1995 |
This response has been erased.
|
srw
|
|
response 14 of 69:
|
Feb 22 16:02 UTC 1995 |
Wow! Welcome to Grex all of you from the Well.
I had entered these comments on Monday in our cyberpunk conference (j cyber),
but there has been no response there. I don't think too many people
are paying attention to that conference.
---copied from cyberpunk---
Has any reader of this conference been following the exploits of
Kevin Mitnick? He broke into the Well and netcom.com recently,
obtained root, read people's mail, stole the credit card numbers of all
the paying accounts, and then used IP spoofing to get past the firewall
protecting Tsumomu Shimomura's computers - stealing security programs.
Shimomura is a noted internet security expert, and worked with the FBI to
track Mitchnik down. Mitchnik was in Raleigh NC, using a cellular phone
system to do all his hacking. The authorities traced the phone usage
to the location and arrested him.
Mitnick had been underground for two years, as he was wanted for other
crimes. A lot of this has been printed in mainstream papers like the
New York Times. See Sunday's "News of the week in review" NYT section
for an interesting perspective by John Markoff.
---end of copy----
As a staff member here on Grex, I breathe a sigh of relief whenever this
type of person is captured. I tip my hat to anyone who helped in the capture.
Nevertheless one must recongize that the people running the Well were
faced with a difficult ethical problem. They contributed to the capture
of Mitnick by not tipping their hand to him, at the expense of the
privacy of Well participants. I don't know how I could have handled that
choice. I might have done the same, but I wouldn't have slept well.
One more thing. I just noted that in today's NY Times Business section
(2/22 page C1) there is an article by Peter H. Lewis on this break-in.
It contains details of the sequence of events in the IP-spoofing attack
of Dec 25, which I haven't had time to digest yet.
|
peacefrg
|
|
response 15 of 69:
|
Feb 22 16:38 UTC 1995 |
Whoa, I hadn't heard about that. I was thinking about jin ing the well when I
first got on line. Too expensive though
|
tsty
|
|
response 16 of 69:
|
Feb 22 18:07 UTC 1995 |
If the well (or any other accessible ssytem for that matter) +keeps+
the cardit card numbers and other related data ON LINE - - it's
like dangling minnows in front of hungry bass!
Glad to know about the well's "policy and procedure!" Won't see
my young butt over there - and you can tell them I said so, fwiw.
good luck to the rest of you - - and WELOCOME to Grex, we do NOT
keep such stuff on line (of course we con't collect it either, but
that's not the point).
|
raven
|
|
response 17 of 69:
|
Feb 22 18:57 UTC 1995 |
re # 14 Speak for yourself about people paying attention to the cyberpunk
conf, considering it's only a couple months old I think it's rather
healthy.
set drift=off
|
ajax
|
|
response 18 of 69:
|
Feb 22 20:36 UTC 1995 |
TS, I'd agree, I'm very surprised they'd keep CC#'s online! I think
one part of security planning on a system like Grex or the Well should
be to acknowledge that root will get cracked from time to time, and to
avoid unnecessary fallout when it happens. It might be nice to keep
some fake "flag" CC#'s online though, that could alert CC companies to
a thief's whereabouts.
|
jstraw
|
|
response 19 of 69:
|
Feb 23 05:18 UTC 1995 |
Well, the WELL is back up, and ye, here I am. :-)
There is much controversy surrounding the WELL's handling of the Mitnick
affair. I wish I was more technically oriented, then I could explain. Maybe
Anita could take a stab at it.
I can't say that I'll ever see that Grex is better, for the simple reason that
your pico is so primative. We have a wizard named Bryan Higgans that has
enhanced picospan beyonf MW's wildest dreams.
No offence intended.
Since this place seems to be *free*, I'm sure I'll gradually poke and prod my
way about.
Incidently, one of the confs I host on the WELL is the Midwest conf. I live in
Topeka, KS, and grew up in Omaha, and Chicago.
|
raven
|
|
response 20 of 69:
|
Feb 23 05:35 UTC 1995 |
Out here on the frontier of the net, we like our pico rough and tough.
:-) :-)
|
brenner
|
|
response 21 of 69:
|
Feb 23 07:45 UTC 1995 |
There is a program on the WELL called "post" which is the basis for a lot
of pico-enhacing scripts. I like pico a lot, btw. it is better than caucus
for brainstarming.
As for the WELL, it is not clear what happened. A lot of us
understood the need for secrecy before the monitoring
of the WELL, but were dissapointed that most of what we learned
after came from newspapers and not management.
it *is* a tough ethical choice --- do you sacrifice the
privacy of the users to capture a hacker? But on the WELL,
where bounced mail goes in its entirety (not just headers)
to the postmaster (sysop), I am not sure what the level
commitment is to user privacy.
All of this, plus other issues, are affecting the WELL
right now.
|
ajax
|
|
response 22 of 69:
|
Feb 23 10:41 UTC 1995 |
Interesting. Maybe on Grex we should poll members for what we'd want staff
to do if a similar situation came up, since they can't very well ask how
secret to be in the midst of such a hackathon.
|
steve
|
|
response 23 of 69:
|
Feb 23 13:05 UTC 1995 |
The only problem with that is that depending on circumstances, the
best thing to do might be the other option.
There is *no* ruleset that can be made in advance to deal with vandals.
Each occurance has its own set of problems and oppurtunities. Ugh.
I do understand that the people over on the Well went through in
dealing with Mitnick. Forunately, we've never had to deal with this
kind of problem--the only time I actually saw a vandal start reading
someone elses mail, I blew him (it?) off the system; it didn't realize
that I'd been watching it for half an hour, seeing what it did.
But if we had a real, ongoing problem, it might be needed to 'bait'
the person to keep them online as tracing commenced. I hope we never
are in that position, and have to think about things like this.
|
srw
|
|
response 24 of 69:
|
Feb 24 02:48 UTC 1995 |
Tom Digby (bubbles) used to hang out on Grex a lot. He was a
veteran of the Well, and he also extolled the virtues of their
enhancements to picospan. I hope our lack of features will not scare
others from the Well away.
I don't really have any facts about what was stolen.
Credit card info was supposed to have been taken , though, but
netcom.com was also broken into and involved, somehow.
I read this in the newspaper.
I would also point out in defense of the Well that it is common internet
practice to send complete bounced mail to the postmaster. If you are
concerned about email security, you should be using PGP. There is
now a legal version, but that's drift.
I think it would be an interesting discussion (perhaps in coop) to
delve into the ethical questions facing the Grex staff in the hypothetical
situation where we are invaded and then law enforcement asks us to
keep 'hands off' until the trap is set.
|