Carolyn P. Meinel Hall of Shame
Technical Wonder: Secure WHat?


[Early on in her "career" as a hacker/security guru, Carolyn made
 this beauty of a post.]

Date: Tue, 3 Dec 1996 10:02:46 -0700 (MST)
From: Carolyn Meinel 
Cc: dc-stuff@dis.org
Subject: re: Jericho?

> Its amusing watching a newbie insult a virus writer over who taught the
> other how to forge email though.

Actually what is even more humorous is exploring the relationships among 
dimensional.com, lemming.com, and why one has most of its ports shut down 
but the other is wide open. And what *IS* that program running on 
lemming's port 22? People want to know.

[The signifigance here is that Carolyn is asking what is running on port 
 22 of this system. A quick check in the port assignments and we see
 that port 22 is reserved for SSH (Secure Shell), which provides encrypted
 communication between two hosts. It is designed to be a secure replace
 for telnet, yet she isn't familiar with it.

 To make matters worse, several people reply to her and explain
 all of this. Here is Route's reply:]

On Tue, 3 Dec 1996 route@onyx.infonexus.com wrote:
> 
>  How can you claim to know ANYTHING about computer security, hacking,
>  TCP/IP, *or even unix*, for that matter, when you A) don't understand 
>  the security benefits of reducing the amount of offered TCP/UDP services,
>  B) can't figure out how to look up a TCP port and, C) don't know what 
>  SSH is?  Stick to your creative writing.  At least with fiction, you 
>  can't be so blatantly wrong.

[So everything is cleared up, and she realizes that she has been
 caught in the act of pretending to know so much. But, she can't
 lose face... and comes back with this:]

Date: Tue, 3 Dec 1996 15:59:54 -0700 (MST)
From: Carolyn Meinel 
Cc: dc-stuff@dis.org
Subject: Re: Jericho?

If you subscribed to the Happy Hacker list you would have seen a recent
post in which I told the readers where to get *all* port assignment info.
I'll soon tell them where to download free SSH 1.2.17 and view the
FAQ. But obviously you dc-stuff guys don't need that info. I'm sure Damien
Sorder has a perfectly good reason to be running 1.2.14 on lemming.com.
But I guess he misunderstood my question!;^)

[The question was very clear, and I answered it in very simple terms.
 She told her readers where to get the port assignments after two people
 quoted URLs to that information, and only learned what SSH was after
 others had replied to her original post. 

 The next thing to ponder is why she is asking about the relationship
 between lemming.com (my old domain) and dimensional.com. Any four
 day old hacker knows about the utility called "traceroute" which will
 show the path between you and a remote host. Checking it while lemming
 was up would have revealed that all traffic went from one of the
 national backbones, to dimensional.com, to lemming.com .. so an
 educated guess would have been that lemming.com was a customer of 
 dimensional.com .. and fingering info@lemming.com would have verified
 that as well.]