[mailhist-discuss] Question #2 for my story

Linda Hess linda.hess at gmail.com
Sun Mar 22 14:11:21 PDT 2015


Suzanne's mention of her mother using Eudora via a local ISP who sold pool
chemicals out of the same shed as the modem racks has actually given me a
direction. Thank you!

My first Internet access was dial-up to my employer's server. Employees
were encouraged to do that in 1994 until about 1996 at my company. Employee
use skyrocketed and the employer pulled back on serving as an ISP. Fair
enough.

My next access was AOL. I had a local access number, but there were the
monthly fees that were actually higher than an independent ISP, although
AOL fees did drop dramatically.

AOL was fairly clunky to use, though, and I did find a local ISP for a
reasonable fee (still dial-up!) in 1996. It's funny - I lived those early
days but didn't think of documenting them for later reference. So I
appreciate all of the input. It's a trip down memory lane for me.

I suspect it would have been easier to hack a local ISP's email system,
although do let me know if I'm wrong about that! Suzanne makes a valid
point that in a husband-wife scenario, the account could be manipulated
on-site, but that would take constant vigilance and no guarantee of
intercepting the offending email.

You can all rest assured that I'm not going to try to tackle the technical
details of how a hack would happen.

And I probably should mention that the "other person" lives in Canada, so
there are International implications. Did Canada have AOL at the time? I
don't remember. So the independent ISP is probably the way to go.

I really appreciate the time you all have put into helping me with this
point.

Thanks,
Linda

On Sun, Mar 22, 2015 at 3:25 PM, Suzanne Johnson <fuhn at pobox.com> wrote:

> You are not the only one without an AOL account.  The CDs were
> everywhere, but you did need to live close to one of their dial-ups in
> order to not incur heavy long distance phone charges for dialing in.  My
> mother lived near San Antonio, TX and a call to the closest number was
> long distance.  Fortunately, Local ISPs were springing up and helped
> folks solve this problem in many parts of the country. My mother was a
> happy user of Eudora as her mail program for many years on her local ISP
> (who sold pool chemicals out of the same shed housing the the modem racks).
>
> The other side of it, depending on where the characters lived, would be
> the folks who lived near Silicon Valley.  They might be using an early
> stage of Metricom's Ricochet network.
> See:  https://en.wikipedia.org/wiki/Ricochet_%28Internet_service%29
>
> As for a benevolent hacker who might be able to know how to accomplish
> this type of hacking, rather than an IT person, an engineer supporting
> an early CSNET installation might be more knowledgeable.    Though given
> that we are talking about a husband and wife, it still might be more
> likely that one would know, or could guess the other's password...and
> work directly on the account in that way.  This scenario would also
> require someone who really knew AOL mail internals from the '94
> timeframe to flesh out.
>
>    --Suzanne
>
>
>
> On 3/22/15 10:46 AM, Jack Haverty wrote:
> > On 03/20/2015 10:08 AM, Linda Hess wrote:
> >> Does anyone on the list know if it would be possible for someone to
> >> hack the account and redirect emails to a specific person so they
> >> don't get through?
> > Once you allow the existence of a benevolent hacker, almost anything was
> > possible.  The hacker could access the mail server system as
> > administrator/developer, and do all sorts of mischief.   So the short
> > answer is "Yes."
> >
> > The "redirect email for one specific addressee" scenario depends on the
> > details of the particular email system.   In the system I built (back in
> > the mid 70s) it would have been straightforward to create such behavior.
> >    In fact, that system had an annoying tendency to do such things on its
> > own, due to the bugs that I never managed to annihilate.   No hacker
> > needed...
> >
> > Of course, getting into a system as admin/developer probably required a
> > bit of work to get a password.  But systems were not always well
> > protected in those days - the focus was on just getting them to work at
> > all.   Given the stream of news stories about large systems and theft of
> > sensitive data, it seems that some systems aren't well enough protected
> > even today.
> >
> > You'd have to find someone familiar with the internals of AOL in those
> > days to find out how easy it was to hack into AOL back then to do any
> > specific mischief.  AOL is probably the most memorable public mail
> > service from the early 90s, as they carpeted the planet with CDROMs.
> > But they still exist, and might not appreciate the negative publicity.
> >
> > I don't think I ever had an AOL account (am I the only one?), but I had
> > a Compuserve account back in the late 80s, as well as an MCIMail account
> > (when was that Dave...?)   Also, by then there were commercial spinoffs
> > from the NSF Internet efforts, providing service to the public.  One was
> > PSI (Performance Systems International), which had a pretty large
> footprint.
> >
> > In addition to black-holing selected email, much other mischief was
> > straightforward.  E.G., sending an email which looked like it came from
> > someone else, or even intercepting an email, changing its contents, and
> > letting it then continue on to the recipient.   Lots of interesting
> > story elements there...
> >
> > HTH,
> > /Jack Haverty
> >
> > _______________________________________________
> > mailhist-discuss mailing list
> > mailhist-discuss at emailhistory.org
> > http://emailhistory.org/mailman/listinfo/mailhist-discuss
> >
>
> _______________________________________________
> mailhist-discuss mailing list
> mailhist-discuss at emailhistory.org
> http://emailhistory.org/mailman/listinfo/mailhist-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://emailhistory.org/pipermail/mailhist-discuss/attachments/20150322/4d6c4c94/attachment.html 


More information about the mailhist-discuss mailing list