[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Anonymous Remailers, WB etc.
If I were chartered to be prepared to find the source
of anonymous mail, and had the money, attitude and
resources that skeptics among us assume are available
for such efforts, here is how I would proceed. This plan
is due, in part, to my experience in building secure operating
systems.
I would catalog the various weaknesses of Unix and perhaps
other systems where the remailers live.
I would make a list of remailers and suspected remailers.
I would design programs that would inhabit the remailer machines
benignly except for gathering information that I need.
Such efforts are a natural by product of the public NCSC charter
to know OS weaknesses.
I would further examine the IP protocols for weaknesses.
Those protocols trust not only the machines thru which the
data flows but also trusts other machines on the net not to
introduce phony datagrams that at least bolix legitimate
traffic and may well spoof it. This is aided by a real time
passive tap on the links carrying the legitimate traffic.
It is not the style of this group to study OS security and I don't
propose to change the style. OS security and protocol security may,
however, be an Achilles heel to anonymity.