[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (fwd) Possible compromise of anon.penet.fi
> From: [email protected] (Paul Barnett)
> Newsgroups: alt.privacy
....
> Someone has been collecting email addresses, apparently from postings
> to Usenet, and forging them to anonymous postings through
> anon.penet.fi to alt.test.
......
> My condolences to those people that have been caught in this net.
> This is one of the most despicable forms of net.terrorism that I have
> encountered.
It's an interesting weakness, and at least as serious as the
naXXXXX / anXXXXX problem that reveals your identity if you send
email to another anonym.
The one anonym I've used on anon.penet.fi is already known to at
least one other person (to whom I'd sent mail about the fact that
they'd included their .signature in an anonymous article :-)
I disagree with the "despicable" opinion, though it's certainly a
serious problem and it would certainly have been nicer if the
cracker had done only a limited number as a demonstration (maybe this
counts; I don't know.) BUt if our tools have technical weaknesses,
it's *much* nicer to find out from a non-police-agency cracker than
to learn about it when they start knocking on your door.
It sounds like there's a need to separate the email and news-posting
parts of the anon.penet.fi software, or go to stronger anon-reply
methods like the one on the newer cypherpunks remailers.
Bill
# Bill Stewart AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email [email protected] [email protected]
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465