[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: penet hack



    Date: Sun, 31 Jul 94 14:18:48 GMT
    From: Jim Dixon <[email protected]>
    
    I got a message from anon.penet.fi this morning:
    
    > You have sent a message using the anonymous contact service.
    > You have been allocated the code name an118709.

This is a direct result of the following:

    Date: Sun, 31 Jul 94 08:32:24 PDT
    From: [email protected]
    Subject: Majordomo results

    >>>> who cypherpunks
    Members of list 'cypherpunks':

    . . .

    [email protected]

So, anything that you send to cypherpunks also goes to this loser, who
then can associate your two identities.  Since your an*@anon.penet.fi
address was just allocated, you have not been compromised very badly.

It's possible that this person is simply ignorant rather than
malicious.  Subscribing as [email protected] would have given the
subscription anon.penet.fi-level security without compromising other
users of that service.

The people with the most exposure are those who use anon.penet.fi but
who do not use the X-Anon-Password feature.  If you use a password and
send a message to cypherpunks, you should get a message from
anon.penet.fi saying that you forgot to use your password when you
sent the message, but the loser will not get the (un)anonymized
version of your cypherpunks message.  Of course, there's marginal
security even with the password feature as the password is transmitted
as plaintext.

			Rick