[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Anonymous message failed (wrong password) (fwd)

To: [email protected], [email protected]
Subject: Anonymous message failed (wrong password) (fwd)
From: Richard Johnson <[email protected]>
Date: Mon, 1 Aug 1994 16:23:17 -0600 (MDT)
Sender: [email protected]

------- Forwarded message:
| From: [email protected]
| Date: Mon, 1 Aug 94 22:15:07 +0300
| Subject: Anonymous message failed (wrong password)
| 
| The message you sent to the anonymous server could not be processed, as your
| password (in the X-Anon-Password: header) didn't match the one stored in the
| server. Either you have made a mistake, or somebody has used your account and
| changed the password. If the latter is the case, please contact
| [email protected].

Julf -

You need to add something to that message.  I made no mistake, and no-one
has changed my password.  I simply mailed to a mailing list that has an
[email protected] address subscribed.  Your service is too insecure to
notice :-), and automatically 'out's anyone who unknowingly posts to such
a list.  All someone has to do is subscribe via an anon ID, and via a
non-anon ID, then compare messages to associate anon IDs with regular
addresses.

How about adding: "Either you mailed to a list to which an anonymous ID
has been subscribed, you have made a mistake, or...."

I'd also strongly suggest that you stop automatically allocating anon IDs
for folks who don't mail directly to your service.  Perhaps you could
reduce the load on your machine (and increase user security) by sending
directly to the bit-bucket any messages where the Sender: and From:
headers don't at least come from the same domain?

Prev by Date: Re: Anonymous code name allocated. // penet hack
Next by Date: Re: Labeling Usenet articles.
Prev by thread: Re: Encrypted text illegal across US borders?
Next by thread: Encryption in Fiction (DKM's _The Long Run_)
Index(es):
- Date
- Thread