dsill@ark1.nswc.navy.mil (Dave Sill) (10/31/89)
In article <6037@tank.uchicago.edu>, toto@tank.uchicago.edu (Sandra Jessica Smyth) writes: > Now, is it obvious why we don't need discussions of how postings can > be forged? No, it's not. Perhaps if we (the set of all USENET administrators) knew how postings were forged, we'd know how to stop forgeries. I'd rather have a short period during which the forgery rate is expected to be high followed by a long period of no forgeries than a long period of unexpected forgeries. What is obvious to me, though, (even if you don't buy the above) is that we need to discuss how to recognize a forged posting. My guess is that you looked at the Path: entry in the header and saw that gryphon was linked to the wrong system. (Just a guess.) Another thing that's not obvious to me is why Richard didn't expose the forgery. Dave Sill (dsill@relay.nswc.navy.mil)
chuq@Apple.COM (Chuq Von Rospach) (10/31/89)
>No, it's not. Perhaps if we (the set of all USENET administrators) >knew how postings were forged, we'd know how to stop forgeries. Actually, no. I've got an article I wrote for moderators/usenet admins/hackers and etc a few years ago on how to forge messages. It was also (accidentally) posted to RISKS, so it might be in the archives there. If people really want it, I suppose I could post it, since there are no real secrets to it -- it's fairly trivial if you understand both USENET and the transfer mechanisms. It's also a security hole that has completely defied plugging, simply because the information you need to plug it is unavailable and there's no way to (practically) make that information available, thanks to certain protocol limitations. >I'd >rather have a short period during which the forgery rate is expected >to be high followed by a long period of no forgeries than a long >period of unexpected forgeries. Well, it didn't happen when it was posted to RISKS, but perhaps that was an obscure enough release that the idiots didn't notice it. More likely, most people wouldn't bother, or might post post one or two for the thrill of it and then move on to some other amusement... >What is obvious to me, though, (even if you don't buy the above) is >that we need to discuss how to recognize a forged posting. A good forgery is almost untraceable. I might point out, for instance, that technically speaking all the newgroups I posted when I was newgroup czar are forgeries, as while zamboni.apple.com exists, it's neither attached to an outside network nor does it run usenet. And, if it matters, I don't become Mr. USENET on Apple.com when I send it out, so I don't have priviledges to do so when I do it (I could, but it's easier this way). >Another thing that's not obvious to me is why Richard didn't expose >the forgery. One aspect of a forgery is that the person who is being forged doesn't see the message, because of an obscure aspect of the propogation code in USENET. USENET software looks at the Path: variable and if a hostname in your sys file is in the Path:, it won't send the message, since by definition that machine has seen it already. So putting "gryphon" in the path makes sure the message never gets to "gryphon". (which actually has practical uses of its own, if you think of it). -- Chuq Von Rospach <+> Editor,OtherRealms <+> Member SFWA/ASFA chuq@apple.com <+> CI$: 73317,635 <+> [This is myself speaking] Trust Mama Nature to remind us just how important things like sci.aquaria's name really is in the scheme of things.
hb@uvaarpa.virginia.edu (Hank Bovis) (10/31/89)
In article <36049@apple.Apple.COM> chuq@Apple.COM (Chuq Von Rospach) writes:
[Attribution for the following lost. --hb]
##No, it's not. Perhaps if we (the set of all USENET administrators)
##knew how postings were forged, we'd know how to stop forgeries.
Or perhaps not, at least not in any meaningful sense. Depending
on the method, it might be that the only way to stop the forgery
be to stop the *genuine* article as well.
#One aspect of a forgery is that the person who is being forged doesn't see
#the message ...
#USENET software looks at the Path: variable and if a hostname in
#your sys file is in the Path:, it won't send the message, since by
#definition that machine has seen it already. So putting [<x>] in the
#path makes sure the message never gets to [<x>].
Also not necessarily true. I've seen counterexamples to this.
#Chuq Von Rospach <+# Editor,OtherRealms <+# Member SFWA/ASFA
#chuq@apple.com <+# CI$: 73317,635 <+# [This is myself speaking]
hb
--
Hank Bovis (hb@Virginia.EDU, hb@Virginia.BITNET)
** Vote YES to sci.aquaria; send votes to richard@gryphon.COM. **
dsill@ark1.nswc.navy.mil (k30b) (10/31/89)
In article <36049@apple.Apple.COM>, chuq@Apple.COM (Chuq Von Rospach) writes: > >No, it's not. Perhaps if we (the set of all USENET administrators) > >knew how postings were forged, we'd know how to stop forgeries. > > Actually, no. Well, I did say *perhaps*. It at least was not obviously unnecessary to talk about the how-tos of forgery, as 6037@tank.uchicago.edu suggested. > >Another thing that's not obvious to me is why Richard didn't expose > >the forgery. > > One aspect of a forgery is that the person who is being forged doesn't see > the message, because of an obscure aspect of the propogation code in > USENET. He would have seen your reply, though. Dave Sill (dsill@relay.nswc.navy.mil)
henry@utzoo.uucp (Henry Spencer) (10/31/89)
In article <212@ark1.nswc.navy.mil> Dave Sill <dsill@relay.nswc.navy.mil> writes: >... Perhaps if we (the set of all USENET administrators) >knew how postings were forged, we'd know how to stop forgeries... Nope. The problem is not fixable. It is marginally practical, at quite considerable cost, for moderated groups -- we looked at doing this in C News, although our conclusion was "too much hassle" -- but just isn't possible otherwise. -- A bit of tolerance is worth a | Henry Spencer at U of Toronto Zoology megabyte of flaming. | uunet!attcan!utzoo!henry henry@zoo.toronto.edu