HD6@PSUVMA.BITNET (11/22/87)
an episode in which user or users unknown attempted to pass themselves off
as another user (Rhonda Scribner). The occurence unsettled me sufficiently
to post an opinion regarding the matter (perhaps more forcefully than was
necessary, but I was *very* upset). After thinking about the matter for a
while longer, I decided that the problem was sufficiently serious to cross-
post to news.admin and news.sysadmin.
My position is that false postings are one of the most dangerous threats
to the ability of the net to operate as it does. If the possibility exists
for malicious individuals to forge postings, and, further, for other
individuals to send those postings, as "public information" to employers,
fellow workers, sysadmins, etc. of the person being forged, the whole
premise of the network system as a public forum for the free, relatively
unrestricted exchange of ideas comes into question.
Granted, forged postings are not, as of yet, a big problem, as they are not
yet common. I believe that the time to stop this from *becoming* a large
problem is now, and that somehow, the posting of information using the userids
of others, must be *most strongly* discouraged. I don't even want to go into
the whole legal problems created, but, granted that I am not a telcomm lawyer,
it seems significant that the majority of network traffic passes through FCC-
regulated lines. I, for one, believe that if the Federal government imposed
strict regulations/restrictions upon the network, (not likely, but definitely
possible), it would be the end of the system that we have here in any
recognizable form. Though it is a far-fetched example, kindly imagine
the results were the U.S. Postal Service given regulating power regarding the
transfer of Email (perish the thought).
If this posting seems to have a panicked tone, it is because the idea of
any network user having his/her userid forged with impunity has me scared
spitless at the potential concequences (take all possibilities to their
potential conclusions, and think about what you see). I am *not* asking for
net regulation or cancelling user accounts. I am asking that attention be
given to this matter: I find it to be a serious concern.
CELADHAEARN
[re-posted article follows below. ALL FOLLOW-UPS DELETE ALL BELOW--
THIS ARTICLE IS ALREADY TOO LARGE]:
In article <25756HD6@PSUVMA>, <HD6@PSUVMA.BITNET> [CELADHAEARN] says:
>
>In article <25742COK@PSUVMA>, (R. W. Clark) writes, s) <COK@PSUVMA.BITNET> says:
>>
>>I have been thinking long and hard on the matter of what justifies kicking
>>a person off the net. And in so considering, I've come to the conclusion to
>>do something extremely odd: defend Rhonda Scribner. I find the cowardly
>>attacks being made on her extremely disgusting in every way; those posted
>>from bitch@chinet and phonily posted from Rhonda's id, for example.
>> . . . I'd support their temporary removal from the net, until such time
>>as they prove mature enough to return.
>
> [further discussion of how the attacks on Rhonda are slander, and
> Eric Madding's tripe was not slander]
>>
>>So I say: find these people and discipline them.
>>-------
>>
>
> I give a [qualified] nod to this one. Whether or not E.M. Airwick's
>postings were legally slander (some of them are questionable), the true
>issue here is larger. While net users might occasionally cross the
>bounds of "good taste" (I find "good taste" appalling, myself), the
>forging of a userid takes away one of the most important (unwritten) laws
>for participating on the network in any form: the ability to confront,
>accuse, flame, agree with, support, tear apart the (logic?) of, etc.,
>one's fellow users.
> Even in the case of net users who post with pseudonyms, there is
>recognition of "who" a poster is. The name doesn't matter so much as
>the ability to attach a set of articles, beliefs, etc., to a name, and
>TO KNOW THAT ALL POSTINGS FROM A NAME ARE GENUINE. If someone posts from
>an assumed name, spouting all sorts of garbage that s/he would never send
>from his/her own userid, that's fine, AS LONG AS THAT ASSUMED NAME IS NOT
>ONE ALREADY KNOWN TO THE NETWORK COMMUNITY AS OWNED BY AN ESTABLISHED USER.
>...
>I.E., If you want to flame someone, DO IT--from you own account, and take
>responsibility (ooh, I can't believe I said the "R-word", damn!) for your
>words and beliefs. While I tend to be a net.anarchist, I am reasonable
>enough to realize that if there is no way for net users to be sure that
>the postings they read are genuine, and, more importantly, that they can't
>be sure that *they* won't be forged and attached to some inanities/insanities
>that aren't theirs, most folks won't risk/bother using the non-technical
>and unmoderated newsgroups any more (which will, of course, leave only those
>who have been false-posting left to prey on each other; perhaps that's what
>they plan, although I really shouldn't give them that much credit for
>thought or brains, as they've shown little enough of both thus far).
>
> I have great difficulty reconciling my belief in a "free" network
>system with advocating taking away someone's net privileges (I know that
>this is not a "free ($)" system, let's not rehash that one). I do however,
>feel that something must be done if timid cretenous slime like those currently
>posting using forged userids continue their brainless and potentially
>hazardous practice. Personally, I advocate finding these tremulous children
>(no insult intended to any children out there) and bashing their heads in with
>a rock. (Quick, to the point, and not too subtle for their tiny little brains
>to comprehend). Perhaps the Sysops at their site could perform this little
>favor for us? Please?
> In all seriousness, however, this has got to stop. Possibly those involved
>thought that they were just playing some kind of "cute little prank" (even
>though the lack of common sense and absense of inherent integrity involved is
>appalling.) The mental pygmies who forged Rhonda's userid need to realize
>(or be made to realize) that they/he/she/it did a *bad thing*. The network
>system is a good one,worth protecting,and the business of posting using an-
>other person's userid is one of the few things that could seriously damage the
>*usable* situation we have here. If you know who is committing the offending
>acts encourage the pinheaded individuals involved to cease and desist, or,
>better yet, send me their names and perhaps we can organize net.vigilante.
>
> Richard [it takes an awful lot to get me pissed] Carl Hoffman
> CELADHAEARN
>-------
>__ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __
( _X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X_ )
X : X
| | CELADHAEARN [R. Carl Hoffman] : " . .'scap jah matjan jah drighan,' | |
X 1:hd6@psuvm.bitnet (note change) : what worthy verse can sound when X
| | 2:hd6%psuvma.bitnet@psuvax1.uucp : such cries thicken !" Gildas | |
X_ __ __ __ __ __ __ __ __ __ __ __ _: __ __ __ __ __ __ __ __ __ __ __ __ _X
(__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__)
>
dhesi@bsu-cs.UUCP (Rahul Dhesi) (11/23/87)
In article <25760HD6@PSUVMA> HD6@PSUVMA.BITNET writes: >an episode in which user or users unknown attempted to pass themselves off >as another user (Rhonda Scribner). >...I decided that the problem was sufficiently serious to cross- >post to news.admin and news.sysadmin. I don't think this particular case is a serious problem. I saw some fake articles with Rhonda Scribner's name on them, but it was obvious that they originated elsewhere, because they all had a Sender: field with a different user id. In fact the ability to add an arbitrary From: field is useful because it allows a guest user to post under his or her own name. -- Rahul Dhesi UUCP: <backbones>!{iuvax,pur-ee,uunet}!bsu-cs!dhesi
ado@elsie.UUCP (11/24/87)
> . . .the ability to add an arbitrary From: field is useful because it > allows a guest user to post under his or her own name. Nope. If a user is going to be on a system for such a short time that they don't warrant their own account, they're not going to have the time to read the netiquette document and learn when it is and isn't appropriate to post articles. -- ado@vax2.nlm.nih.gov ADO, VAX, and NIH are trademarks of Ampex and DEC.
HD6@PSUVMA.BITNET (11/24/87)
In article <1574@bsu-cs.UUCP>, dhesi@bsu-cs.UUCP (Rahul Dhesi) says: >I don't think this particular case is a serious problem. I saw some >fake articles with Rhonda Scribner's name on them, but it was obvious >that they originated elsewhere, because they all had a Sender: field >with a different user id. In fact the ability to add an arbitrary >From: field is useful because it allows a guest user to post under his >or her own name. >-- >Rahul Dhesi UUCP: <backbones>!{iuvax,pur-ee,uunet}!bsu-cs!dhesi ------------------------------------------------------------------------- In reference to comments made about the earlier article: Unfortunately, we do not have a "Sender:" line displayed on the software running on the PSU machines, only From:, Subject: and Date:. Using this system, there is no way to distinguish falsified from genuine net postings for the casual user. If there had been an obvious way to distinguish between the two, I wouldn't have posted the diatribe that I did. For machines running different software, it would be significantly more difficult to post a forged article, but the problem remains one of net users *trying* and possibly succ- eeding in creating false postings, representing themselves as other, estab- lished users. If you read the original set of articles that spurred my posting (from alt.flames), you will find that the person/s involved contacted a system administrator in an unsuccessful attempt to obtain access to the account they later attempted to forge. The sysadmin did not allow access, so the person/s involved had to use a less plausible means of forgery. The fact that on some systems this forgery was discernable does not change the intent involved, and that is why I posted the article originally. CELADHAEARN ----------- Richard Hoffman *Email replies to hd6@psuvm.bitnet, ^ psuvm.bitnet!hd6, etc., please. ^
tim@ism780c.UUCP (Tim Smith) (11/24/87)
In article <7535@elsie.UUCP> ado@elsie.UUCP (Arthur David Olson) writes:
< > . . .the ability to add an arbitrary From: field is useful because it
< > allows a guest user to post under his or her own name.
<
< Nope. If a user is going to be on a system for such a short time that they
< don't warrant their own account, they're not going to have the time to
< read the netiquette document and learn when it is and isn't appropriate to
< post articles.
Often, they will have read the document on another machine. For instance,
I have sometimes found myself at a terminal at Caltech reading news over
the shoulder of a friend. If I want to respond to an article, I get him
to respond, and diddle the header so it looks like it is from me at ISC
rather than someone at Caltech.
--
Tim Smith, Knowledgian {sdcrdcf,uunet}!ism780c!tim
tim@ism780c.isc.combillw@killer.UUCP (11/24/87)
In article <7535@elsie.UUCP> ado@elsie.UUCP (Arthur David Olson) writes: >Nope. If a user is going to be on a system for such a short time that they >don't warrant their own account, they're not going to have the time to >read the netiquette document and learn when it is and isn't appropriate to >post articles. Nope. There are such things as shared accounts. There are people that know all about the net and netiquette, but happen to have no net contacts at the moment. -- Bill Wisner, HASA "A" Division ..{codas,ihnp4}!killer!billw Feel disillusioned? I've got some great new illusions...
ado@elsie.UUCP (Arthur David Olson) (11/26/87)
> > > . . .the ability to add an arbitrary From: field is useful > > > because it allows a guest user to post under his or her own name. > > . . .If a user is going to be on a system for such a short time that > > they don't warrant their own account, they're not going to have the time > > to. . .learn when it is and isn't appropriate to post articles. > There are people that know all about the net and netiquette, but happen > to have no net contacts at the moment. Such people won't have anything useful to set the "From:" field to. > . . .I have sometimes found myself [on another system] reading news over the > shoulder of a friend. If I want to respond to an article, I get him > to respond, and diddle the header so it looks like it is from me. . . It's surely better to put more thought into the followup posting, and post it to the net when you're back at your home system (after, of course, checking that someone else hasn't already posted a followup that says what you want to say). -- ado%elsie.uucp@ncifcrf.gov ADO and Elsie are Ampex and Borden trademarks
lyndon@ncc.UUCP (Lyndon Nerenberg) (11/27/87)
> Nope. If a user is going to be on a system for such a short time that they > don't warrant their own account, they're not going to have the time to > read the netiquette document and learn when it is and isn't appropriate to > post articles. This makes some very broad assumptions about guest users. We have a number of guest users spread across three systems who post on an infrequent basis from guest accounts. All these people are very familiar with how the net operates. The only reason they don't have their own logins is to discourage them from using the system on a regular basis (ie we are a bit short on resources right now :-)
owens@vtopus.cs.vt.edu (John Owens) (11/28/87)
In article <7536@elsie.UUCP>, ado@elsie.UUCP (Arthur David Olson) writes: > It's surely better to put more thought into the followup posting, and post it > to the net when you're back at your home system (after, of course, checking > that someone else hasn't already posted a followup that says what you want to > say). So here I am on a system that I have occasional access to, and on which I can read news. I have a perfectly valid mail address (to answer another message) that I'd rather have in the From: line, but I have to read and post from here. It's quite a useful thing to be able to do.... -John Owens Virginia Tech Communications Network Services OWENSJ@VTVM1.BITNET owens@vtopus.cs.vt.edu +1 703 961 7827 john@xanth.UUCP
jc@minya.UUCP (John Chambers) (11/28/87)
Say, why all the fuss? I mean, I can write a letter with your name and
address in the upper left hand corner, take it to the post office in your
home town, and mail it. This is easy (except for the cost of the plane
ticket to reach your home town :-). But nobody suggests that this is a
fatal flaw in the postal system, or that the whole system should be shut
down because of it.
I can also call someone up and claim I'm you, commit some slander, and
hang up. Everybody knows this, and sometimes people do it. But nobody
is shouting that it's a fatal flaw in the phone system, or that we must
shut down the phone system because of it.
Let's get real here. Any hacker with super-user access on a machine can
post news (or mail) with fake source info. If you have email or news on
a MS/DOS machine, there isn't even any security to defeat. But it's not
a fatal flaw, and we're not going to shut down email or netnews because
of it. We just need to be aware of the problem, and develop social/legal
means of dealing with it.
It's not new with computers. Slander and libel have existed for ages,
and we have (semi-effective) ways of dealing with it. Let's not pretend
that computers are something so new that centuries of experience should
be tossed out the window.
First off, maybe you should start reminding yourself, when you see an
offensive posting, that it just might not have been done by the person
named in the header or the signature. Before posting to the world, try
sending them email asking whether they really said that.
Also, if someone fakes your id, try posting a disclaimer immediately,
and ask the others on the network to track down the perpetrator. You
might be surprised at how effective that might be.
And in some cases, you'll find that the perpetrator was flakey software
that mangled the article.
--
John Chambers <{adelie,ima,maynard,mit-eddie}!minya!{jc,root}> (617/484-6393)billw@killer.UUCP (11/29/87)
In article <2208@killer.UUCP> billw@killer.UUCP (that's me) writes: >> There are people that know all about the net and netiquette, but happen >> to have no net contacts at the moment. In article <7536@elsie.UUCP> ado@elsie.UUCP (Arthur David Olson) writes: >Such people won't have anything useful to set the "From:" field to. Wrong again. I can personally name at least three net sites that are mail- only, and don't receive news. Many are even in the maps. Someone else, I've no idea who: >> . . .I have sometimes found myself [on another system] reading news over the >> shoulder of a friend. If I want to respond to an article, I get him >> to respond, and diddle the header so it looks like it is from me. . . Olson again: >It's surely better to put more thought into the followup posting, and post it >to the net when you're back at your home system (after, of course, checking >that someone else hasn't already posted a followup that says what you want to >say). Oh, come on. By the time you're back at your own system you've probably lost your train of thought, and anyway, there are hundreds of topics on this net (cf. rec.all, talk.all) that don't take very much thought to respond to. Just look at Rhonda Scribner. (And it's quite simple to dash off a response to ANY- THING that is strictly factual. "How do I get news patch #10?") -- Bill Wisner, HASA "A" Division ..{codas,ihnp4}!killer!billw Feel disillusioned? I've got some great new illusions...
jc@minya.UUCP (John Chambers) (12/04/87)
> < > . . .the ability to add an arbitrary From: field is useful because it > < > allows a guest user to post under his or her own name. > < Nope. If a user is going to be on a system for such a short time that they > < don't warrant their own account, they're not going to have the time to > < read the netiquette document and learn when it is and isn't appropriate to > < post articles. > Often, they will have read the document on another machine. For instance, > I have sometimes found myself at a terminal at Caltech reading news over > the shoulder of a friend. If I want to respond to an article, I get him > to respond, and diddle the header ... Among all the flames about fake postings, I've yet to see recognition that there is a very traditional use of "fake" mailings. Most people in the business world consider it totally normal (and not the least bit dishonest) for a secretary to heavily edit a boss's mailings, often to the extreme of writing the entire document from penciled notes, and putting the boss's name on the whole thing. So what, you say? That's business letters; this is Usenet. Well, that just shows how little the netters have appreciated what it takes to get into the business world. If Usenet is ever to be used outside the hacker community (and I'm not saying it should, just that it deserves thought), then the software MUST support this sort of fake posting. Most executives can't and won't ever read their own mail. It always has been and always will be intercepted and filtered by secretaries; that's why people hire them. The busy (you know, three-hour martini luncheons, etc.) executives won't do more than sketch out responses which the secretaries will type and post. But the posting, if it is to be credible, must have the boss's name on it, with possibly an extra header line with the secretary's id. I've long suspected that Usenet has serious commercial possibilities. But currently the design is hacker-friendly, not secretary-friendly. And some of the moral outrage is targeted against some very common (and not at all dishonest) business practices. Posting on behalf of another is just one of them. Does version C news support anything like this? -- John Chambers <{adelie,ima,maynard,mit-eddie}!minya!{jc,root}> (617/484-6393)
dww@stl.stc.co.uk (David Wright) (12/13/87)
In article <424@minya.UUCP> jc@minya.UUCP (John Chambers) writes:
#Most people in the business world consider it totally normal for a secretary
#to heavily edit a boss's mailings, ...
#putting the boss's name on the whole thing.
But before posting, either the boss reads, agrees and signs it, or if the
secretary sends it out without the boss seeing it first the secretary will
sign it 'pp' ("per pro", on behalf of) the nominal originator.
So there should be no confusion as to who actually posted the letter,
and no question of "forgery".
Usenet is used for different purposes to the standard business letter,
but a near equivalent practice would be TWO headings, one showing the
account the msg is posted from (unalterable except with root priv's),
the other an optional one that the poster could add - the meaning being
"posted from account <actual> by or for <whoever the poster wants to be called>"
This would not stop all forged headings - lots of posters have root priv's and
can re-write any program that they don't like - but it would be a standard
and sensible way for most people to use if posting for someone else or from
someone else's account.
--
Regards,
David Wright STL, London Road, Harlow, Essex CM17 9NA, UK
dww@stl.stc.co.uk <or> ...uunet!mcvax!ukc!stl!dww <or> PSI%234237100122::DWWjc@minya.UUCP (John Chambers) (12/26/87)
In article <597@acer.stl.stc.co.uk>, dww@stl.stc.co.uk (David Wright) writes: > In article <424@minya.UUCP> jc@minya.UUCP (John Chambers) writes: > #Most people in the business world consider it totally normal for a secretary > #to heavily edit a boss's mailings, ... putting the boss's name on the whole thing. > > But before posting, either the boss reads, agrees and signs it, or if the > secretary sends it out without the boss seeing it first the secretary will > sign it 'pp' ("per pro", on behalf of) the nominal originator. > So there should be no confusion as to who actually posted the letter, > and no question of "forgery". Sure; we all know this. But people have been saying that such "forgery" is wrong. If so, then a lot of secretaries are criminals. > Usenet is used for different purposes to the standard business letter, Yup, but there's this big market out there... > but a near equivalent practice would be TWO headings, one showing the > account the msg is posted from (unalterable except with root priv's), Good idea; how do I do it? Does the current news B release support it? Do sendmail, smail, mh, or any other email packages support it? How about all those mailers out there that shoot down any header lines ("Really-From:", "Zippy-Says:", etc.) that they don't recognize? Is there any reliable way of including a per pro line in current email? Or is this universally considered forgery? -- John Chambers <{adelie,ima,maynard,mit-eddie}!minya!{jc,root}> (617/484-6393)
rwhite@nusdhub.UUCP (Robert C. White Jr.) (01/07/88)
Forgery is, essentally, acting for or as another with intent to defraud. I dont know the whole definition, but I do know the "intent to defraud" _must_ be present for something to be forgery Rob.