root@mgvax.UUCP (04/18/87)
In faked article <666@prometheus.UUCP>, arndt@prometheus.UUCP (ken arndt) is supposed to have writen: > Oh Dear. Children. Be warned. Some person for some reason is sending > messages via "prometheus.UUCP!arndt" claiming to be ME!! Imagine that. [munch...] This was the path I found to my site: Path: mgvax!watmath!clyde!rutgers!mit-eddie !genrad!decvax!ucbvax!prometheus.UUCP!arndt The greatest common root path shows that likely mit-eddie pulling this stunt for this particular case [ not others ]... The REAL problem with this sort of trick is that the faked messages will bounce real articles from prometheus.UUCP when/if the ID _matches_ because news rejects duplicate incoming messages... What can be done about this is that the greatest common root path can be found by collecting paths from the news logs at major sites. While people can fake a path that routes through their site , their site name and the path to the destination can not be faked without help further down the link. Of course these are well known problems with news, but then again the software was writen for honest people... I would be interested in the "Path:" lines of the following news posting from various site admins. [ /usr/lib/news/log or such ]. I have already been looked into the UUCP map database, the two following article were likely faked ... _if_ the maps are up todate, and also by noting that the article ID's were a few days out of sync with 'real' postings from prometheus... Apr 11 17:22 <607@prometheus.UUCP> ng talk.religion.misc Apr 11 17:23 <606@prometheus.UUCP> ng talk.religion.misc Best Regards, # At Home: watmath!mgvax!root, watmath!mgvax!mike # Note: do not use an '@' in a path to 'mgvax' (old mail software)
root@mgvax.UUCP (04/19/87)
This is a follow up to my last posting. See also <1128@cartan.Berkely.EDU> for other possible related details, this may repeat some of what Gene has said...: The following 4 postings in talk.religion.misc are *_fakes_*: <606@prometheus.UUCP> <607@prometheus.UUCP> <9578@decwrl.DEC.COM> <666@prometheus.UUCP> The content of this postings contains evidence to attempt to support this claim. Various reference articles are used for dates , messages-ids and default posting paths... Other messages are included that reference Ken Arndt or Paul Koloc in the subject line. Checking the map database shows that Paul Kaloc could not have forged the messages because he does not share an interconnect to a machine that could forge a path found in the faked articles above. Ken Arndt could not have likely faked the messages either because in one case the posting did not have the correct path and the two other cases had the incorrect site/interconnect according to the map database... It is possible to find out where the articles were faked IF several people from various sites were to provide the 'Path:' line found in the above faked messages. Checking the messages against the map database should verify the site at which the messages were faked. However, it is still possible that an aliased account exists on a machine that allows the faked postings to be done remotely. It is still possible to have site admins check their log/history files to see if this has happened. A very serious problem is evident in that the faked article will in fact _bounce_ REAL articles from 'prometheus' and 'decwrl' when the 'seq' file reaches the number found in the faked posting... Paul Koloc has also had several of his postings tampered with by a valspeak filter. Paul has had to issue various cancel messages for those postings he found that were tampered with. I feel that this problem is very serious and urge site admins to participate in helping to find out who is doing this... Hopefully the data in this posting will help. <618@prometheus.UUCP> 04/07/87 11:57 **** ID reference, next 619 Path: mgvax!watmath!clyde!rutgers!seismo!mimsy!prometheus!pmk From: pmk@prometheus.UUCP (Paul M Koloc) Subject: Re: AIDS misinformation and Paul Koloc Date: 6 Apr 87 18:19:40 GMT <606@prometheus.UUCP> 04/11/87 22:23 **** ID error, last 618, next 619 Path: mgvax!watmath!clyde!rutgers!husc6!panda!genrad!decvax!ucbvax !prometheus.UUCP!arndt From: arndt@prometheus.UUCP (ken arndt) Subject: Re: WARNING: *** Koloc Alert *** Date: 9 Apr 87 14:59:45 GMT <607@prometheus.UUCP> 04/11/87 22:22 **** ID error, last 618, next 619 Path: mgvax!watmath!clyde!rutgers!husc6!panda!genrad!decvax!ucbvax !prometheus.UUCP!arndt From: arndt@prometheus.UUCP (ken arndt) Subject: Re: Praise for a thinking Christian Date: 9 Apr 87 15:00:15 GMT <619@prometheus.UUCP> 04/11/87 22:32 **** ID reference, last 618 Path: mgvax!watmath!clyde!rutgers!seismo!mimsy!prometheus!pmk From: pmk@prometheus.UUCP (Paul M Koloc) Subject: Re: Defense vs. Offense Date: 6 Apr 87 19:50:10 GMT <5433@eddie.MIT.EDU> 04/11/87 22:39 Path: mgvax!watmath!clyde!rutgers!mit-eddie!fh From: fh@eddie.MIT.EDU (Foothead) Subject: Re: *** Koloc Alert III *** a snub Date: 10 Apr 87 16:09:27 GMT <5506@eddie.MIT.EDU> 04/15/87 12:46 Path: mgvax!watmath!clyde!rutgers!mit-eddie!fh From: fh@eddie.MIT.EDU (Foothead) Subject: Re: prometheus."arndt".UUCP Date: 14 Apr 87 18:15:19 GMT <9322@decwrl.DEC.COM> 04/17/87 20:34 Path: mgvax!watmath!clyde!rutgers!seismo!lll-lcc!pyramid!decwrl !indian.dec.com!arndt From: arndt@indian.dec.com Subject: From the REAL Ken Arndt!!! Date: 15 Apr 87 13:50:39 GMT <5519@eddie.MIT.EDU> 04/17/87 20:32 Path: mgvax!watmath!clyde!rutgers!mit-eddie!fh From: fh@eddie.MIT.EDU (Foothead) Subject: Re: prometheus."arndt".UUCP Date: 15 Apr 87 16:07:54 GMT <9326@decwrl.DEC.COM> 04/17/87 20:50 **** ID reference, next 9376 Path: mgvax!watmath!clyde!rutgers!mit-eddie!genrad!decvax!decwrl!glenn From: glenn@decwrl.DEC.COM (Glenn Thain) Subject: Re: Evil, Aztec and otherwise (was: Far Harder...) Date: 15 Apr 87 21:44:46 GMT <5523@eddie.MIT.EDU> 04/17/87 20:54 **** ID referenced to 9326 Path: mgvax!watmath!clyde!rutgers!mit-eddie!ooblick From: ooblick@eddie.MIT.EDU (Mikki Barry) Subject: Re: Evil, Aztec and otherwise (was: Far Harder...) Date: 16 Apr 87 14:28:14 GMT <666@prometheus.UUCP> 04/17/87 20:56 **** ID error, last 619, next 647 Path: mgvax!watmath!clyde!rutgers!mit-eddie!genrad!decvax!ucbvax !prometheus.UUCP!arndt From: arndt@prometheus.UUCP (ken arndt) Subject: Re: From the REAL Ken Arndt??? Date: 16 Apr 87 14:45:49 GMT <647@prometheus.UUCP> sci.physics on watmath **** ID reference to 666 Path: watmath!clyde!rutgers!husc6!seismo!prometheus!pmk From: pmk@prometheus.UUCP (Paul M Koloc) Subject: Re: Electricity and Magnetism Date: 17 Apr 87 04:39:38 GMT <5524@eddie.MIT.EDU> 04/17/87 20:55 Path: mgvax!watmath!clyde!rutgers!mit-eddie!fh From: fh@eddie.MIT.EDU (Foothead) Subject: Re: prometheus."arndt".UUCP Date: 16 Apr 87 15:38:49 GMT <9578@decwrl.DEC.COM> 04/18/87 20:57 ***** ID error, last 9326, next 9376 Path: mgvax!watmath!clyde!rutgers!mit-eddie!genrad!decvax!ucbvax !indian.DEC.COM!arndt From: arndt@indian.DEC.COM Subject: Re: From the REAL Ken Arndt??? Date: 17 Apr 87 13:30:59 GMT <247@pyuxe.UUCP> 04/18/87 21:10 Path: mgvax!watmath!clyde!rutgers!ames!ptsfa!ihnp4!mb2c!gamma !pyuxww!pyuxe!rlr From: rlr@pyuxe.UUCP (Rich Rosen) Subject: Re: From the REAL Ken Arndt!!! Date: 17 Apr 87 15:28:55 GMT <250@pyuxe.UUCP> 04/18/87 21:10 Path: mgvax!watmath!clyde!rutgers!ames!ptsfa!ihnp4!mb2c!gamma !pyuxww!pyuxe!rlr From: rlr@pyuxe.UUCP (Rich Rosen) Subject: Re: From the REAL Ken Arndt!!! Date: 17 Apr 87 15:33:21 GMT <9376@decwrl.DEC.COM> 04/18/87 20:57 **** ID reference, last 9326 Path: mgvax!watmath!clyde!rutgers!mit-eddie!genrad!decvax!decwrl!glenn From: glenn@decwrl.DEC.COM (Glenn Thain) Subject: Re: Evil, Aztec and otherwise (was: Far Harder...) Date: 17 Apr 87 15:48:36 GMT <5544@eddie.MIT.EDU> 04/18/87 21:00 Path: mgvax!watmath!clyde!rutgers!mit-eddie!ooblick From: ooblick@eddie.MIT.EDU (Mikki Barry) Subject: Re: From the REAL Ken Arndt??? Date: 17 Apr 87 20:56:14 GMT <5549@eddie.MIT.EDU> 04/18/87 21:11 Path: mgvax!watmath!clyde!rutgers!mit-eddie!fh From: fh@eddie.MIT.EDU (Foothead) Subject: Re: From the REAL Ken Arndt??? Date: 18 Apr 87 06:49:03 GMT <1128@cartan.Berkeley.EDU> 04/18/87 21:13 Path: mgvax!watmath!clyde!rutgers!sri-spam!ames!ucbcad!ucbvax !cartan!brahms!gsmith From: gsmith@brahms.Berkeley.EDU (Gene Ward Smith) Subject: Foothead, Foothead, on the net/Who's the biggest liar yet? Date: 18 Apr 87 10:09:12 GMT ========================================================================= RE: Valspeak filter... Paul has had to cancel a few of his own messages, one such example: <648@prometheus.UUCP> talk.origins on watmath Path: watmath!clyde!rutgers!husc6!seismo!prometheus!pmk From: pmk@prometheus.UUCP Subject: cancel <627@prometheus.UUCP> Date: 17 Apr 87 06:49:18 GMT This kills a new article by this author filtered with VALSPEAK after interception and considerable detention @mimsy. [munch...] ========================================================================= On to other issues... I have had many of my postings of the last 6 weeks run into a net.bit.bucket. If anyone could do a grep on 'mgvax' in your history file and send me the results I would be greatly thankful [ I might repost ]. I am trying to find where the bit.bucket is... _IF_ there is one , as opposed to the general natural problems with sites dropping news do to hardware/software faults that are all to common... Best Regards, # At Home: watmath!mgvax!root, watmath!mgvax!mike # Note: do not use an '@' in a path to 'mgvax' (old mail software)
spaf@gt-karloff.uucp (Gene Spafford) (04/19/87)
This is very interesting. For those of you who joined late (that is,
you haven't been reading talk.religion.misc and just saw this when the
"news.*" groups got added), it might be instructive to go back to the
talk.religion.misc group and read all the articles involved in this
episode.
I did exactly that and came to a conclusion: the "talk.*" groups are
definitely the first to go whenever we decide to cut back on news
volume here! What an incredible waste of resources!
Gene Spafford
Software Engineering Research Center (SERC), Georgia Tech, Atlanta GA 30332
CSNet: Spaf @ GATech ARPA: Spaf@Gatech.EDU
uucp: ...!{akgua,decvax,hplabs,ihnp4,linus,seismo,ulysses}!gatech!spaf