jik@athena.mit.edu (Jonathan I. Kamens) (04/17/91)
(Note cross-post and Followup-To.) In article <1991Apr17.091032.12693@ux1.cso.uiuc.edu>, andreess@mrlaxs.mrl.uiuc.edu (Marc Andreessen) writes: |> Basically, I stumbled on a ridiculously easy way to forge mail from |> anyone to anyone on any machine (I've tested this on Ultrix 4.1, AIX 3.1, |> BSD Tahoe, etc) without superuser privs. I'm aware many implementations |> of Unix have many security holes, but this seems fairly major, and |> also appears to be there by design. |> |> I'm sure half of you know what I'm talking about already, so there's |> no need to go into detail. Well, I don't know what you're talking about, because there are so many easy ways to forge mail that I don't know which one you mean. :-) |> However, what I'm wondering is - why isn't |> this more widely known? What do you mean by "widely known?" It's pretty common knowledge around here that mail can't be trusted. If you want secure mail, you used Privacy Enhanced mail, which uses RSA public-key encryption. |> Why have I never heard about it? When new users find out how to forge mail, some portion of them tend to act like dweebs, doing irresponsible, inconsiderate things that make life difficult for everybody, because they think it's funny. I'm a consultant here for our user community, and if someone asks me, "Is it possible to forge mail?" my response is, "Yes, but I can't tell you how to do it." By the time people figure out how to do it for themselves, they're usually responsible enough not to do stupid things with it. It's true that new users often assume that mail is secure because they are never told otherwise. I'm not sure how that problem can be solved (or even if it is a problem); I would find it a bit strange if we told every new user here, "By the way, mail isn't secure!" |> This makes |> Unix mail completely untrustworthy; why isn't this more secure? Unix mail has always been untrustworthy; surprise, surprise. The problem is not confined to Unix (It's possible to forge mail easily using SMTP, which is a network protocol, not a Unix protocol, and which is spoken by quite a few OSs besides Unix). If you're interested in finding out more about recent attempts to come up with ways to do secure mail, I suggest you read the relevant Internet RCSs, which include: 1115 Linn, J. Privacy enhancement for Internet electronic mail: Part III - algorithms, modes, and identifiers [Draft]. 1989 August; 8 p. (Format: TXT=18226 bytes) 1114 Kent, S.T.; Linn, J. Privacy enhancement for Internet electronic mail: Part II - certificate-based key management [Draft]. 1989 August; 25 p. (Format: TXT=69661 bytes) 1113 Linn, J. Privacy enhancement for Internet electronic mail: Part I - message encipherment and authentication procedures [Draft]. 1989 August; 34 p. (Format: TXT=89293 bytes) (Obsoletes RFC 989, RFC 1040) In case you don't know how to get your hands on RFCs, I've included instructions at the end of this message. -- Jonathan Kamens USnail: MIT Project Athena 11 Ashford Terrace jik@Athena.MIT.EDU Allston, MA 02134 Office: 617-253-8085 Home: 617-782-0710 -- Many RFCs are available online; if not, this is indicated by (Not online). Paper copies of all RFCs are available from the NIC, either individually or on a subscription basis (for more information contact NIC@NIC.DDN.MIL). Online copies are available via FTP or Kermit from NIC.DDN.MIL as RFC:RFC####.TXT or RFC:RFC####.PS (#### is the RFC number without leading zeroes). Additionally, RFCs may be requested through electronic mail from the automated NIC mail server by sending a message to SERVICE@NIC.DDN.MIL with a subject line of "RFC ####" for text versions or a subject line of "RFC ####.PS" for PostScript versions. To obtain the RFC index, the subject line of your message should read "RFC index".
peter@ficc.ferranti.com (Peter da Silva) (04/18/91)
In article <1991Apr17.100833.3982@athena.mit.edu> jik@athena.mit.edu (Jonathan I. Kamens) writes: > it is a problem); I would find it a bit strange if we told every new user > here, "By the way, mail isn't secure!" Why? -- Peter da Silva. `-_-' peter@ferranti.com +1 713 274 5180. 'U` "Have you hugged your wolf today?"
schwartz@groucho.cs.psu.edu (Scott Schwartz) (04/18/91)
jik@athena.mit.edu (Jonathan I. Kamens) writes:
It's true that new users often assume that mail is secure because
they are never told otherwise.
They assume this because system administrators run around screaming
about security all the time. armstron@cs.arizona.edu (Jim Armstrong) (04/26/91)
In article <5USA0YB@xds13.ferranti.com> peter@ficc.ferranti.com (Peter da Silva) writes: >In article <1991Apr17.100833.3982@athena.mit.edu> jik@athena.mit.edu (Jonathan I. Kamens) writes: >> it is a problem); I would find it a bit strange if we told every new user >> here, "By the way, mail isn't secure!" > >Why? Good question. Here's a better one: Since most sysadmins don't tell their users that mail isn't secure, why do we find it surprising that so many naive users fall for the tricks that have been described in the recent CERT advisories? 1) messages from the sysadmin telling you to change your password to "systest001" for security reasons. 2) messages from bogus software companies urging you to try out their new game in /tmp/ttetris but noting that you will be asked to revalidate your password. Anyone else think that educating the users just might possibly help prevent a security abuse here and there? -- Jim Armstrong "The nonpayment and subsequent abuse of armstron@cs.arizona.edu socially powerless athletes is simply a uunet!arizona!armstron form of modern-day slavery" --Rick Telander