tedk@ihuxv.ATT.COM (Kekatos) (04/14/88)
Here is Something of interest, (I found it in a magazine) ----------------------------------------------------------------- The National E-Mail Registry and The National E-Mail White Pages On-line Directory To Register: Dial (203) 245-7720 or (800) 622-0505 with your modem (300-1200-2400 baud) Every form of E-mail including CompuServe, The Sources and most of the others are listed under "commerial" services. UUCP/USENET/NETNEWS addresses are listed under "non-commerial" services. AT&T E-mail service is listed under "commerial" services. There is no charge to register, $0.20 to search. ----------------------------------------------------------------- I have NO connection with the above service. I am just posting this as a general interest item. I found it in a magazine. Ted G. Kekatos backbone!ihnp4!ihuxv!tedk (312) 979-0804 AT&T Bell Laboratories, Indian Hill South, IX-1F-460 Naperville & Wheaton Roads - Naperville, Illinois. 60566 USA
bzs@bu-cs.BU.EDU (Barry Shein) (04/14/88)
>To Register: >Dial (203) 245-7720 or (800) 622-0505 with your modem >(300-1200-2400 baud) >Every form of E-mail including CompuServe, The Sources and most >of the others are listed under "commerial" services. >UUCP/USENET/NETNEWS addresses are listed under "non-commerial" services. >AT&T E-mail service is listed under "commerial" services. I assume this is some attempt at building an on-line white pages of e-mail addresses. If anyone knows anything about this I would be curious how they prevent trivial fraud, such as my listing myself as Ronald Reagan and setting up an account rr@bu-cs.bu.edu (ok, that would be a little blatant, but you get the idea.) If someone could solve this problem I'd probably set up a white pages server for free here. -Barry Shein, Boston University
tedk@ihuxv.ATT.COM (Kekatos) (04/16/88)
In article <21660@bu-cs.BU.EDU> bzs@bu-cs.BU.EDU (Barry Shein) writes: >>To Register: >>Dial (203) 245-7720 or (800) 622-0505 with your modem { text deleted } >prevent trivial fraud, such as my listing myself as Ronald Reagan and >setting up an account rr@bu-cs.bu.edu (ok, that would be a little >blatant, but you get the idea.) > How does anyone know that your name really isn't Ronald Reagan? There are hundreds of them in the US. If you listed your occupation as "President, United States of America", Then I would wonder if it was reallt you.. ((( I have nothing to do with the above mentioned service. ))) Ted G. Kekatos backbone!ihnp4!ihuxv!tedk (312) 979-0804 AT&T Bell Laboratories, Indian Hill South, IX-1F-460 Naperville & Wheaton Roads - Naperville, Illinois. 60566 USA
sl@van-bc.UUCP (pri=-10 Stuart Lynne) (04/16/88)
In article <21660@bu-cs.BU.EDU> bzs@bu-cs.BU.EDU (Barry Shein) writes: > >>To Register: >>Dial (203) 245-7720 or (800) 622-0505 with your modem >>(300-1200-2400 baud) >>Every form of E-mail including CompuServe, The Sources and most >>of the others are listed under "commerial" services. >>UUCP/USENET/NETNEWS addresses are listed under "non-commerial" services. >>AT&T E-mail service is listed under "commerial" services. > >I assume this is some attempt at building an on-line white pages >of e-mail addresses. > I've toyed with a idea along these lines about a year ago, but didn't have time to implement it. Simply capture the Reply-to: or From: header lines, and possibly the signature lines from each usenet article as it flows by. Stuff it away in a database indexed by name, mail id, domain address, and host name. If you want to have some idea of what that person is interested in simply keep track of the newsgroups he posts in. Something along these lines would be trivial to implement. The unfortunate part is that it would also consume a horrendous amount of disk space which I didn't have at the time. But I still think it's an interesting idea. -- {ihnp4!alberta!ubc-vision,uunet}!van-bc!Stuart.Lynne Vancouver,BC,604-937-7532
tr@wind.bellcore.com (tom reingold) (04/17/88)
In article <21660@bu-cs.BU.EDU> bzs@bu-cs.BU.EDU (Barry Shein) writes: $ [What would] $ prevent trivial fraud, such as my listing myself as Ronald Reagan and $ setting up an account rr@bu-cs.bu.edu (ok, that would be a little $ blatant, but you get the idea.) $ In article <2584@ihuxv.ATT.COM> tedk@ihuxv.UUCP (55624-Kekatos,T.G.) writes: $ How does anyone know that your name really isn't Ronald Reagan? $ There are hundreds of them in the US. If you listed your occupation $ as "President, United States of America", $ Then I would wonder if it was reallt you.. Ted, Barry said "you get the idea" but you don't. He used the most blatant example of forgery but it's a good question. Suppose I say I'm you because I want to misdirect any mail someone wants to send to you. I can give your email address with a phony machine or login name. I could even spell the machine or login name really closely to yours so it looks right. Or I could attach someone else's name and my email address in an entry. If it is NOT Ronald Reagan, the registry people would not notice. And suppose I am one of those hundreds of Americans named Ronald Reagan. Are the Registry people going to take my registration seriously? I called the Registry, registered myself, and don't remember giving my occupation. And even if I gave it, I would not expect it as a requirement for registration. And suppose ... The problem is that the registration method is totally electronic, making verification impossible. A signature and a photo ID held by someone with a matching face are still good methods. No one has come up with an analogous method that uses solely electronic media. Can you think of one? Here is a new question: Isn't this a little vulnerable? The Government can now look me up since I'm such a sucker, already signed up. Is this a new resource to build the Big Brother phenomenon? Comments, Barry? "Just say NO to empty, dogmatic slogans coined by Nancy Reagan!" Tom Reingold PAPERNET: |INTERNET: tr@bellcore.bellcore.com Bell Communications Research |UUCP-NET: bellcore!tr 445 South St room 2L350 |SOUNDNET: (201) 829-4622 [work], Morristown, NJ 07960-1910 | (201) 287-2345 [home]
bzs@bu-cs.BU.EDU (Barry Shein) (04/18/88)
>Here is a new question: Isn't this a little vulnerable? The >Government can now look me up since I'm such a sucker, already >signed up. Is this a new resource to build the Big Brother >phenomenon? Comments, Barry? First, here's an idea to help verification that is far from perfect (I'll describe it's worst problems) but is a lot better than nothing. The original problem was someone changing your entry, say the e-mail address, with malicious intent (eg. to receive your mail.) One possibility is to always e-mail a summary of changes (or the entry itself) whenever it is changed. If the mail address is changed you send to the old and new address. Problems remaining: This is, in OS parlance, known as detection (you'll know someone has changed something) but is neither avoidance nor prevention of the problem. For example, I could write a shell script changing your address every 30 seconds and all you will have is the knowledge that it is being done, there's still no mechanism to stop me or make it difficult for me to do this (difficult could be you only get to make 2 changes in a day/week whatever, or a cookie is stored like a password you must present to change the entry, even that has serious problems given the insecurity of the mail networks and the just plain nuisance of people forgetting their cookies over time.) This also does not address the problem of someone initially creating an entry with malicious intent, before you get a chance to create one for yourself they do. In fact, you may not have the slightest interest in using the service so don't even know I have created an entry which is telling people to send mail destined for you to me. Some of that is outside, but it could be quite a tool in the hands of a specific malicious prank. As to the "big brother" aspect, I don't know, is the telephone white pages a big brother problem? I think if anything I'd be more concerned with businesses using it to create junk mail lists (if for no other reason than you might at that point be interpreted, willingly or otherwise, as using the network to compete with commercial junk mail list compilers, something I know ARPA is very sensitive about, thou shalt not use govt subsidies to compete with equivalent commercial services.) Like I said, intention could be irrelevant if the harm exists anyhow. Anyhow, as to the mere ability to look you up, that's probably unavoidable, I would imagine it would take but a few hours to write a program to filter all USENET traffic and store the FROM: fields to create one's own list. You can't have it both ways. From: tr@wind.bellcore.com (tom reingold) If you get my drift... -Barry Shein, Boston University