fred@flinstones.com (10/16/89)
Somebody a while ago said that they could locate a poster of a bogus message, so I decided to try and see. Note that I have no malicious, libelous, or slanderous intentions, nor do I intend to abuse netland. I just have an inexplicable need to meet a challenge that is thrown down, and now I am making my attempt to run the gauntlet of detection. If you can email me, letting me know that I was found, I would be very appreciative, and indeed know that it is impossible to evade identification. If you do succeed, however, I beg of you not to attempt to have my News Administrator revoke my news priviledges, for I am normally a productive user of the News system, and would hate to lose my access to this interesting forum. Fred -- Disclaimers? We don' need no stinkin' Disclaimers!
clutx.clarkson.edu (Lazarus Long, ,0,) (10/16/89)
From article <none>, by fred@flinstones.com: > > Somebody a while ago said that they could locate a poster of a bogus > message, so I decided to try and see. Note that I have no malicious, libelous, > or slanderous intentions, nor do I intend to abuse netland. I just have an > inexplicable need to meet a challenge that is thrown down, and now I am making > my attempt to run the gauntlet of detection. If you can email me, letting me > know that I was found, I would be very appreciative, and indeed know that it > is impossible to evade identification. If you do succeed, however, I beg of > you not to attempt to have my News Administrator revoke my news priviledges, > for I am normally a productive user of the News system, and would hate to lose > my access to this interesting forum. > > Fred > > -- > Disclaimers? We don' need no stinkin' Disclaimers ! Good luck to you.. :-) Matt Parker (listening to the thunder...) * Matt Parker / Laz Long * Be wary of strong drink, it can make you * * 11 Lawrence Ave * shoot at tax collectors... AND MISS! * * Potsdam, NY 13676 * R.A.H. - The notebooks of Lazarus Long* * (315)-265-3763 ************************************************
bill@twwells.com (T. William Wells) (10/16/89)
In article <none> fred@flinstones.com writes:
: Somebody a while ago said that they could locate a poster of a bogus
: message, so I decided to try and see. Note that I have no malicious, libelous,
: or slanderous intentions, nor do I intend to abuse netland. I just have an
: inexplicable need to meet a challenge that is thrown down, and now I am making
: my attempt to run the gauntlet of detection. If you can email me, letting me
: know that I was found, I would be very appreciative, and indeed know that it
: is impossible to evade identification. If you do succeed, however, I beg of
: you not to attempt to have my News Administrator revoke my news priviledges,
: for I am normally a productive user of the News system, and would hate to lose
: my access to this interesting forum.
Here are the interesting things from your headers. These first are
bogus but anyone can change them:
Path: twwells!novavax!uflorida!uakari.primate.wisc.edu!ginosko!usc\
!merlin.usc.edu!flinstones.com!fred
From: fred@flinstones.com
Message-ID: <none>
You also screwed up the References: line, it should have been blank.
But this is the giveaway:
Sender: news@merlin.usc.edu
You were logged in as news at merlin.usc.edu. We can't figure out
exactly who you are without asking the news admin who likely has
access to the news account.
Of course, since you were on the news account, you could also modify
the news software to not put in the Sender: line. Or you could have
edited it out in the spool directory before the system sent it out
(supposing that your news is batched).
If one has access to the news account, or to uucp, or root, it isn't
too hard to forge an article.
Yes, I can think of several ways to pretty much undetectably forge an
article on a Unix system. At least one of them does not require any
special privileges or even much knowledge of Unix.
No. Please don't show us that you have figured a way. If you really
want to prove it to me, just tell me about it via e-mail, OK? I'll
happily confirm whether it will work or not. No, you won't be giving
away any important secrets: I own this machine; I can forge a message
any time I want.
Followups have been directed to alt.dev.null.
---
Bill { uunet | novavax | ankh | sunvice } !twwells!bill
bill@twwells.com
richard@gryphon.COM (Richard Sexton) (10/17/89)
In article <1989Oct16.093122.3942@twwells.com> bill@twwells.com (T. William Wells) writes some really incredible stuff: >In article <none> fred@flinstones.com writes: > >Here are the interesting things from your headers. These first are >bogus but anyone can change them: > > Path: twwells!novavax!uflorida!uakari.primate.wisc.edu!ginosko!usc\ > !merlin.usc.edu!flinstones.com!fred > From: fred@flinstones.com > Message-ID: <none> > >You also screwed up the References: line, it should have been blank. >But this is the giveaway: > > Sender: news@merlin.usc.edu > >You were logged in as news at merlin.usc.edu. We can't figure out >exactly who you are without asking the news admin who likely has >access to the news account. Wrong. Just because ``news@merlin'' posted it, does not mean a person was logged in as news@merlin. The person did not even have to be on merlin. >Of course, since you were on the news account, you could also modify >the news software to not put in the Sender: line. Or you could have >edited it out in the spool directory before the system sent it out >(supposing that your news is batched). I'll bet $1 the person was not the news account. >If one has access to the news account, or to uucp, or root, it isn't >too hard to forge an article. You don't have to be news, uucp, or root. >Yes, I can think of several ways to pretty much undetectably forge an >article on a Unix system. At least one of them does not require any >special privileges or even much knowledge of Unix. Undetectible forgeries are another matter. But they are quite possible. In reality though, anybody anywhere can do a pretty good job of forging a posting. >No. Please don't show us that you have figured a way. If you really >want to prove it to me, just tell me about it via e-mail, OK? I'll >happily confirm whether it will work or not. No, you won't be giving >away any important secrets: I own this machine; I can forge a message >any time I want. Heh heh. This is just a clever ruse. The Real T.W.W knows better than this and would never have posted the above misinformation. Besides, he's out of the country and won't be back until 11/4/89. Any postings you see from him until then are bogus. In other words, it was a forgery. As is this posting. Speaking for the soft underbelly of the net. -- Help wipe out BBQ lighter fluid in your lifetime richard@gryphon.COM decwrl!gryphon!richard gryphon!richard@elroy.jpl.NASA.GOV
mcooper@acamar.usc.edu (Michael A. Cooper) (10/19/89)
In article <none> fred@flinstones.com writes: > > Somebody a while ago said that they could locate a poster of a bogus >message, so I decided to try and see. Note that I have no malicious, libelous, >or slanderous intentions, nor do I intend to abuse netland. I just have an >inexplicable need to meet a challenge that is thrown down, and now I am making >my attempt to run the gauntlet of detection. If you can email me, letting me >know that I was found, I would be very appreciative, and indeed know that it >is impossible to evade identification. If you do succeed, however, I beg of >you not to attempt to have my News Administrator revoke my news priviledges, >for I am normally a productive user of the News system, and would hate to lose >my access to this interesting forum. > Sigh. I hate dealing with this kind of BS, but it would be irresponsible to ignore this kind of activity. So I spent about 45 minutes of my time tracking down the culprit. I have been able to determine that identity of "fred@flinstones.com" is a Computer Science student here at USC by the name of Dennis Griffin. His email address is griffin@girtab.usc.edu. Please keep flames small and concise so that our mail gateway doesn't get slagged. I've notified him letting him know that he didn't get away with anything. Since we haven't had any problems with this person before and because no direct harm was done, he was issued a warning. If we have any further problems from him for most any violation of our USC Computing Policies, he will suffer some severe disciplinary actions. Mike Cooper Usenet Administrator for USC Michael A. Cooper, University Computing Services, U of Southern California INTERNET: mcooper@usc.edu PHONE: (213) 743-2957 UUCP: ...!uunet!usc!mcooper BITNET: mcooper@gamera
cse2044@eve.wright.edu ( Students of CS340 (Lang. workshops)) (10/20/89)
Maybe I'm weird...but I'm glad it is non-malicious people pointing out flaws in security rather than malicious people exploiting the system and not getting caught. Just my $0.02 worth. Mark Mankins cse2044@eve.wright.edu cse2044@eve.bitnet