Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uflorida!novavax!twwells!bill From: bill@twwells.com (T. William Wells) Newsgroups: news.newusers.questions Subject: Re: Somebody said that they could find a bogus poster Message-ID: <1989Oct16.093122.3942@twwells.com> Date: 16 Oct 89 09:31:22 GMT References: Followup-To: alt.dev.null Distribution: usa Organization: None, Ft. Lauderdale, FL Lines: 52 In article fred@flinstones.com writes: : Somebody a while ago said that they could locate a poster of a bogus : message, so I decided to try and see. Note that I have no malicious, libelous, : or slanderous intentions, nor do I intend to abuse netland. I just have an : inexplicable need to meet a challenge that is thrown down, and now I am making : my attempt to run the gauntlet of detection. If you can email me, letting me : know that I was found, I would be very appreciative, and indeed know that it : is impossible to evade identification. If you do succeed, however, I beg of : you not to attempt to have my News Administrator revoke my news priviledges, : for I am normally a productive user of the News system, and would hate to lose : my access to this interesting forum. Here are the interesting things from your headers. These first are bogus but anyone can change them: Path: twwells!novavax!uflorida!uakari.primate.wisc.edu!ginosko!usc\ !merlin.usc.edu!flinstones.com!fred From: fred@flinstones.com Message-ID: You also screwed up the References: line, it should have been blank. But this is the giveaway: Sender: news@merlin.usc.edu You were logged in as news at merlin.usc.edu. We can't figure out exactly who you are without asking the news admin who likely has access to the news account. Of course, since you were on the news account, you could also modify the news software to not put in the Sender: line. Or you could have edited it out in the spool directory before the system sent it out (supposing that your news is batched). If one has access to the news account, or to uucp, or root, it isn't too hard to forge an article. Yes, I can think of several ways to pretty much undetectably forge an article on a Unix system. At least one of them does not require any special privileges or even much knowledge of Unix. No. Please don't show us that you have figured a way. If you really want to prove it to me, just tell me about it via e-mail, OK? I'll happily confirm whether it will work or not. No, you won't be giving away any important secrets: I own this machine; I can forge a message any time I want. Followups have been directed to alt.dev.null. --- Bill { uunet | novavax | ankh | sunvice } !twwells!bill bill@twwells.com