Xref: utzoo news.groups:13781 news.admin:7382 news.misc:3755 talk.bizarre:39667 alt.flame:11725 Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!wuarchive!brutus.cs.uiuc.edu!apple!chuq From: chuq@Apple.COM (Chuq Von Rospach) Newsgroups: news.groups,news.admin,news.misc,talk.bizarre,alt.flame Subject: Re: forgery (was Re: Important announcement) Message-ID: <36049@apple.Apple.COM> Date: 30 Oct 89 19:09:59 GMT References: <6037@tank.uchicago.edu> <21593@gryphon.COM> <212@ark1.nswc.navy.mil> Organization: Life is just a Fantasy novel played for keeps Lines: 53 >No, it's not. Perhaps if we (the set of all USENET administrators) >knew how postings were forged, we'd know how to stop forgeries. Actually, no. I've got an article I wrote for moderators/usenet admins/hackers and etc a few years ago on how to forge messages. It was also (accidentally) posted to RISKS, so it might be in the archives there. If people really want it, I suppose I could post it, since there are no real secrets to it -- it's fairly trivial if you understand both USENET and the transfer mechanisms. It's also a security hole that has completely defied plugging, simply because the information you need to plug it is unavailable and there's no way to (practically) make that information available, thanks to certain protocol limitations. >I'd >rather have a short period during which the forgery rate is expected >to be high followed by a long period of no forgeries than a long >period of unexpected forgeries. Well, it didn't happen when it was posted to RISKS, but perhaps that was an obscure enough release that the idiots didn't notice it. More likely, most people wouldn't bother, or might post post one or two for the thrill of it and then move on to some other amusement... >What is obvious to me, though, (even if you don't buy the above) is >that we need to discuss how to recognize a forged posting. A good forgery is almost untraceable. I might point out, for instance, that technically speaking all the newgroups I posted when I was newgroup czar are forgeries, as while zamboni.apple.com exists, it's neither attached to an outside network nor does it run usenet. And, if it matters, I don't become Mr. USENET on Apple.com when I send it out, so I don't have priviledges to do so when I do it (I could, but it's easier this way). >Another thing that's not obvious to me is why Richard didn't expose >the forgery. One aspect of a forgery is that the person who is being forged doesn't see the message, because of an obscure aspect of the propogation code in USENET. USENET software looks at the Path: variable and if a hostname in your sys file is in the Path:, it won't send the message, since by definition that machine has seen it already. So putting "gryphon" in the path makes sure the message never gets to "gryphon". (which actually has practical uses of its own, if you think of it). -- Chuq Von Rospach <+> Editor,OtherRealms <+> Member SFWA/ASFA chuq@apple.com <+> CI$: 73317,635 <+> [This is myself speaking] Trust Mama Nature to remind us just how important things like sci.aquaria's name really is in the scheme of things.