Xref: utzoo news.admin:12638 news.misc:6230 comp.mail.uucp:6045
Path: utzoo!news-server.csri.toronto.edu!cs.utexas.edu!usc!rpi!uupsi!njin!rutgers!mcdchg!ddsw1!karl
From: karl@ddsw1.MCS.COM (Karl Denninger)
Newsgroups: news.admin,news.misc,comp.mail.uucp
Subject: Re: New rules for UUPSI
Summary: Problems from/at this site.  Being corrected; cancels have been issued.
Message-ID: <1991Mar10.041006.9086@ddsw1.MCS.COM>
Date: 10 Mar 91 04:10:06 GMT
References: <1991Mar5.141606.1797@uu.psi.com> <1991Mar07.014612.4537@utoday.com> <1991Mar10.023408.3693@ddsw1.MCS.COM>
Organization: Macro Computer Solutions, Inc., Wheeling, IL
Lines: 50

In article <1991Mar10.023408.3693@ddsw1.MCS.COM> karl@ddsw1.MCS.COM (Karl Denninger) writes:


The above referenced posting is an actual posting of mine.

I have been informed that there were two other postings, one under my name
and another under a name that isn't valid as an id here (and never was) that
were posted apparently from this site.    At least I think they originated
here... I'm not able to be sure at this time.

I have been unable to determine who sent the articles, but I did find both
and cancel them.   My .signature was world readable, and one posting actually
had included it.

The posting referenced above is the >only< one I have actually made on the
UUPSI matter.  The one from "akcs.madhacker" in alt.sys.sun is also a
forgery.  Both are good forgeries, and appear to have been made at a
neighboring site (I get copied as mail on all local posts, and I didn't 
get copied on these!)

If I find the person(s) respondible they'll be summarially shot :-)

I guess it's time to turn accounting on and see if we can find some
information the next time this happens - at least who's site sent the 
stuff over.  As it is I couldn't tell you where they originated -- I 
simply don't have the space to keep logs on daily uucp traffic.

As an aside, has anyone noticed how easy it is to forge postings in Cnews?
As long as you have an id on a site, or can inject an article there (via
uucp, etc) you can EASILY forge articles.  You simply feed an article to 
"inews" or "rnews" and it posts it -- with whatever headers (like the 
sender's name) are there.  No "X-bad-authentication: xxxx" message or 
anything.

Bleh.  Some kind of authentication is in order, at least on this system.

Sorry about that folks.

Thanks to Tom Neff and Brad Templeton who sent me email questioning the
statements; it made me take a look at what was in my news spool, and what
had been posted in the last 24 hours!

Time to sit down and code a quick and dirty authenticator for "C" news.  
I'll post it when I'm done for anyone who wants it.

--
Karl Denninger (karl@ddsw1.MCS.COM, <well-connected>!ddsw1!karl)
Public Access Data Line: [+1 708 808-7300], Voice: [+1 708 808-7200]
Copyright 1991 Karl Denninger.  Distribution by site(s) which restrict
redistribution of Usenet news PROHIBITED.