Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!linus!philabs!prls!pyramid!csg From: csg@pyramid.UUCP (Carl S. Gutekunst) Newsgroups: net.news Subject: Re: Are we all victims of prankster-hackers? Message-ID: <460@pyramid.UUCP> Date: Wed, 11-Jun-86 19:28:12 EDT Article-I.D.: pyramid.460 Posted: Wed Jun 11 19:28:12 1986 Date-Received: Fri, 13-Jun-86 03:23:19 EDT References: <3344@amdahl.UUCP> Reply-To: csg@pyramid.UUCP (Carl S. Gutekunst) Organization: Pyramid Technology Corp., Mountain View, CA Lines: 28 Summary: System V sites -- Your Netnews is Probably Mangled! In article <3344@amdahl.UUCP> gam@amdahl.UUCP (G A Moffett) writes: >We received what must have been dozens of articles, alledgedly from >david@ukma.UUCP, which produced the following in our log file: It's not a prank. David explained what he was planning to do in a net.news posting a couple of days ago. He forged cancel messages for approximately 60 duplicate articles that splattered over the net when mirror's news/notes gateway hiccupped. I agree with his actions, but his implementation was awful: >I do not yet have a patch to rnews to prevent this problem (I don't >know exactly what to prevent). The problem is the Article-ID's were not unique within 14 characters. This is technically legal, but causes grave disorder on System V news sites. Your basic point -- it's easy to fake cancel messages -- is very true, and always has been. In my year on the net this blatant security hole has been abused only once: a vigilante SA did some "retroactive moderation" of net.sources. At the time it was suggested that rnews be changed to ignore cancel messages. After some thought (and a recent experience with an employee who was abusing the net) I disagree. While anyone could conceivably cancel the entire net, I still feel the ability to take back one's words is worth the risk. I'm open to other opinions....