Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!husc6!rutgers!ukma!psuvm.bitnet!hd6 From: HD6@PSUVMA.BITNET Newsgroups: news.admin,news.sysadmin Subject: Net userid forgery Message-ID: <25760HD6@PSUVMA> Date: Sun, 22-Nov-87 00:19:57 EST Article-I.D.: PSUVMA.25760HD6 Posted: Sun Nov 22 00:19:57 1987 Date-Received: Wed, 25-Nov-87 05:02:06 EST References: <25742COK@PSUVMA> <25756HD6@PSUVMA> I include here a copy of a letter I sent to alt.flame, in reference to Organization: The Pennsylvania State University - Computation Center Lines: 120 Xref: mnetor news.admin:1413 news.sysadmin:484 an episode in which user or users unknown attempted to pass themselves off as another user (Rhonda Scribner). The occurence unsettled me sufficiently to post an opinion regarding the matter (perhaps more forcefully than was necessary, but I was *very* upset). After thinking about the matter for a while longer, I decided that the problem was sufficiently serious to cross- post to news.admin and news.sysadmin. My position is that false postings are one of the most dangerous threats to the ability of the net to operate as it does. If the possibility exists for malicious individuals to forge postings, and, further, for other individuals to send those postings, as "public information" to employers, fellow workers, sysadmins, etc. of the person being forged, the whole premise of the network system as a public forum for the free, relatively unrestricted exchange of ideas comes into question. Granted, forged postings are not, as of yet, a big problem, as they are not yet common. I believe that the time to stop this from *becoming* a large problem is now, and that somehow, the posting of information using the userids of others, must be *most strongly* discouraged. I don't even want to go into the whole legal problems created, but, granted that I am not a telcomm lawyer, it seems significant that the majority of network traffic passes through FCC- regulated lines. I, for one, believe that if the Federal government imposed strict regulations/restrictions upon the network, (not likely, but definitely possible), it would be the end of the system that we have here in any recognizable form. Though it is a far-fetched example, kindly imagine the results were the U.S. Postal Service given regulating power regarding the transfer of Email (perish the thought). If this posting seems to have a panicked tone, it is because the idea of any network user having his/her userid forged with impunity has me scared spitless at the potential concequences (take all possibilities to their potential conclusions, and think about what you see). I am *not* asking for net regulation or cancelling user accounts. I am asking that attention be given to this matter: I find it to be a serious concern. CELADHAEARN [re-posted article follows below. ALL FOLLOW-UPS DELETE ALL BELOW-- THIS ARTICLE IS ALREADY TOO LARGE]: In article <25756HD6@PSUVMA>, [CELADHAEARN] says: > >In article <25742COK@PSUVMA>, (R. W. Clark) writes, s) says: >> >>I have been thinking long and hard on the matter of what justifies kicking >>a person off the net. And in so considering, I've come to the conclusion to >>do something extremely odd: defend Rhonda Scribner. I find the cowardly >>attacks being made on her extremely disgusting in every way; those posted >>from bitch@chinet and phonily posted from Rhonda's id, for example. >> . . . I'd support their temporary removal from the net, until such time >>as they prove mature enough to return. > > [further discussion of how the attacks on Rhonda are slander, and > Eric Madding's tripe was not slander] >> >>So I say: find these people and discipline them. >>------- >> > > I give a [qualified] nod to this one. Whether or not E.M. Airwick's >postings were legally slander (some of them are questionable), the true >issue here is larger. While net users might occasionally cross the >bounds of "good taste" (I find "good taste" appalling, myself), the >forging of a userid takes away one of the most important (unwritten) laws >for participating on the network in any form: the ability to confront, >accuse, flame, agree with, support, tear apart the (logic?) of, etc., >one's fellow users. > Even in the case of net users who post with pseudonyms, there is >recognition of "who" a poster is. The name doesn't matter so much as >the ability to attach a set of articles, beliefs, etc., to a name, and >TO KNOW THAT ALL POSTINGS FROM A NAME ARE GENUINE. If someone posts from >an assumed name, spouting all sorts of garbage that s/he would never send >from his/her own userid, that's fine, AS LONG AS THAT ASSUMED NAME IS NOT >ONE ALREADY KNOWN TO THE NETWORK COMMUNITY AS OWNED BY AN ESTABLISHED USER. >... >I.E., If you want to flame someone, DO IT--from you own account, and take >responsibility (ooh, I can't believe I said the "R-word", damn!) for your >words and beliefs. While I tend to be a net.anarchist, I am reasonable >enough to realize that if there is no way for net users to be sure that >the postings they read are genuine, and, more importantly, that they can't >be sure that *they* won't be forged and attached to some inanities/insanities >that aren't theirs, most folks won't risk/bother using the non-technical >and unmoderated newsgroups any more (which will, of course, leave only those >who have been false-posting left to prey on each other; perhaps that's what >they plan, although I really shouldn't give them that much credit for >thought or brains, as they've shown little enough of both thus far). > > I have great difficulty reconciling my belief in a "free" network >system with advocating taking away someone's net privileges (I know that >this is not a "free ($)" system, let's not rehash that one). I do however, >feel that something must be done if timid cretenous slime like those currently >posting using forged userids continue their brainless and potentially >hazardous practice. Personally, I advocate finding these tremulous children >(no insult intended to any children out there) and bashing their heads in with >a rock. (Quick, to the point, and not too subtle for their tiny little brains >to comprehend). Perhaps the Sysops at their site could perform this little >favor for us? Please? > In all seriousness, however, this has got to stop. Possibly those involved >thought that they were just playing some kind of "cute little prank" (even >though the lack of common sense and absense of inherent integrity involved is >appalling.) The mental pygmies who forged Rhonda's userid need to realize >(or be made to realize) that they/he/she/it did a *bad thing*. The network >system is a good one,worth protecting,and the business of posting using an- >other person's userid is one of the few things that could seriously damage the >*usable* situation we have here. If you know who is committing the offending >acts encourage the pinheaded individuals involved to cease and desist, or, >better yet, send me their names and perhaps we can organize net.vigilante. > > Richard [it takes an awful lot to get me pissed] Carl Hoffman > CELADHAEARN >------- >__ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ ( _X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X_ ) X : X | | CELADHAEARN [R. Carl Hoffman] : " . .'scap jah matjan jah drighan,' | | X 1:hd6@psuvm.bitnet (note change) : what worthy verse can sound when X | | 2:hd6%psuvma.bitnet@psuvax1.uucp : such cries thicken !" Gildas | | X_ __ __ __ __ __ __ __ __ __ __ __ _: __ __ __ __ __ __ __ __ __ __ __ __ _X (__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__X__) >