Xref: utzoo news.sysadmin:1946 news.admin:4301
Path: utzoo!utgpu!attcan!uunet!lll-winken!lll-tis!helios.ee.lbl.gov!pasteur!ames!mailrus!uflorida!novavax!nanook
From: nanook@novavax.UUCP (Keith Dickinson)
Newsgroups: news.sysadmin,news.admin
Subject: Re: rnews: security hole. Too bad.
Message-ID: <843@novavax.UUCP>
Date: 14 Dec 88 13:32:41 GMT
References: <1219@altger.UUCP>
Organization: Nova University, Fort Lauderdale, FL
Lines: 41

in article <1219@altger.UUCP>, blue@altger.UUCP (blue) says:
> Xref: novavax news.sysadmin:2013 news.admin:4465
> Posted: Sat Dec 10 02:11:54 1988
> 
> Well, it seems that UUCP  &C. really lack on security..
> I just realized that a registered node on a unix system, which
> is NOT authorized to get News of ANY kind, can on the contrary
> SEND any news-message ANYWHERE on ANY distribution.
> THIS IS REALLY AMAZING.
> On ANY Buletin Board Service new users are allowed to read
> at least some message base, but cannot write messages.
> Protection should be made on the POSTING of new messages.
> Not only on the "sendbatch"!
> Usenet News are a living BUG.
> 	b.b.
> -- 
> Mr. BlueBoy, DTE222/hck  - Milano, Italy
> Usenet: blue@altger  | Unix has no bugs. Unix itself IS a bug.
> Subnet: blue@i2ack   | Let's use ProDos.. :-)

BB,

  This is not entirely true. I am running Ufgate software on my MS-DOS
(yuck) PC. Ufgate takes messages entered/routed in by Opus/Fidonet and
passes them on to my Usenet host site.

  I was worried at the fact that people could post to "moderated" areas and
not have any restrictions. After a few test messages, I discovered that 
the news handler on Novavax was scanning the news feeds, and finding that
they had not hit the "moderator"  yet, forewarded them to the moderator.

  Your worries MAY be valid on some systems, but at novavax.UUCP aparrently
there is no problem.

Keith Dickinson
-----
_   /|  | Fidonet  : 369/2 [(305) 421-8593] Brave Mew World South
\'o.O'  | Internet : nanook@muadib.FIDONET.ORG
=(___)= | UUCP     : (novavax,hoptoad!ankh)!muadib!nanook | nanook@novavax
   U    | USNail   : 433 SE 13th CT. J-202, Deerfield Beach, Fl. 33441
  Ack!  | Disclamer: This message was created by a faulty AI program.
Don't blame me...I voted for Bill'n'Opus in '88