Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site mit-eddie.UUCP Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!nessus From: nessus@mit-eddie.UUCP (Doug Alan) Newsgroups: net.music,net.rumor Subject: Re: Attention, Responsible Net Users! (And K-Mart Shoppers!) Message-ID: <4688@mit-eddie.UUCP> Date: Sun, 14-Jul-85 08:30:05 EDT Article-I.D.: mit-eddi.4688 Posted: Sun Jul 14 08:30:05 1985 Date-Received: Wed, 17-Jul-85 04:29:56 EDT References: <4669@mit-eddie.UUCP> <3347@dartvax.UUCP> Distribution: net.music,net.rumor Organization: MIT, Cambridge, MA Lines: 40 Xref: watmath net.music:8288 net.rumor:1000 ["And if he left off dreaming about you, where do you suppose you'd be?"] > From: markv@dartvax.UUCP (Mark F. Vita) > All right. I give up. What assurance do we netters have that this > last message is not also a forgery? Will the real Doug Alan please > stand up? None! But it isn't. Really! This is me. > A more critical issue is: how is it possible for someone to post > a forged message? Come on. The UseNet is just a bunch of computers that call each up other over phone lines. There is no hope of security, unless we start using something like public key encryption (can you say "overhead"?!!). Anyone who has super-user privileges on a computer on the UseNet can create a forgery. How many Trash-80s running Xenix and UUCP are there out there? > This would seem to be a MAJOR, serious problem with the posting > software, if it indeed allows this to happen. Anybody could go around > posting malicious articles and putting other people's names on them. Yup, but only super-users. > Maybe a report to net.unix-wizards or some such is in order? I'm sure they already know about the lack of security of the UseNet. > I just hope this isn't some sort of extremely bizzarre joke being > played out by Mr. Alan... On you and me. Certainly not by me! "Golden void, he speaks to me Denying my reality" Doug Alan nessus@mit-eddie.UUCP (or ARPA)