Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10 beta 3/9/83; site frog.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!cybvax0!frog!john
From: john@frog.UUCP (John Woods)
Newsgroups: net.rumor
Subject: Re: Attention, Responsible Net Users!  (And K-Mart Shoppers!)
Message-ID: <226@frog.UUCP>
Date: Mon, 15-Jul-85 14:04:11 EDT
Article-I.D.: frog.226
Posted: Mon Jul 15 14:04:11 1985
Date-Received: Thu, 18-Jul-85 20:30:10 EDT
References: <4669@mit-eddie.UUCP> <3347@dartvax.UUCP> <4688@mit-eddie.UUCP>
Organization: Charles River Data Systems, Framingham MA
Lines: 36

> ["And if he left off dreaming about you, where do you suppose you'd be?"]
> > From: markv@dartvax.UUCP (Mark F. Vita)
> > All right.  I give up.  What assurance do we netters have that this
> > last message is not also a forgery?  Will the real Doug Alan please
> > stand up?
> None!  But it isn't.  Really!  This is me.
> > A more critical issue is:  how is it possible for someone to post
> > a forged message?
> Come on.  The UseNet is just a bunch of computers that call each up
> other over phone lines.  There is no hope of security, unless we start
> using something like public key encryption (can you say "overhead"?!!).
> Anyone who has super-user privileges on a computer on the UseNet can
> create a forgery.  How many Trash-80s running Xenix and UUCP are there
> out there?
> > This would seem to be a MAJOR, serious problem with the posting
> > software, if it indeed allows this to happen.  Anybody could go around
> > posting malicious articles and putting other people's names on them.
>
> Yup, but only super-users.

Nope, anyone.  I an loathe to state the mechanism, which (probably) just
about anyone can use, because just about everyone WILL use it.  It's simple,
it's fun, and it's been done before, many, many times...

And how many CP/M systems run Lauren's UUCP version?  Like most problems,
this one gets worse the more you think of it.

			Not afraid to sign a blast from the past,

--
John Woods, Charles River Data Systems, Framingham MA, (617) 626-1101
...!decvax!frog!john, ...!mit-eddie!jfw, jfw%mit-ccc@MIT-XX.ARPA

I have a bad habit of thinking of tremendously witty .signatures just before
I fall asleep.  If I kept paper by my bed, you'd probably be laughing
uncontrollably at this very moment.  Sorry.