Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!husc6!mit-eddie!minya!jc From: jc@minya.UUCP (John Chambers) Newsgroups: news.admin,news.sysadmin Subject: Re: Net userid forgery Message-ID: <416@minya.UUCP> Date: Sat, 28-Nov-87 10:58:17 EST Article-I.D.: minya.416 Posted: Sat Nov 28 10:58:17 1987 Date-Received: Mon, 30-Nov-87 03:55:20 EST References: <25742COK@PSUVMA> <25756HD6@PSUVMA> <25760HD6@PSUVMA> Organization: home Lines: 40 Xref: mnetor news.admin:1443 news.sysadmin:503 Say, why all the fuss? I mean, I can write a letter with your name and address in the upper left hand corner, take it to the post office in your home town, and mail it. This is easy (except for the cost of the plane ticket to reach your home town :-). But nobody suggests that this is a fatal flaw in the postal system, or that the whole system should be shut down because of it. I can also call someone up and claim I'm you, commit some slander, and hang up. Everybody knows this, and sometimes people do it. But nobody is shouting that it's a fatal flaw in the phone system, or that we must shut down the phone system because of it. Let's get real here. Any hacker with super-user access on a machine can post news (or mail) with fake source info. If you have email or news on a MS/DOS machine, there isn't even any security to defeat. But it's not a fatal flaw, and we're not going to shut down email or netnews because of it. We just need to be aware of the problem, and develop social/legal means of dealing with it. It's not new with computers. Slander and libel have existed for ages, and we have (semi-effective) ways of dealing with it. Let's not pretend that computers are something so new that centuries of experience should be tossed out the window. First off, maybe you should start reminding yourself, when you see an offensive posting, that it just might not have been done by the person named in the header or the signature. Before posting to the world, try sending them email asking whether they really said that. Also, if someone fakes your id, try posting a disclaimer immediately, and ask the others on the network to track down the perpetrator. You might be surprised at how effective that might be. And in some cases, you'll find that the perpetrator was flakey software that mangled the article. -- John Chambers <{adelie,ima,maynard,mit-eddie}!minya!{jc,root}> (617/484-6393)