Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!mit-eddie!minya!jc
From: jc@minya.UUCP (John Chambers)
Newsgroups: news.admin,news.sysadmin
Subject: Re: Net userid forgery
Message-ID: <416@minya.UUCP>
Date: Sat, 28-Nov-87 10:58:17 EST
Article-I.D.: minya.416
Posted: Sat Nov 28 10:58:17 1987
Date-Received: Mon, 30-Nov-87 03:55:20 EST
References: <25742COK@PSUVMA> <25756HD6@PSUVMA> <25760HD6@PSUVMA>
Organization: home
Lines: 40
Xref: mnetor news.admin:1443 news.sysadmin:503


Say, why all the fuss?  I mean, I can write a letter with your name and
address in the upper left hand corner, take it to the post office in your
home town, and mail it.  This is easy (except for the cost of the plane
ticket to reach your home town :-).  But nobody suggests that this is a
fatal flaw in the postal system, or that the whole system should be shut
down because of it.

I can also call someone up and claim I'm you, commit some slander, and
hang up.  Everybody knows this, and sometimes people do it.  But nobody
is shouting that it's a fatal flaw in the phone system, or that we must
shut down the phone system because of it.

Let's get real here.  Any hacker with super-user access on a machine can
post news (or mail) with fake source info.  If you have email or news on
a MS/DOS machine, there isn't even any security to defeat.  But it's not
a fatal flaw, and we're not going to shut down email or netnews because
of it.  We just need to be aware of the problem, and develop social/legal
means of dealing with it.

It's not new with computers.  Slander and libel have existed for ages,
and we have (semi-effective) ways of dealing with it.  Let's not pretend
that computers are something so new that centuries of experience should
be tossed out the window.

First off, maybe you should start reminding yourself, when you see an
offensive posting, that it just might not have been done by the person
named in the header or the signature.  Before posting to the world, try
sending them email asking whether they really said that.

Also, if someone fakes your id, try posting a disclaimer immediately,
and ask the others on the network to track down the perpetrator.  You
might be surprised at how effective that might be.  

And in some cases, you'll find that the perpetrator was flakey software
that mangled the article. 


-- 
John Chambers <{adelie,ima,maynard,mit-eddie}!minya!{jc,root}> (617/484-6393)