1994-07-29 - Re: Tuna fish and spam sandwich

Header Data

From: Johan Helsingius <julf@penet.fi>
To: cjl <cjl@welchlink.welch.jhu.edu>
Message Hash: 8f0b87c8da54d56c1e191cc7d7087c75c7f29255b56cb1831ad063db9bc296bf
Message ID: <199407291233.AA27548@lassie.eunet.fi>
Reply To: <Pine.3.89.9407282053.A17233-0100000@welchlink.welch.jhu.edu>
UTC Datetime: 1994-07-29 12:34:12 UTC
Raw Date: Fri, 29 Jul 94 05:34:12 PDT

Raw message

From: Johan Helsingius <julf@penet.fi>
Date: Fri, 29 Jul 94 05:34:12 PDT
To: cjl <cjl@welchlink.welch.jhu.edu>
Subject: Re: Tuna fish and spam sandwich
In-Reply-To: <Pine.3.89.9407282053.A17233-0100000@welchlink.welch.jhu.edu>
Message-ID: <199407291233.AA27548@lassie.eunet.fi>
MIME-Version: 1.0
Content-Type: text/plain



Hmm. Maybe I should rejoin the cypherpunks list, after all..

> Does this form of "lunch-sack" attack really work?  By spamming penet.fi
> with "tuna fish" messages with forged From: lines can one really get the
> true names and corresponding anon acct numbers of people from a list of 
> addresses?

It does. But only if the user hasn't set a password. That's why I implemented
the password feature! I have also zapped all queued-up "tuna" messages.

But the whole current server is getting to be a horrible patchwork. I am
working on a total redesign/rewrite, as well as upgrading the machine and
the connection, to eliminate the delays and allow PGP. But to do all that,
I am going to need sponsors/support. Preliminary discussions started
with a couple of organisations.

	Julf






Thread