1993-02-23 - Re: anon.penet.fi hacking

Header Data

From: Johan Helsingius <julf@penet.FI>
To: Hal <74076.1041@compuserve.com>
Message Hash: ba9b4a8bb76be799606b347d2613f01dad16565df992ea98c0bc8e0c79bb6899
Message ID: <9302230955.aa20252@penet.penet.FI>
Reply To: <930223074743_74076.1041_DHJ21-1@CompuServe.COM>
UTC Datetime: 1993-02-23 08:52:04 UTC
Raw Date: Tue, 23 Feb 93 00:52:04 PST

Raw message

From: Johan Helsingius <julf@penet.FI>
Date: Tue, 23 Feb 93 00:52:04 PST
To: Hal <74076.1041@compuserve.com>
Subject: Re: anon.penet.fi hacking
In-Reply-To: <930223074743_74076.1041_DHJ21-1@CompuServe.COM>
Message-ID: <9302230955.aa20252@penet.penet.FI>
MIME-Version: 1.0
Content-Type: text/plain

> Well, I think I have deduced the identity of "Deadbeat" from his posting
> style.  I don't think Julf should say who he is.  This was an important
> demonstration of a weakness in the security of the remailers.


> The Penet remailer seems now to require a password for all messages; at
> least, I wasn't able to send to an5877@anon.penet.fi ("Deadbeat") without
> using my password.  So chaining through Cypherpunks remailers to Penet would
> seem not to be possible now.

Unless you include your password in the message! Remember that
anon.penet.fi can pick up the X-Anon-To: and X-Anon-Password: lines from
the start of the message text - they don't have to be header fields.

> Unless Eli's suggestion works - having our remailers put out a random
> "From:" line (perhaps just on mail to Penet?) might cause Penet to issue a
> new pseudonym for that apparent new user.  This would be kind of wasteful
> from Penet's perspective - all those pseudonyms are never going to be
> re-used.  But it might allow this form of chaining, without compromising the
> pseudonym of the remailer operator.

The social implications are more important.

> Another possibility would be for there to be a command to Penet to allow
> users to send truly anonymous mail, mail which does not have a meaningful
> "From" line (and in particular which does not have the user's Penet
> pseudonym displayed as the "From" address).  We could set our remailers to
> use that command for any mail sent to Penet.  Mail sent with that command
> would not need a password.  This would be an alternative way for users to
> deal with some of the other attacks, such as the one Deadbeat demonstrated.

I repeat: for general postings, we have to come up with a way to provide
anonymity while retaining a return path. Otherwise chaos ensues, just
look at the most blatant misuses of anon postings witnessed recently!

> P.S. - My, the list has sure been lively today.  Looks like we beat
> Extropians again on volume!

Yeah... Haven't ben able to get away from my machine to have my morning
shower yet (it's 10:30am in Finland).