From: norm@netcom.com (Norman Hardy)
To: cypherpunks@toad.com
Message Hash: d55657227f5c3f5091696dd1305b4b375c091ae08d0cdc856999eaa6052e320d
Message ID: <9304210008.AA25503@netcom4.netcom.com>
Reply To: N/A
UTC Datetime: 1993-04-21 00:08:25 UTC
Raw Date: Tue, 20 Apr 93 17:08:25 PDT
From: norm@netcom.com (Norman Hardy)
Date: Tue, 20 Apr 93 17:08:25 PDT
To: cypherpunks@toad.com
Subject: Anonymous Remailers, WB etc.
Message-ID: <9304210008.AA25503@netcom4.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
If I were chartered to be prepared to find the source
of anonymous mail, and had the money, attitude and
resources that skeptics among us assume are available
for such efforts, here is how I would proceed. This plan
is due, in part, to my experience in building secure operating
systems.
I would catalog the various weaknesses of Unix and perhaps
other systems where the remailers live.
I would make a list of remailers and suspected remailers.
I would design programs that would inhabit the remailer machines
benignly except for gathering information that I need.
Such efforts are a natural by product of the public NCSC charter
to know OS weaknesses.
I would further examine the IP protocols for weaknesses.
Those protocols trust not only the machines thru which the
data flows but also trusts other machines on the net not to
introduce phony datagrams that at least bolix legitimate
traffic and may well spoof it. This is aided by a real time
passive tap on the links carrying the legitimate traffic.
It is not the style of this group to study OS security and I don't
propose to change the style. OS security and protocol security may,
however, be an Achilles heel to anonymity.
Return to April 1993
Return to “norm@netcom.com (Norman Hardy)”
1993-04-21 (Tue, 20 Apr 93 17:08:25 PDT) - Anonymous Remailers, WB etc. - norm@netcom.com (Norman Hardy)