From: smb@research.att.com
To: peter honeyman <honey@citi.umich.edu>
Message Hash: f18b243f111598715010701dee2a9c7693e98fc2385dc931584ab24b5bb493dc
Message ID: <9306082053.AA26363@toad.com>
Reply To: N/A
UTC Datetime: 1993-06-08 20:53:48 UTC
Raw Date: Tue, 8 Jun 93 13:53:48 PDT
From: smb@research.att.com
Date: Tue, 8 Jun 93 13:53:48 PDT
To: peter honeyman <honey@citi.umich.edu>
Subject: Re: CERT: the letter from CERT to berkeley.edu admin
Message-ID: <9306082053.AA26363@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
and what do you make of their report on julf's non-existent
ftp area?
I don't know. The most charitable interpretation is that CERT is being
extremely careful about their own behavior, and they're not going
around probing for anonymous ftp on various sites without more than an
informant's tip that such a service is offered. Again, though, I'm
guessing. I do know that they're short on staff. They certainly can't
scan the archives, and a report of a non-existent anonymous ftp area
may be sufficiently rare they they never thought to check it.
steve, you know me well; you know i'm not a raving lunatic or
or a conspiracy-freak nut-case. but i believe it is more than
a coincidence that soda and penet were suddenly tarred by the
same brush.
Of course you're not a raving lunatic. Certainly, you rave at times,
but I don't think I've ever called you a lunatic...
perhaps cert is being used as a weapon, as marc suggested.
that is the most benign interpretation i can think of. so i
ask you again: don't you think cert might be jeopardizing its
effectiveness through these actions?
You're right -- the coincidence, if coincidence it is, is quite odd.
I'm more disturbed by the question of how CERT got the information; a
more common report would be from an administrator who found such
unwanted deposits, and who reported to CERT what sites sent them or
retrieved them. CERT will certainly hurt itself if it allows itself to
be used. But if most such reports are accurate, welcomed by the
administrators, and obtained from legitimate sources, they won't have a
problem.
I'm going to stop speculating, though. I'll send a note to various
folks at CERT (though without mentioning either cypherpunks, soda, or
anon.penet by name), and ask them what their policy is on such reports,
and in general where they come from.
--Steve Bellovin
Return to June 1993
Return to “smb@research.att.com”
1993-06-08 (Tue, 8 Jun 93 13:53:48 PDT) - Re: CERT: the letter from CERT to berkeley.edu admin - smb@research.att.com