1993-06-08 - Re: CERT: the letter from CERT to berkeley.edu admin

Header Data

From: smb@research.att.com
To: peter honeyman <honey@citi.umich.edu>
Message Hash: f18b243f111598715010701dee2a9c7693e98fc2385dc931584ab24b5bb493dc
Message ID: <9306082053.AA26363@toad.com>
Reply To: N/A
UTC Datetime: 1993-06-08 20:53:48 UTC
Raw Date: Tue, 8 Jun 93 13:53:48 PDT

Raw message

From: smb@research.att.com
Date: Tue, 8 Jun 93 13:53:48 PDT
To: peter honeyman <honey@citi.umich.edu>
Subject: Re: CERT: the letter from CERT to berkeley.edu admin
Message-ID: <9306082053.AA26363@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


	 and what do you make of their report on julf's non-existent
	 ftp area?

I don't know.  The most charitable interpretation is that CERT is being
extremely careful about their own behavior, and they're not going
around probing for anonymous ftp on various sites without more than an
informant's tip that such a service is offered.  Again, though, I'm
guessing.  I do know that they're short on staff.  They certainly can't
scan the archives, and a report of a non-existent anonymous ftp area
may be sufficiently rare they they never thought to check it.

	 steve, you know me well; you know i'm not a raving lunatic or
	 or a conspiracy-freak nut-case.  but i believe it is more than
	 a coincidence that soda and penet were suddenly tarred by the
	 same brush.

Of course you're not a raving lunatic.  Certainly, you rave at times,
but I don't think I've ever called you a lunatic...

	 perhaps cert is being used as a weapon, as marc suggested.
	 that is the most benign interpretation i can think of.  so i
	 ask you again:  don't you think cert might be jeopardizing its
	 effectiveness through these actions?

You're right -- the coincidence, if coincidence it is, is quite odd.
I'm more disturbed by the question of how CERT got the information; a
more common report would be from an administrator who found such
unwanted deposits, and who reported to CERT what sites sent them or
retrieved them.  CERT will certainly hurt itself if it allows itself to
be used.  But if most such reports are accurate, welcomed by the
administrators, and obtained from legitimate sources, they won't have a
problem.

I'm going to stop speculating, though.  I'll send a note to various
folks at CERT (though without mentioning either cypherpunks, soda, or
anon.penet by name), and ask them what their policy is on such reports,
and in general where they come from.

		--Steve Bellovin





Thread