From: “L. Detweiler” <ld231782@longs.lance.colostate.edu>
To: cypherpunks@toad.com
Message Hash: 669763958b5118c16af24a958b803e4d8316c1ce079093b0ac9359ec31f5d001
Message ID: <9308120640.AA05507@longs.lance.colostate.edu>
Reply To: N/A
UTC Datetime: 1993-08-12 06:42:45 UTC
Raw Date: Wed, 11 Aug 93 23:42:45 PDT
From: "L. Detweiler" <ld231782@longs.lance.colostate.edu>
Date: Wed, 11 Aug 93 23:42:45 PDT
To: cypherpunks@toad.com
Subject: Anonymity Warning! ID stored in TAR files
Message-ID: <9308120640.AA05507@longs.lance.colostate.edu>
MIME-Version: 1.0
Content-Type: text/plain
From Risks 14.81 Aug 11 93
===cut=here===
From: olaf@bigred.ka.sub.org (Olaf Titz)
Subject: Surprise! contained in tar file
The RISK of trusting in software to save confidentiality has recently been
exposed in a German newsgroup. On a debate whether DES is illegal in Germany
(it is not, by the way) someone posted a tarred, compressed, uuencoded archive
of DES code via an anonymizing service. (No discussion on the topic of
anonymization, please.) Not only that he forgot to delete the object code
before tarring (thus giving an indication which kind of hardware he uses). The
next day someone else posted an explanation why this action was stupid, giving
the anonymous poster's full real name and address. He found it out because the
tar he used leaves user names (not only UIDs, which would suffice to restore
file permission settings) in the tar file. Of course, this fact is not
mentioned explicitly in the man page rsp. info file (but the average user
wouldn't expect it in the first place...) where an explicit warning could be
considered appropriate.
Olaf Titz - olaf@bigred.ka.sub.org - s_titz@ira.uka.de
Return to August 1993
Return to ““L. Detweiler” <ld231782@longs.lance.colostate.edu>”
1993-08-12 (Wed, 11 Aug 93 23:42:45 PDT) - Anonymity Warning! ID stored in TAR files - “L. Detweiler” <ld231782@longs.lance.colostate.edu>