From: Mark Hittinger <bugs@netsys.com>
Date: Mon, 24 Jan 94 21:06:43 PST
To: cypherpunks@toad.com
Subject: remailer wailer
Message-ID: <199401250450.AA24896@netsys.com>
MIME-Version: 1.0
Content-Type: text




Please do not pay attention to the arguments by some that improvements
which do not solve something *completely* should be forgotten.

Please do make some of the changes that the e-vil Det has suggested.  If
some of them don't work out you can always unwind them.  Det strikes me
as just another guy who can't keep his mouth shut when he notices an
emp-error with no clothes on. :-)

Watching internet security is a window on what your remailer situation
could be like in 5 years.  Right now you have a lot of overpaid network
administrators who have not put in important fixes that were stale when
the Berlin wall came down! :-)  Right now you have a lot of overpaid
operating systems "developers" that have cemented and calcified a mass
of kludges into the commercial rigor mortis known as Unix.  

The weakness of these systems is so well known that virtually anyone who
wants to take a shot at it can do so.  Please do something to raise the
difficulty level of screwing around with your anti-police-state tools
such as remailers.  You don't need to write or devise the end-all 
solution - just raise the wall a little each year.

The kids get their game-genie codes to make video games do things that the
original designers did not intend.  The kids don't know why the codes
do what they do and they don't care to experiment too much to find out
what else can be done.  A precious and valuable few do.

The kids on the internet are like the game-genie kids in many ways.  They
avidly wait for the next phrack so that they can get the latest SUNOS
game genie code.  Perhaps this month its another sendmail flaw, or maybe 
a /dev/nit problem.  In any event, there will be a recipe for doing it
and the kids don't care why it does what it does, or what else can be
done.  We have an entire generation of "hackers" who are of little use
to "us" because they can't blue sky, read source code, theorize about
a hole/race condition, and set up a test to exploit it.  All they care
about is having the latest "how-to" sheet.

If the operating systems developers and network administrators had been
raising the difficulty level all along the kids would either drop out 
or get better.  The ones that got better would be of use.

Don't let the remailers go the same way.  Please do some of the minimal
things to cover some of the common ideas.  If someone comes up with a
neat twist and still pulls something - *great*.  At least it will be fun.
There is nothing more boring than a continual series of attacks using a
stale technique.  You guys could breed that for the future if thats what
you want.  Some kid with a remailer genie code could get the press or
government interested in your toys before you want them to know.

It would really be funny to see you guys form a "RERT" modeled after
the highly successful "CERT".  Remailer emergency response team.

Do something!  You have no clothes!  You live in a glass house!  A stitch
in time saves nine!  

Finally - an old system administrator experience is to never delete the
accounts of trouble makers.  Always leave their favorite accounts be.  It
is much easier to keep tabs on them.  If you harrass them they will go
underground and you will miss things.
---------
Whats back with the wrong-ups?
Finger me for pee gee pee