From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Thu, 28 Jul 94 13:44:49 PDT
To: nzook@math.utexas.edu
Subject: Re:  (fwd) Possible compromise of anon.penet.fi
Message-ID: <9407282035.AA21873@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text/plain


> From: barnett@convex.com (Paul Barnett)
> Newsgroups: alt.privacy
....
> Someone has been collecting email addresses, apparently from postings
> to Usenet, and forging them to anonymous postings through
> anon.penet.fi to alt.test.
......
> My condolences to those people that have been caught in this net.
> This is one of the most despicable forms of net.terrorism that I have
> encountered.

It's an interesting weakness, and at least as serious as the
naXXXXX / anXXXXX problem that reveals your identity if you send
email to another anonym.  

The one anonym I've used on anon.penet.fi is already known to at
least one other person (to whom I'd sent mail about the fact that
they'd included their .signature in an anonymous article :-)

I disagree with the "despicable" opinion, though it's certainly a
serious problem and it would certainly have been nicer if the 
cracker had done only a limited number as a demonstration (maybe this
counts; I don't know.)  BUt if our tools have technical weaknesses,
it's *much* nicer to find out from a non-police-agency cracker than
to learn about it when they start knocking on your door.

It sounds like there's a need to separate the email and news-posting
parts of the anon.penet.fi software, or go to stronger anon-reply
methods like the one on the newer cypherpunks remailers.

		Bill
		
# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email bill.stewart@pleasantonca.ncr.com billstewart@attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465