From: Rick Busdiecker <rfb@lehman.com>
To: jdd@aiki.demon.co.uk
Message Hash: fc58646380f0489725d8d3bb16fe1fa58ce4bfbc3011e5eb1b376dbe56947c09
Message ID: <9407311552.AA19224@fnord.lehman.com>
Reply To: <2956@aiki.demon.co.uk>
UTC Datetime: 1994-07-31 15:53:03 UTC
Raw Date: Sun, 31 Jul 94 08:53:03 PDT
From: Rick Busdiecker <rfb@lehman.com>
Date: Sun, 31 Jul 94 08:53:03 PDT
To: jdd@aiki.demon.co.uk
Subject: Re: penet hack
In-Reply-To: <2956@aiki.demon.co.uk>
Message-ID: <9407311552.AA19224@fnord.lehman.com>
MIME-Version: 1.0
Content-Type: text/plain
Date: Sun, 31 Jul 94 14:18:48 GMT
From: Jim Dixon <jdd@aiki.demon.co.uk>
I got a message from anon.penet.fi this morning:
> You have sent a message using the anonymous contact service.
> You have been allocated the code name an118709.
This is a direct result of the following:
Date: Sun, 31 Jul 94 08:32:24 PDT
From: Majordomo@toad.com
Subject: Majordomo results
>>>> who cypherpunks
Members of list 'cypherpunks':
. . .
an111447@anon.penet.fi
So, anything that you send to cypherpunks also goes to this loser, who
then can associate your two identities. Since your an*@anon.penet.fi
address was just allocated, you have not been compromised very badly.
It's possible that this person is simply ignorant rather than
malicious. Subscribing as na111447@anon.penet.fi would have given the
subscription anon.penet.fi-level security without compromising other
users of that service.
The people with the most exposure are those who use anon.penet.fi but
who do not use the X-Anon-Password feature. If you use a password and
send a message to cypherpunks, you should get a message from
anon.penet.fi saying that you forgot to use your password when you
sent the message, but the loser will not get the (un)anonymized
version of your cypherpunks message. Of course, there's marginal
security even with the password feature as the password is transmitted
as plaintext.
Rick
Return to July 1994
Return to “Rick Busdiecker <rfb@lehman.com>”