From: Richard Johnson <Richard.Johnson@Colorado.EDU>
To: cypherpunks@toad.com
Message Hash: e7de5500789d9a97ddeff74daae47ffd4cd3d0e6fbf7fc3777215960dcc68e22
Message ID: <199408012223.QAA21710@spot.Colorado.EDU>
Reply To: N/A
UTC Datetime: 1994-08-01 22:23:54 UTC
Raw Date: Mon, 1 Aug 94 15:23:54 PDT
From: Richard Johnson <Richard.Johnson@Colorado.EDU>
Date: Mon, 1 Aug 94 15:23:54 PDT
To: cypherpunks@toad.com
Subject: Anonymous message failed (wrong password) (fwd)
Message-ID: <199408012223.QAA21710@spot.Colorado.EDU>
MIME-Version: 1.0
Content-Type: text/plain
------- Forwarded message:
| From: daemon@anon.penet.fi
| Date: Mon, 1 Aug 94 22:15:07 +0300
| Subject: Anonymous message failed (wrong password)
|
| The message you sent to the anonymous server could not be processed, as your
| password (in the X-Anon-Password: header) didn't match the one stored in the
| server. Either you have made a mistake, or somebody has used your account and
| changed the password. If the latter is the case, please contact
| admin@anon.penet.fi.
Julf -
You need to add something to that message. I made no mistake, and no-one
has changed my password. I simply mailed to a mailing list that has an
anXXXXX@penet.fi address subscribed. Your service is too insecure to
notice :-), and automatically 'out's anyone who unknowingly posts to such
a list. All someone has to do is subscribe via an anon ID, and via a
non-anon ID, then compare messages to associate anon IDs with regular
addresses.
How about adding: "Either you mailed to a list to which an anonymous ID
has been subscribed, you have made a mistake, or...."
I'd also strongly suggest that you stop automatically allocating anon IDs
for folks who don't mail directly to your service. Perhaps you could
reduce the load on your machine (and increase user security) by sending
directly to the bit-bucket any messages where the Sender: and From:
headers don't at least come from the same domain?
Return to August 1994
Return to “Richard Johnson <Richard.Johnson@Colorado.EDU>”
1994-08-01 (Mon, 1 Aug 94 15:23:54 PDT) - Anonymous message failed (wrong password) (fwd) - Richard Johnson <Richard.Johnson@Colorado.EDU>