1995-11-08 - Re: DejaNews all over again

Header Data

From: anonymous-remailer@shell.portal.com
To: cypherpunks@toad.com
Message Hash: a91630684880747fe4e1a5c07968e94677116191a579657839f4de87f84949b6
Message ID: <199511080306.TAA10540@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1995-11-08 03:28:16 UTC
Raw Date: Wed, 8 Nov 1995 11:28:16 +0800

Raw message

From: anonymous-remailer@shell.portal.com
Date: Wed, 8 Nov 1995 11:28:16 +0800
To: cypherpunks@toad.com
Subject: Re: DejaNews all over again
Message-ID: <199511080306.TAA10540@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 7 Nov 1995 lmccarth@cs.umass.edu wrote:

> your True Name (verinym) from your name on the net. 
> Many will want to use 
> tentacles (*), er, separate pseudonyms for discussions in different parts of 
> the net. After all, I might not want the c'punks to hear about my past life
> as a control freak (pun intended) in alt.config. Just a reminder....
> 

> (*) Speaking of tentacles, Dejanews reveals that my name is on the long list
> of people whose signatures have been appropriated by Detweiler ;)

You too, eh??

I wish that Detweiler could (seriously) go back to wherever he came from. 
Hopefully this time, he can make the attempt ... backwards. 

I no longer become incensed at his type of spoofing.  I understand that a
message may look like it appears to come from a site, but it in fact
doesn't.  Who really knows??  

Even a message that is PGP signed isn't guaranteed to be from the person
who apparently signed it.  Someone might have a web server that asks
Netscape Navigator (very politely) to send out someone's secret PGP keyring,
or asks Navigator to monitor a person's keystrokes when they enter their
password, or heaven forbid their electronic daytimer.

Once you have that, it's easy to send a forged PGP SIGNED email.  Even 
worse, most readers of email will tend to believe that an electronic 
signature is prima facie evidence that a message is from who it 
appears to be from.

It just doesn't work that way.  

You have to look at the message and use "fuzzy" logic to determine how
probable it is that a given message is from the person who it represents
itself as coming form.  And sometimes, you'll be wrong.

Just like the good old, "Dr. Frederick B. Cohen", who posted to this list. 

Is he really the Dr. Cohen, noted international computer virus expert, the
very man who coined the term "computer virus", or isn't he?  Is he the man
who the US military approached to verify whether missile guidance systems
could be compromised by a foreign power utilizing a trojan horse or virus,
or not.  Do we believe his web page?? 

Even if we do, do we place a greater degree of trust in his words, than
that of say, yours truly, Alice de 'nonymous, or of someone who claims to 
be Tim May when they BOTH say that there are very serious flaws and 
deficincies in the Netscape Navigator product?  Or do we infer that a 
"no comment" coming from AT&T and Netscape, acts as confirmation that 
the *information* in the post is reliably correct.

It's impossible to say with certainty.

Maybe if someone on this mailing list attended Dr. Cohen's talk today at 
the Hilton Hotel, in Washington, D.C., and fills us in with what he said, 
(if we can trust _that_ poster) and we independently verify for ourselves
whether what _he_ (Dr. Cohen or Mr. Confirmation) is saying *seems* to be
reasonable, then we _might_ be able to say that we _may_ be reasonably
certain, that we DO have an international celebrity amongst us and posting
to this list, and notifying the world of a serious problem.

I mean what would you expect, a Press Release??



Alice de 'nonymous ...

                                  ...just another one of those...


P.S.  This post is in the public domain.
                  C.  S.  U.  M.  O.  C.  L.  U.  N.  E.






Thread