1997-10-13 - Re: mailing list attacks (was Re: Stronghold)

Header Data

From: TruthMonger <tm@dev.null>
To: Adam Back <aba@dcs.ex.ac.uk>
Message Hash: 49ba7ccfc7c2a6d930433584e7e9245352c6a96bf2bf8dfbc8bf990e03a62ff8
Message ID: <3442853B.74BF@dev.null>
Reply To: <199710131455.PAA02279@server.test.net>
UTC Datetime: 1997-10-13 20:55:06 UTC
Raw Date: Tue, 14 Oct 1997 04:55:06 +0800

Raw message

From: TruthMonger <tm@dev.null>
Date: Tue, 14 Oct 1997 04:55:06 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: mailing list attacks (was Re: Stronghold)
In-Reply-To: <199710131455.PAA02279@server.test.net>
Message-ID: <3442853B.74BF@dev.null>
MIME-Version: 1.0
Content-Type: text/plain

Adam Back wrote:
> Mailing lists are pretty vulnerable to spoofing in various ways.  At
> the time of the attack, an additional possible class of spoof which
> may or may not have been occuring would have been:
> For someone to use the list of subscribers available for the lists
> homed at majordomo @ toad.com to fuck with peoples minds.  For example
> by sending messages with forged From & other headers making them
> appear as if they did come from toad.com to all subscribers, or some
> subset of them.
> That would allow one to construct some very interesting problems: for
> example Sandy apparently passing to the edited list something which
> seemed violently out of character, but sending it to everyone but him,
> so that he would deny seeing it even, and look like every one else as
> if he were blatantly lying.
> Or to generally mess with who you sent to for different lists and
> combinations of lists.  This would allow you to construct all sorts of
> apparently independently confirmable conspiracy theories.
> I'm not sure some of these things weren't happening.  There are a few
> current and former list members who delight in this kind of clever
> prank.

Many weird things happened during the course of the list censorship, not
the least of which was that every time someone on the list pointed out
apparent discrepancies between what was announced as being done and
reality, the mechanizations behind the list would change to become
more obscure.
More than one list member called this bullshit when I pointed it out, 
then shit a brick  when they researched the matter themselves, and 
found it to be true.

I was subscribed to all three lists at one time or another, and was
also subscribed from more than one account. I also had another list
member forward me their archive of posts from the lists.
There was a variety of interesting things which one could divine from
the different 'versions' of the list that appeared from these three
sources, one of which was that some controversial posts seemed to
go out from toad.com to *only* the person who sent it (or to people
who were cc:'d on the post), making it appear to the sender that 
their post had gone out to everyone on the list.
I had already suspected this from the fact that some rather outrageous
posts seemed to go unnoticed on the list, and I had confirmed it to
a certain extent by cc:'ing and bcc:'in certain individuals, but an
analysis of all the posts in my possession, from different sources,
confirmed it beyond doubt.

Although a variety of individuals could confirm various details of 
what I have described, the 'facts' are still pretty much meaningless
to those who did not personally do the footwork themselves.
Much the same applies to the Corporate Message Recovery of the new
alien-PGP being discussed on the Cypherpunks list.
Your best weapon is your nose. When something smells bad, it usually
is. All of the analysis I did of list posts served mainly to convince
myself that my original deductions, based on far less information,
were correct.

My main problem with the new product is that it trades on the name and
reputation of PGP to promote a product which serves a totally different
market and need.
It is similar to my using the status of a long-established
Crazy Ramblings" mailing list to promote "TruthMonger's Trustworthy
Products Mailing List" to the three list subscribers. (Or the use of
Lennon's music to sell sneakers...<barf> <barf>)

The *real* question is: "Does the packaging have a picture of an actor
a white smock, with a stethescope around his neck, a big-breasted nurse,
licking her hot, wet lips, and a child, petting a dog?"
If it does, then buy all of the company's stock that you can get your
hands on.