1997-10-13 - mailing list attacks (was Re: Stronghold)

Header Data

From: Adam Back <aba@dcs.ex.ac.uk>
To: jeffb@issl.atl.hp.com
Message Hash: a6d5efe9fcf23892aa79db88a2b7b3ca19aca3d331b372ecc40a1512ab4629f9
Message ID: <199710131455.PAA02279@server.test.net>
Reply To: <199710131452.KAA26663@jafar.issl.atl.hp.com>
UTC Datetime: 1997-10-13 19:33:17 UTC
Raw Date: Tue, 14 Oct 1997 03:33:17 +0800

Raw message

From: Adam Back <aba@dcs.ex.ac.uk>
Date: Tue, 14 Oct 1997 03:33:17 +0800
To: jeffb@issl.atl.hp.com
Subject: mailing list attacks (was Re: Stronghold)
In-Reply-To: <199710131452.KAA26663@jafar.issl.atl.hp.com>
Message-ID: <199710131455.PAA02279@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain




Jeff Barber <jeffb@issl.atl.hp.com> writes:
> > Dimitri Vulis <dlv@bwalk.dm.com> writes:
> > > did _not appear on the "unedited" list. Nevertheless at least one
> > > lying C2Net shill from Hewlett Packard claims that my articles
> > > appearing on the unedited list on January 30th prove that I wasn't
> > > being filtered from "unedited" one week later.
> > 
> > Some thing's just can't be proven.  That logic clearly doesn't flow.
> 
> For the record, I made no such claim.  In fact, my exact words were:
> 
> [me:]
> > Since obviously none of us who were on the -unedited list can say for 
> > sure whether we received everything sent to it, I can't say with 
> > certainty this never happened.  But....
> > This is the problem with being known as a liar.  Nobody is inclined to
> > believe what you say without substantitation.  So I still don't see any
> > reason to believe that anything was "censored" from the unedited list.

One additional reason to believe that at least some things were
disappearing from the unedited list was Attila's claim that some of
his posts weren't getting through to the unedited list also.

Notice that I don't say why they were disappearing because that is
almost difficult to prove at this point.  I detailed Attila's claims
in the post you are replying to.

> But Dimitri has claimed that there were "numerous people" who were 
> CC'd to the message that is alleged to have disappeared from -unedited.
> I'm sure they'll all be chiming in to back him up just like John Young 
> did. :-)

Mailing lists are pretty vulnerable to spoofing in various ways.  At
the time of the attack, an additional possible class of spoof which
may or may not have been occuring would have been:

For someone to use the list of subscribers available for the lists
homed at majordomo @ toad.com to fuck with peoples minds.  For example
by sending messages with forged From & other headers making them
appear as if they did come from toad.com to all subscribers, or some
subset of them.

That would allow one to construct some very interesting problems: for
example Sandy apparently passing to the edited list something which
seemed violently out of character, but sending it to everyone but him,
so that he would deny seeing it even, and look like every one else as
if he were blatantly lying.

Or to generally mess with who you sent to for different lists and
combinations of lists.  This would allow you to construct all sorts of
apparently independently confirmable conspiracy theories.

I'm not sure some of these things weren't happening.  There are a few
current and former list members who delight in this kind of clever
prank.

Reckon you could do something about some of these attacks by adding
signatures on outgoing mail from the mailing list, and by posting
regular message digests of posts to the list to make it harder for
people to deny service to one individual.

Even unsubscribing and subscribing other people was not prevented
originally with toad, but there are existing methods to solve this
problem in that newer versions of majordomo allow nonces to be sent
for confirmations of these things.  Doesn't stop recursive list
subscriptions, nor subscribing one list to another (because the
attacker can see the nonce appear in the list).

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`






Thread