-----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, nzook@math.utexas.edu forwards:
From: barnett@convex.com (Paul Barnett) Newsgroups: alt.privacy Subject: Possible compromise of anon.penet.fi Date: 27 Jul 94 22:09:28 GMT Organization: CONVEX News Network, Engineering (cnn.eng), Richardson, Tx USA Lines: 29 Message-ID: <barnett.775346968@cnn.eng.convex.com> NNTP-Posting-Host: zeppelin.convex.com
Someone has been collecting email addresses, apparently from postings to Usenet, and forging them to anonymous postings through anon.penet.fi to alt.test.
The text of the posting states the REAL email address of the poster, under a posting attributed to the anonymous ID assigned to that poster.
I actually saw this article in alt.privacy, and sort of mentally filed it. Then, this morning, I received a note from anon.penet.fi informing me of my anonymous ID. I don't use penet, and never sent anything through there anonymously. I first thought it might have been a mail-bombing run, but then I re-read this:
However, there are some lower numbered anonymous IDs, presumably in previous use by the addressee named in the text of the message. These anonymous addresses are now compromised.
I think this might be a forked attack... trying to flood penet with traffic, and also outing people who have used penet for anonymous traffic previously. This is a good argument against maintaining a double-blind database (and in favor of systems like soda.berkeley.edu's remailer with its 'response block' strategy). Does anyone else smell Detweiler? - -- Roy M. Silvernail -- roy@sendai.cybrspc.mn.org "Usenet: It's all fun and games until somebody loses an eye." --Jason Kastner<jason@wagner.com> -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLjg4FRvikii9febJAQHwEgQAur6SNxVzxvapKJIbQzETTs0QbesD7OVm 17Q69O6maK2qM/sb8zkv1iaktWZNqvj5A5WJmOF8HqQM+EUCEJq3CWsluEk1VVLB kqlRFcaSk2/FYoLgNo58ITfLnZxwKTSX0jI25iVlpMAbWUoLt1voUNN44rtINzYG DDQsWLs7p/k= =t6My -----END PGP SIGNATURE-----