and what do you make of their report on julf's non-existent ftp area? I don't know. The most charitable interpretation is that CERT is being extremely careful about their own behavior, and they're not going around probing for anonymous ftp on various sites without more than an informant's tip that such a service is offered. Again, though, I'm guessing. I do know that they're short on staff. They certainly can't scan the archives, and a report of a non-existent anonymous ftp area may be sufficiently rare they they never thought to check it. steve, you know me well; you know i'm not a raving lunatic or or a conspiracy-freak nut-case. but i believe it is more than a coincidence that soda and penet were suddenly tarred by the same brush. Of course you're not a raving lunatic. Certainly, you rave at times, but I don't think I've ever called you a lunatic... perhaps cert is being used as a weapon, as marc suggested. that is the most benign interpretation i can think of. so i ask you again: don't you think cert might be jeopardizing its effectiveness through these actions? You're right -- the coincidence, if coincidence it is, is quite odd. I'm more disturbed by the question of how CERT got the information; a more common report would be from an administrator who found such unwanted deposits, and who reported to CERT what sites sent them or retrieved them. CERT will certainly hurt itself if it allows itself to be used. But if most such reports are accurate, welcomed by the administrators, and obtained from legitimate sources, they won't have a problem. I'm going to stop speculating, though. I'll send a note to various folks at CERT (though without mentioning either cypherpunks, soda, or anon.penet by name), and ask them what their policy is on such reports, and in general where they come from. --Steve Bellovin