Newbie comments. (fwd)

Forwarded message:

From cypherpunks-request@toad.com Tue Feb 23 15:40:37 1993 From: J. Michael Diehl Message-Id: <9302232326.AA26860@triton.unm.edu> Subject: Newbie comments. To: cypherpunks@toad.com Date: Tue, 23 Feb 93 16:26:08 MST X-Also-Known-As: Thunder X-Goal-In-Life: To make a lot of money -- Wanna make a donation? X-Mailer: ELM [version 2.3 PL8]

I've been listening to this list quietly for about 2 weeks. Althought the signal to noize ration as been a bit low lately, ;^) it's been very interesting.

I like the idea of alt.whistle.blowers, and support anything that promotes privacy, and Constitutional rights.

But I have a (newbie?) question. Isn't it true that, at the network level, it is still possible to tell where a message came from and where it's going. That is, given the proper motivation, couldn't "and entity" sniff out all of this information and find out which machine a particular message came from. And from logs at that machine, which The Entity naturally has access to, It could find out who send the message. Just wondering.....

Hi there, well acutally at the network interface level all sorts of tricks are available... for example at the smtp daemon level all a snooper has to do is the following telnet toad.com smtp when the sendmail banner is seen then type VRFY cypherpunks That will yeild yet another line referring to cypherpunks-real which verifying will obtain ALL the mail addresses on this cypherpunks mailing list... I have a small fragment of perl which does the same trick recursively for every address on the cypherpunks mail list... why did I write such a thing... well I am writing a mail list to PGP key server extractor so I can automatically extract keys for members of cypherpunks-real... I didnt think of the privacy issue until some moments after I debugged the perl script and got it working... Similiar open holes exist at EVERY level of the Network and associated daemons and software, Johh and I have discussed this earlier via email and he as well as I dont feel its a REAL exposure as the means to protect yourself is well at hand... AND yes ALL network traffic can theoretically be traced thats when crackers and security admins start playing games with connection laundries and firewall as well as early warning systems... there are constraints to real world tracing... the Firewalls mailing list at Firewalls@GreatCircle.COM discusses these and other issues having to do with security at the network interface level

Major suggestion: We need a FAQ!

Well, that's about it. I'm still trying to get up to speed with pgp.

+----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl@triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder@forum | Politically Incorrect! | | (505) 299-2282 | <me> | +----------------------+----------------------------------------------------+

cheers kelly --