Although you can never completely eliminate it, technological fixes to do velocity checking, source IP address profiling, etc., seem so obvious I just don't see how this can be any sort of insurmountable problem... It should have been obvious from the start that you would have a lot more people trying to steal service from a porn site than from, say, a Disney site. Donald On Wed, 4 Jun 1997, Robert Hettinga wrote:

Date: Wed, 4 Jun 1997 23:47:10 -0400 From: Robert Hettinga <rah@shipwright.com> To: dcsb@ai.mit.edu Subject: Password pirates plunder XXX sites, from The Netly News

--- begin forwarded text

Date: Wed, 4 Jun 1997 12:01:22 -0700 (PDT) From: Declan McCullagh <declan@well.com> To: cypherpunks@toad.com Subject: Password pirates plunder XXX sites, from The Netly News MIME-Version: 1.0 Sender: owner-cypherpunks@cyberpass.net Precedence: bulk Reply-To: Declan McCullagh <declan@well.com> X-Loop: cypherpunks@cyberpass.net

[We include links to sites with porn passwords in today's story, BTW. --Declan]

*******

http://cgi.pathfinder.com/netly/opinion/0,1042,1015,00.html

The Netly News Network (http://netlynews.com/) June 4, 1997

Porn Free by Chris Stamper and Greg Lindsay (thenetlynews@pathfinder.com)

Sexfilms.com used to be a small, members-only adult site that shipped full-frame videos over a super-fast T-3 line. Traffic on the site was comfortably low for about a year, owner Ray Alba says, until one name -- "Joe Camaro" -- started appearing with some frequency. Actually, it started appearing 500 times a minute. From Sweden, Japan, Hong Kong, Singapore -- just about anywhere. Somebody was passing out the password.

Download speeds faltered, from 300K/sec to 6K/sec. And then the servers themselves began to crash. Finally, Alba had to shut down the site for several weeks to clear out Camaro and numerous other accounts that had leaked out to the Net. Alba was the latest victim of... Porn Piratz!

A huge number of passwords to pay-only porn sites are loose on the Net. Just surf newsgroups like alt.sex.passwords or do a simple search through a typical web engine and long lists of logins are easy to find. Some of these logins are giveaways from people who ponied up the low, one-time-only flat fees that many sites charge. Others, apparently, were obtained with phony credit card numbers. Who knows how Porn Piratz get the rest. But they do: A Hustler executive told us that Hustler's sites have seven times its paid membership logging on every day.

[...]

--- end forwarded text

----------------- Robert Hettinga (rah@shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The e$ Home Page: http://www.shipwright.com/

For help on using this list (especially unsubscribing), send a message to "dcsb-request@ai.mit.edu" with one line of text: "help".

===================================================================== Donald E. Eastlake 3rd +1 508-287-4877(tel) dee@cybercash.com 318 Acton Street +1 508-371-7148(fax) dee@world.std.com Carlisle, MA 01741 USA +1 703-620-4200(main office, Reston, VA) http://www.cybercash.com http://www.eff.org/blueribbon.html