(fwd) Possible compromise of anon.penet.fi
Path: math.utexas.edu!news.dell.com!tadpole.com!uunet!spool.mu.edu!howland.reston.ans.net!gatech!news-feed-1.peachnet.edu!news.duke.edu!eff!news.kei.com!hermes.oc.com!convex!cnn.eng.convex.com!barnett From: barnett@convex.com (Paul Barnett) Newsgroups: alt.privacy Subject: Possible compromise of anon.penet.fi Date: 27 Jul 94 22:09:28 GMT Organization: CONVEX News Network, Engineering (cnn.eng), Richardson, Tx USA Lines: 29 Message-ID: <barnett.775346968@cnn.eng.convex.com> NNTP-Posting-Host: zeppelin.convex.com Someone has been collecting email addresses, apparently from postings to Usenet, and forging them to anonymous postings through anon.penet.fi to alt.test. The text of the posting states the REAL email address of the poster, under a posting attributed to the anonymous ID assigned to that poster. I received a notification that an anonymous ID has allocated for me, followed by a confirmation of a posting to alt.test. Looking in alt.test, you will see as many as 500 similar postings. Most of the anonymous IDs are numbered sequentially. However, there are some lower numbered anonymous IDs, presumably in previous use by the addressee named in the text of the message. These anonymous addresses are now compromised. I am posting to this newsgroup because there appears to be some correlation between the contributers to this newsgroup and the addresses that were forged to the messages. It may be coincidental, but I thought this was a fair place to post a warning anyway. My condolences to those people that have been caught in this net. This is one of the most despicable forms of net.terrorism that I have encountered. -- Paul Barnett Convex Computer Corp. MPP OS Development Richardson, TX
-----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, nzook@math.utexas.edu forwards:
From: barnett@convex.com (Paul Barnett) Newsgroups: alt.privacy Subject: Possible compromise of anon.penet.fi Date: 27 Jul 94 22:09:28 GMT Organization: CONVEX News Network, Engineering (cnn.eng), Richardson, Tx USA Lines: 29 Message-ID: <barnett.775346968@cnn.eng.convex.com> NNTP-Posting-Host: zeppelin.convex.com
Someone has been collecting email addresses, apparently from postings to Usenet, and forging them to anonymous postings through anon.penet.fi to alt.test.
The text of the posting states the REAL email address of the poster, under a posting attributed to the anonymous ID assigned to that poster.
I actually saw this article in alt.privacy, and sort of mentally filed it. Then, this morning, I received a note from anon.penet.fi informing me of my anonymous ID. I don't use penet, and never sent anything through there anonymously. I first thought it might have been a mail-bombing run, but then I re-read this:
However, there are some lower numbered anonymous IDs, presumably in previous use by the addressee named in the text of the message. These anonymous addresses are now compromised.
I think this might be a forked attack... trying to flood penet with traffic, and also outing people who have used penet for anonymous traffic previously. This is a good argument against maintaining a double-blind database (and in favor of systems like soda.berkeley.edu's remailer with its 'response block' strategy). Does anyone else smell Detweiler? - -- Roy M. Silvernail -- roy@sendai.cybrspc.mn.org "Usenet: It's all fun and games until somebody loses an eye." --Jason Kastner<jason@wagner.com> -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLjg4FRvikii9febJAQHwEgQAur6SNxVzxvapKJIbQzETTs0QbesD7OVm 17Q69O6maK2qM/sb8zkv1iaktWZNqvj5A5WJmOF8HqQM+EUCEJq3CWsluEk1VVLB kqlRFcaSk2/FYoLgNo58ITfLnZxwKTSX0jI25iVlpMAbWUoLt1voUNN44rtINzYG DDQsWLs7p/k= =t6My -----END PGP SIGNATURE-----
participants (2)
-
nzook@math.utexas.edu -
roy@sendai.cybrspc.mn.org