From: barnett@convex.com (Paul Barnett) Newsgroups: alt.privacy .... Someone has been collecting email addresses, apparently from postings to Usenet, and forging them to anonymous postings through anon.penet.fi to alt.test. ...... My condolences to those people that have been caught in this net. This is one of the most despicable forms of net.terrorism that I have encountered.

It's an interesting weakness, and at least as serious as the naXXXXX / anXXXXX problem that reveals your identity if you send email to another anonym. The one anonym I've used on anon.penet.fi is already known to at least one other person (to whom I'd sent mail about the fact that they'd included their .signature in an anonymous article :-) I disagree with the "despicable" opinion, though it's certainly a serious problem and it would certainly have been nicer if the cracker had done only a limited number as a demonstration (maybe this counts; I don't know.) BUt if our tools have technical weaknesses, it's *much* nicer to find out from a non-police-agency cracker than to learn about it when they start knocking on your door. It sounds like there's a need to separate the email and news-posting parts of the anon.penet.fi software, or go to stronger anon-reply methods like the one on the newer cypherpunks remailers. Bill # Bill Stewart AT&T Global Information Solutions, aka NCR Corp # 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399 # email bill.stewart@pleasantonca.ncr.com billstewart@attmail.com # ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465