Re: New remailer up.
Perry wrote, "However, make no mistake that Netcom can and will cooperate with the police if you use your remailer in a way that the government doesn't like, so it seems that the security afforded isn't that good." So you aren't interested unless you can commit serious felony crimes using a given remailer? I would be happy if criminals stayed away from my remailer. What do you mean by "security"? And if the police find out a personally owned machine was involved, I couldn't imagine them not just swooping in at midnight and taking it away at gunpoint. I hope those privately owned machines don't have logs ;-). In my mind, the whole secret to gaining privacy is not attracting attention in the first place. Using a remailer DOES allow a person to communicate anonymously with someone else, in two directions. If a party has enough power to tap Netcom, then sendmail logs or no sendmail logs, they will find you. and, "Besides, $20 is a paltry sum for the amount of work involved." Think of it as a trophy, which I'm sure most understood. I'm not offering you a job. I appreciate your view though, and since I've posted a request for remailer comments, might you help us all and send me some comments about the various remailers and what types of security each affords? If some wish to use remailers for serious underground activity, which should they use or not use? If they just want to keep bounced mail from telling their system postmaster who they're talking to, then that's a different type of security need. -Xenon
However, make no mistake that Netcom can and will cooperate with the police if you use your remailer in a way that the government doesn't like, so it seems that the security afforded isn't that good."
So you aren't interested unless you can commit serious felony crimes using a given remailer? I would be happy if criminals stayed away from
Things "that the government doesn't like" and "serious felony crimes" are not the same. People in positions of governmental power have all too often in the past used that power to harrass others who have committed no crime. Remember how Nixon used to sic the IRS on his political enemies? And the ATF has a sordid history of harrassing harmless people, including trying to trick them into committing technical violations of obscure gun-control regulations. Often enough, government officials harrass people who have broken no law, but have only behaved in a way that those officials WANT to be made illegal. ----------------------------------------------------------------------------- Kevin S. Van Horn | It is the means that determine the ends. kevin@bert.cs.byu.edu |
qwerty-remailer@netcom.com writes:
Perry wrote, "However, make no mistake that Netcom can and will cooperate with the police if you use your remailer in a way that the government doesn't like, so it seems that the security afforded isn't that good."
So you aren't interested unless you can commit serious felony crimes using a given remailer? I would be happy if criminals stayed away from my remailer. What do you mean by "security"? And if the police find out a personally owned machine was involved, I couldn't imagine them not just swooping in at midnight and taking it away at gunpoint. I hope those privately owned machines don't have logs ;-). In my mind, the whole secret to gaining privacy is not attracting attention in the first place. Using a remailer DOES allow a person to communicate anonymously with someone else, in two directions. If a party has enough power to tap Netcom, then sendmail logs or no sendmail logs, they will find you.
It seems that most (if not all) of netcom's unix machines are SunOS based. If that is the case, by installing NIT in the kernel, one would be able to grab all of the packets that flow across that ethernet (192.100.81) This includes your remailer mail. The "cost" to set this up would be the risk of being caught and the time and trouble to come up with root on one of their sun machines. Aside from the obvious legal risks, there are ethical considerations to keep in mind. While I personally would not attempt such a thing, there are many out there who feel otherwise. I won't hack into mail.netcom.com to demonstrate that it is possible to figure out who used your remailer. But, if one of the admins from netcom wants to send me their syslogs, I'll do my best to put together a correlation.
and, "Besides, $20 is a paltry sum for the amount of work involved."
Think of it as a trophy, which I'm sure most understood. I'm not offering you a job.
Yes, but the trophy is hardly worth the effort. Even though it wouldn't cost $50,000 in terms of actual equipment or time, it might well take such a sum to cause Perry to take the risk of being caught. Unless the netcom folks are real slouches, I would think that they would notice that their kernel had been re-compiled and the machine rebooted. Good luck not being detected... Of course, there is always the off chance that they already have NIT compiled into the kernel... Jon Boone | PSC Networking | boone@psc.edu | (412) 268-6959 PGP Public Key fingerprint = 23 59 EC 91 47 A6 E3 92 9E A8 96 6A D9 27 C9 6C
"Jon 'Iain' Boone" <boone@psc.edu>
Yes, but the trophy is hardly worth the effort. Even though it wouldn't cost $50,000 in terms of actual equipment or time, it might well take such a sum to cause Perry to take the risk of being caught. Unless the netcom folks are real slouches, I would think that they would notice that their kernel had been re-compiled and the machine rebooted. Good luck not being detected... Of course, there is always the off chance that they already have NIT compiled into the kernel...
Ah, yes, but if you were a skilled machine lanugage hacker you could use a dissassembler to patch the code while it was in RAM. Very difficult to do, but also very difficult to detect. In theory, if you could steal their kernal (or had a similiar one) and you compiled it on your own Sun station, you could could probably isolate the routines you needed to patch, write a program to locate the processes running on root, scan memory looking for that subroutine, and then let you insert your own. The Netcom folks would have to look pretty hard to catch on to that type of attack...and if they rebooted - poof! - the evidence disappears! :) It's certainly more than $20 worth of work tho... and you'd still have to find a way to get to root (or at least grab control of the cpu chip for a few microseconds). What kind of cpu do Suns use anyway? (I've never used a sun before, and I don't know much about them.) I know NeXT used the 680x0... What about DEC? (I'm just a PC user type showing my ignorace about other systems. :-)
participants (4)
-
Jon 'Iain' Boone -
kevin@axon.cs.byu.edu -
Matthew J Ghio -
qwerty-remailer@netcom.com