Re: FORGED CANCELS of posts on n.a.n-a.m
In article <modemacDFr0qB.IyK@netcom.com>, Rt. Rev. Modemac writes:
Dr. Dimitri Vulis (dlv@bwalk.dm.com) wrote: : The National Alliance are not the first despicable racist net.abusers who forge : cancels for other people's articles critical of them on n.a.n-a.m. Ken Arromdee : has condemned one such forger, the graduate student Pyotr Vorobiev from Lehigh : University's Mechanical Engineering and Mechanics Department (+1 610 758 4100)
When Scientology began cancelling posts by their critics on alt.religion.scientology, Homer Wilson Smith wrote a program called "Lazarus" to track for cancels. The idea is simple: whenever a cancel message appears, Lazarus announces it on the newsgroup.
Mayhap a Lazaraus-type program can be put into effect on news.admin.net-abuse.misc?
Many other newsgroups are affected by such net.abuse (Vorobiev-style forged cancels based on contents); I just saw some messages on forged cancels in soc.culture.jewish and soc.culture.german. I think running Lazarus-like programs in _all_ newsgroups would be an extremely Good Idea. Alas, the time when people used to contribute their time and equipment for the public good of the net seems to be over. Peraps I'm just dreaming; or perhaps Dave Hayes will like the following idea enough to implement it. Also, I think it's a matter of time before some Cancelpoodle figures to put 'light' into the Path: of its Vorobiev-style forged cancels; then they will not be seen by lighlink.com where Lazarus now runs. This needs to be addressed. Anyway, here are my thoughts on this proposal: There would be a collection (at least 5 or 6) of cancel-watchers (sort of like the deamons that now watch misc.test) all over the world. They should be well-connected (preferrably, one hop away from sites like uunet, howland.reston.ans.net, etc). Each watcher would look at incoming articles in "control", and whenever it sees a cancel, it would replace its own uucp name in the path by something like ellipsis (to keep it confidential) and forward the cancel to a central cataloguer (singly or in batches). E.g., is a watcher at xyzz123.uucp saw a cancel with the header Path: xyz123!howland.reston.ans.net!someplace it would send it to the cataloguer with the Path: replaced by Path: ...!howland.reston.ans.net!someplace The cataloguer would wake up every few hours (for example), group the collected cancels by message-ids of the cancelled articles, and e-mail reports to the (distinct) addresses (other than "usenet@*" or "news@*") mentioned in the "From:", "Sender:", "Authorized:", and "X-Cancelled-By:" headers, and quoting the entire cancel and the Path's as seen at different sites by the cancel-watchers. This way, if the cancel is forged, its author will learn within hours that it has been fraudulently cancelled and will automatically receive enough Path: samples from all over the world to see where it was posted, by comparing the Path headers in several copies of cancels. A user or an entire site should be able to "opt out" of having its cancels reported by sending a command to the cataloguer. There should be a limit of, say, no more than 100 such notifications sent to a site in one batch (to prevent too much traffic in the event of really massive forged cancellation). I don't have the resources to do this right now, but I would be happy if some civic-minder netters took this proposal and ran with it. --- Dr. Dimitri Vulis Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
On Wed, 04 Oct 95 10:47:30 EDT, Dr. Dimitri Vulis (dlv@bwalk.dm.com) wrote: :[alt.religion.scientology restored, since that's where most of the discussion :of forged cancels has been taking place so far ] [snip snip snip] :When an article is posted, two quantities are computed by the posting program: :M1 = H(article body + newsgroups + message-id + date + passphrase) and :M2 = H(M1). The posted article contains the header "Cancel-lock: M2". :When an attempt is made to cancel/supersede an article X with a "Cancel-lock:" :header, the user is asked to supply the passphrase. The posting software :computes M1 = H(X's body + newsgroups + X's message-id + date + passphrase) :once again and adds the "Cancel-key: M1" header to the article containing :"Control: cancel <X>" or "Supersedes: <X>" that's being posted. :(Note that without knowing the passphrase it's intractable to match the M1.) :Whenever news server software (such as inn) detects either "Control: cancel :<X>" or "Supersedes: <X>", INN should retrieve the original article <X> and :looks for the "Cancel-lock: M2" header. If one is found, then the old article :may be cancelled only if the new article contains the header "Cancel-key: M1" :such that H(M1) = M2. One thing that occurs to me: suppose I go to control, collect cancel messages, and build myself a collection of M1's that will work with a given M2? That is, I can't actually invert the hashing function. But if a given hash function is standard, then I can eventually build up a collection of M1s for M2s that will let me cancel quite a few things I may want to. How many cancel messages come through in a day? -- Reverend Doctor David Gerard, KoX, SP 4.03 (awaiting verification of SP 5) Prestige Elite(tm) Research Church of the SubGenius "Servicing the Prestige Elite(tm) since 1985!" OK, clams. You want war? You've got war. -- Please email ALL followups (crappy and thoroughly dysfunctional newsfeed). Personal visits from Scientologists will be greeted with extreme hostility and the vigilant attention of VUT Security, but personal physical violence *only* when appropriate, legal and called-for. gerdw@cougar.vut.edu.au (preferred); fun@suburbia.apana.org.au July 5, 1998, 7 AM. Saucers. End of the world. Your US$30 is your trip ticket.
participants (2)
-
dlv@bwalk.dm.com -
gerdw@cougar.vut.edu.au