ecarp@netcom.com (Ed Carp):
[ auto moderators ]
Sounds like a very easy scheme to break. Say I suddenly decide that I don't like your posts or Tim Mays posts. I can get you kicked off by using anonymous accounts to say that you're a nuisance. It seems to me
It's not as easy as you might think. How many anonymous accounts can you get? There are only so many anon servers, and for each anon account you have to have a different real account, all it buys you is your vote registers twice
Do you know how easy it is to fake an address? I occasionally telnet to port 25 and talk SMTP directly, to avoid spooling, but I have to type in the address I want the mail to appear from. There's no way of ensuring that I type in my real address, or _any_ real address at all for that matter. Digitally signed voting? Only works if you restrict yourself to 'known' voters. Net identities are very easy to fake or create.
Ed Carp, N7EKG/VE3 ecarp@netcom.com 519/824-3307 Finger ecarp@netcom.com for PGP 2.3a public key an88744@anon.penet.fi
That's an _anonymous_ address, right !? -----------------^^^^^^^^^^^^^^^^^^^^^^ ------------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab@dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! -------------------------------------------------------------------------------
Do you know how easy it is to fake an address? I occasionally telnet to port 25 and talk SMTP directly, to avoid spooling, but I have to type in the address I want the mail to appear from. There's no way of ensuring that I type in my real address, or _any_ real address at all for that matter.
Actually, it's not quite that easy. You can mail from any username at your site, but if you put in a different site without using helo protocol, it gives an X-Authorization-Warning in the header, which contains your home site. Alternately, if you do use helo, someone can just have a look at the headers of the message, and work out wherethe message was posted from. Then, it's just a question of consulting SMTP and system logs, and the sysadmin has a fair chance of tracing you back. Perhaps you heard of some guy who sent a death threat to the president using this method? They traced him back REAL fast.
Digitally signed voting? Only works if you restrict yourself to 'known' voters. Net identities are very easy to fake or create.
This i agree with. Any half competent cracker can create and remove hundreds of identities (or more, depending on when some sysadmin notices the suspicious batch job running in bground). There's lots of ways to fake this, so i agree, you'd have to work from a list of registered voters - and hope that no one person is represented on that list too many times. * * Mikolaj J. Habryn dichro@tartarus.uwa.edu.au * "Information wants to be free!" PGP Public key available by finger * #include <standard-disclaimer.h>
Mikolaj Habryn <dichro@tartarus.uwa.edu.au> writes:
Actually, it's not quite that easy. [to fake addresses through telnet 25] You can mail from any username at your site, but if you put in a different site without using helo protocol, it gives an X-Authorization-Warning in the header, which contains your home site.
Many sites don't do put in an X-Authorization-Warning. At least one site I know allows you to fake a sitename with helo.
Alternately, if you do use helo, someone can just have a look at the headers of the message, and work out wherethe message was posted from. Then, it's just a question of consulting SMTP and system logs, and the sysadmin has a fair chance of tracing you back. Perhaps you heard of some guy who sent a death threat to the president using this method? They traced him back REAL fast.
Right. But "they" were not an auto moderation script. Remember the context we're discussing this issue...
Digitally signed voting? Only works if you restrict yourself to 'known' vot Net identities are very easy to fake or create.
This i agree with. Any half competent cracker can create and remove hundreds of identities (or more, depending on when some sysadmin notices the suspicious batch job running in bground). There's lots of ways to fake this, so i agree, you'd have to work from a list of registered voters - and hope that no one person is represented on that list too many times.
Again, the context is auto-moderation of _open_ mailing lists (such as this one). I doubt that you'd want to restrict posts, approving or disapproving replies to "registered" members. The point is not to censor Nalbandian or Detweiler. There may be some fans out there, and IAC the _reader_ should decide what to look at. The point is to make this decision easier, with friendly advice from the poor souls who actually _read_ all the crap.
* * Mikolaj J. Habryn dichro@tartarus.uwa.edu.au
------------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab@dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms!
participants (2)
-
Mikolaj Habryn -
rishab@dxm.ernet.in