CERT: the letter from CERT to berkeley.edu admin

[smb at research.att.com]

	 and what do you make of their report on julf's non-existent
	 ftp area?

I don't know.  The most charitable interpretation is that CERT is being
extremely careful about their own behavior, and they're not going
around probing for anonymous ftp on various sites without more than an
informant's tip that such a service is offered.  Again, though, I'm
guessing.  I do know that they're short on staff.  They certainly can't
scan the archives, and a report of a non-existent anonymous ftp area
may be sufficiently rare they they never thought to check it.

	 steve, you know me well; you know i'm not a raving lunatic or
	 or a conspiracy-freak nut-case.  but i believe it is more than
	 a coincidence that soda and penet were suddenly tarred by the
	 same brush.

Of course you're not a raving lunatic.  Certainly, you rave at times,
but I don't think I've ever called you a lunatic...

	 perhaps cert is being used as a weapon, as marc suggested.
	 that is the most benign interpretation i can think of.  so i
	 ask you again:  don't you think cert might be jeopardizing its
	 effectiveness through these actions?

You're right -- the coincidence, if coincidence it is, is quite odd.
I'm more disturbed by the question of how CERT got the information; a
more common report would be from an administrator who found such
unwanted deposits, and who reported to CERT what sites sent them or
retrieved them.  CERT will certainly hurt itself if it allows itself to
be used.  But if most such reports are accurate, welcomed by the
administrators, and obtained from legitimate sources, they won't have a
problem.

I'm going to stop speculating, though.  I'll send a note to various
folks at CERT (though without mentioning either cypherpunks, soda, or
anon.penet by name), and ask them what their policy is on such reports,
and in general where they come from.

		--Steve Bellovin