To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.dear-legoOpen lugnet.dear-lego in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Dear LEGO / 759
758  |  760
Subject: 
 Re: Brad Justus is real
Newsgroups: 
 lugnet.dear-lego
Date: 
 Mon, 13 Dec 1999 08:39:06 GMT
Viewed: 
 2381 times
  
Jasper Janssen wrote:

On Sun, 12 Dec 1999 04:00:56 GMT, John Neal <johnneal@uswest.net>
wrote:

I thought the same thing, until someone showed how it could be done
here as well.  But your point is well taken.  People here in LUGNET
are on the whole mature adults who are responsible people.  It is our
little utopia (8 wide, of course;) based on bricks.  But you are
right.  This little incident is a perfect example of why RTL is a
vast wasteland.

Actually, no, it's not possible to effectively forge messages here.
Yes, you can post messages using someone else's name (easily, even).

But it is _not_ possible to forge the originating IP in Todd's logs.
Which means that even though _we_ don't necessarily have the ability
to verify messages posted from the web interface (messages posted via
NNTP have a useful X-Nntp-postinghost: added - BTW, Todd, how about
adding a useful header of originating IP to the web interface as
well?), Todd can, and Todd does.

Not to spread paranoia, but... offhand, I can think of three different
ways to forge the IP in Todd's logs.  Supposing someone wanted to pose
as Brad Justus: one could

a) break into Brad's machine and post from there
b) break into Todd's machine and alter the logs
c) spoof their own IP address so that Todd's computer thinks the
   cracker's computer is Brad's computer.

Any of these are outside *my* abilities (of course, as a rule, I don't
break into other people's computers, and I don't spend my time hacking
on TCP/IP), but are possible.  Basically, true authentication is not
really possible on the internet outside of (possibly) public-key
encryption, because really smart crackers can do just about anything.

Now, the odds that a really smart, bored cracker is going to choose
LUGNET to torment are very, very low.  (Very smart, bored crackers have
a tendency to go after bigger targets, and often get themselves into
bigger trouble.  Or are very, very smart, and know not to change
anything or say anything publicly.)  I, personally, believe that Brad is
real.
--
                                          Ben Olmstead/BEM
                                          <bem@mad.scientist.com>



Message has 1 Reply:
  Re: Brad Justus is real
 
(...) Point 1, he uses IE on Windows NT (if we can believe the first message, at least). So no remote breaking in. Which leaves physical access - which is IMHO rather unlikely. (...) Break into a high-security FreeBSD box? Highly unlikely, (...) (25 years ago, 13-Dec-99, to lugnet.dear-lego)

Message is in Reply To:
  Re: Brad Justus is real
 
(...) Actually, no, it's not possible to effectively forge messages here. Yes, you can post messages using someone else's name (easily, even). But it is _not_ possible to forge the originating IP in Todd's logs. Which means that even though _we_ (...) (25 years ago, 12-Dec-99, to lugnet.dear-lego)

43 Messages in This Thread:












Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact

This Message and its Replies on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR