LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Forgeries

Eric Thomas <[log in to unmask]>

Sun, 11 Oct 1992 14:36:26 +0100

text/plain (41 lines)

On    Sun,     11    Oct    1992    06:33:36     EDT    Elliott    Parker
<[log in to unmask]> said:
 
>   I know it is possible, but can  someone give me a rough indication of
>how much knowledge would be needed to do it?
 
It  is very  easy once  you  know how.  You need  an  IQ of  about 80  to
understand what  needs to be done,  the only difficulty (if  you can call
that one) is to  know which RFC you need to read to  find the recipe. And
that only  if you are  unlucky enough not to  have a mail  user interface
which  lets you  send from  the address  you want  simply by  editing the
header or activating some obscure option.
 
>   And is there  anything I can tell the person  to minimize the chances
>of it happening again?
 
There is nothing that  can be done about it, Internet  mail is insecure -
intrinsically. One is  supposed to use encryption if one  wants a nonzero
amount of security. There are  IETF groups working on that, unfortunately
it seems that with current computer  technology one can reach at most the
equivalent of 64kbps of bandwidth  when encrypting messages with a modern
dedicated  workstation  using the  selected  algorithm  (RSA). Of  course
computers will get faster, but networks get  faster as well and it is not
a given  that the  computers will  catch up.  Furthermore crypto-analysis
experts are  starting to  claim that  RSA isn't  that difficult  to break
after all, so you may want not to  hold your breath for too long. Even if
all technical  problems are solved, the  legal issues are a  can of worms
outside  the US/Canada  trade  zone. You  first  have to  get  the US  to
authorize  software manufacturers  to  export the  secret RSA  technology
(which newspapers claim you  can buy on the black market  in Russia for 5
bucks a  diskette), then you have  to take into account  local encryption
laws in many european countries.
 
One may be able  to trace the forgeries by examining  mailer logs, but at
best  this would  give  you a  hostname.  There is  no  way presently  to
associate a userid with Internet data transfer (that is why anonymous FTP
servers ask you to  tell them your userid, but you  can type anything you
want of course - at best they can check the hostname).
 
  Eric

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM