Path: gmdzi!unido!mcsun!uunet!samsung!usc!ucsd!ucbvax!hoptoad!gnu
From: g...@hoptoad.uucp (John Gilmore)
Newsgroups: news.sysadmin,comp.mail.uucp
Subject: Passing proprietary messages through competitors or other sites
Message-ID: <11613@hoptoad.uucp>
Date: 19 Jul 90 16:40:14 GMT
Organization: Cygnus Support, Palo Alto
Lines: 27
Posted: Thu Jul 19 17:40:14 1990
Within the last two months I have had to warn two different sites
about passing proprietary traffic via hoptoad.
One was a computer company that was sending complete product plans for
a future product (still in development). They had routed the message
via sun, apple, and me, among others!
Another was a peripheral company which appeared to be sending the
C source code for the firmware that runs inside the peripheral. This
site had more sense, only sending it via pacbell and hoptoad, neither
of which is in the peripheral market. It turns out that they expected
there to be a direct link, but uucp was temporarily broken by the sysadmin,
and it got handed off to a mail router, which sent it indirectly.
System administrators should strongly remind their users that info sent
via ordinary Usenet or Internet mail is NOT private. It can be disclosed
at multiple locations along the way, either intentionally or by accident.
On many sites it can be read by ordinary users while parked there in
transit. There are no guarantees of privacy here, folks.
And I strongly suggest that any site that sends sensitive traffic,
NOT run an automatic uucp router. The router doesn't know what's an
internal site, what's an innocuous site, and what's a competitor's site.
--
John Gilmore {sun,pacbell,uunet,pyramid}!hoptoad!gnu g...@toad.com
The Gutenberg Bible is printed on hemp (marijuana) paper. So was the July 2,
1776 draft of the Declaration of Independence. Why can't we grow it now?
Path: gmdzi!unido!mcsun!sunic!uupsi!rpi!zaphod.mps.ohio-state.edu!usc!apple!
sun-barr!ziploc!eps
From: e...@toaster.SFSU.EDU (Eric P. Scott)
Newsgroups: news.sysadmin,comp.mail.uucp
Subject: Re: Passing proprietary messages through competitors or other sites
Message-ID: <756@toaster.SFSU.EDU>
Date: 20 Jul 90 05:18:20 GMT
References: <11613@hoptoad.uucp> <716@logicon.com>
Reply-To: e...@cs.SFSU.EDU (Eric P. Scott)
Followup-To: news.sysadmin
Organization: San Francisco State University
Lines: 3
Posted: Fri Jul 20 06:18:20 1990
...and you wonder why commercial sites are clamoring to get on
the Internet.
-=EPS=-
Path: gmdzi!unido!mcsun!uunet!bu.edu!rpi!crdgw1!crdos1!davidsen
From: david...@crdos1.crd.ge.COM (Wm E Davidsen Jr)
Newsgroups: news.sysadmin
Subject: Re: Passing proprietary messages through competitors or other sites
Message-ID: <2350@crdos1.crd.ge.COM>
Date: 20 Jul 90 12:07:12 GMT
References: <11613@hoptoad.uucp> <716@logicon.com> <756@toaster.SFSU.EDU>
Reply-To: david...@crdos1.crd.ge.com (bill davidsen)
Organization: GE Corp R&D Center, Schenectady NY
Lines: 13
Posted: Fri Jul 20 13:07:12 1990
In article <7...@toaster.SFSU.EDU> e...@cs.SFSU.EDU (Eric P. Scott) writes:
| ...and you wonder why commercial sites are clamoring to get on
| the Internet.
Say what? While internet is less likely to drop a copy of a message in
someone's mailbox, anyone on the net can read any message. I think the
existance of network monitors which can tell you the connections are
telnet, NNTP, SMTP, etc, would give you a hint. It isn't even hard.
Think about that when you type in your next password.
--
bill davidsen (david...@crdos1.crd.GE.COM -or- uunet!crdgw1!crdos1!davidsen)
"Stupidity, like virtue, is its own reward" -me
Path: gmdzi!unido!mcsun!uunet!cs.utexas.edu!tut.cis.ohio-state.edu!purdue!spaf
From: s...@cs.purdue.EDU (Gene Spafford)
Newsgroups: news.sysadmin
Subject: Re: Passing proprietary messages through competitors or other sites
Message-ID: <11150@medusa.cs.purdue.edu>
Date: 20 Jul 90 14:56:30 GMT
References: <11613@hoptoad.uucp> <716@logicon.com> <756@toaster.SFSU.EDU>
<2350@crdos1.crd.ge.COM>
Sender: n...@cs.purdue.EDU
Reply-To: s...@cs.purdue.edu (Gene Spafford)
Organization: Department of Computer Science, Purdue University
Lines: 24
Posted: Fri Jul 20 15:56:30 1990
In article <2...@crdos1.crd.ge.COM> david...@crdos1.crd.ge.com (bill davidsen)
writes:
> Say what? While internet is less likely to drop a copy of a message in
>someone's mailbox, anyone on the net can read any message.
Say what? That is true on a local area network, but it is not true in
general once a gateway gets in the way (unless something is broken or
you are forging low-level routing messages). The only messages that
are on your local wire have your local network number in the source or
destination address, or else the messages are transiting your network
to or from the core. That is hardly every message. Otherwise, if
every message on the Internet were to flow through the wire outside
your machine, you've be running at a few 100% of capacity!
Whether or not that exposes messages to reading to more or less people
than a typical uucp path is questionable. I suspect that the message
might be monitored or read by about as many people (but certainly
nothing approaching even a significant percentage of the total network
population). However, the way the software is currently set up, it
seems far less likely to be intercepted and altered.
--
Gene Spafford
NSF/Purdue/U of Florida Software Engineering Research Center,
Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004
Internet: s...@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaf
Path: gmdzi!unido!mcsun!sunic!uupsi!rice!uw-beaver!entropy!dataio!shiloh!
rwing!nanook
From: nan...@rwing.UUCP (Robert Dinse)
Newsgroups: news.sysadmin,comp.mail.uucp
Subject: Re: Passing proprietary messages through competitors or other sites
Summary: Sending Proprietary Data through competitors systems
Message-ID: <118@rwing.UUCP>
Date: 22 Jul 90 02:42:07 GMT
References: <11613@hoptoad.uucp>
Organization: Totally Unorganized
Lines: 12
Posted: Sun Jul 22 03:42:07 1990
In article <11...@hoptoad.uucp>, g...@hoptoad.uucp (John Gilmore) writes:
> System administrators should strongly remind their users that info sent
> via ordinary Usenet or Internet mail is NOT private. It can be disclosed
> at multiple locations along the way, either intentionally or by accident.
> On many sites it can be read by ordinary users while parked there in
> transit. There are no guarantees of privacy here, folks.
The way I've handled this is to agree verbally on a password then crypt
the message before sending it. Crypted data seems to make it through uucp ok
and I've not seen too many systems that lack crypt. I'm sure it's not 100%
secure, but it at least makes it difficult for ordinary users who weren't
previously employeed by the NSA to look at it.
Path: gmdzi!unido!mcsun!ukc!warwick!nott-cs!masalla.fulcrum.bt.co.uk!axion!
vision!chris
From: ch...@vision.UUCP (Chris Davies)
Newsgroups: news.sysadmin,comp.mail.uucp
Subject: Re: Passing proprietary messages through competitors or other sites
Message-ID: <1145@vision.UUCP>
Date: 24 Jul 90 12:25:24 GMT
References: <11613@hoptoad.uucp> <118@rwing.UUCP>
Reply-To: ch...@vision.UUCP (Chris Davies)
Organization: VisionWare Ltd., Leeds, UK
Lines: 21
Posted: Tue Jul 24 13:25:24 1990
In article <1...@rwing.UUCP> nan...@rwing.UUCP (Robert Dinse) writes:
[discussing how to send company-confidential email]
> The way I've handled this is to agree verbally on a password then crypt
>the message before sending it. Crypted data seems to make it through uucp ok
>and I've not seen too many systems that lack crypt. I'm sure it's not 100%
>secure, but it at least makes it difficult for ordinary users who weren't
>previously employeed by the NSA to look at it.
The program 'crypt' does not exist outside the US, thanks to the DoD. Some
systems have the crypt(3) library call, but by no means all. Thus Joe User
has the additional hassle of writing their own crypt/decrpyt program...
Crazy isn't it!
Chris
--
VISIONWARE LTD | UK: ch...@vision.uucp JANET: chris%vision.uucp@ukc
57 Cardigan Lane | US: ch...@vware.mn.org OTHER: ch...@vision.co.uk
LEEDS LS4 2LE | BANGNET: ...{backbone}!ukc!vision!chris
England | VOICE: +44 532 788858 FAX: +44 532 304676
-------------- "VisionWare: The home of DOS/UNIX/X integration" --------------
Path: gmdzi!unido!mcsun!uunet!tut.cis.ohio-state.edu!cs.utexas.edu!
news-server.csri.toronto.edu!utgpu!utzoo!henry
From: he...@zoo.toronto.edu (Henry Spencer)
Newsgroups: news.sysadmin,comp.mail.uucp
Subject: Re: Passing proprietary messages through competitors or other sites
Message-ID: <1990Jul25.135108.24216@zoo.toronto.edu>
Date: 25 Jul 90 13:51:08 GMT
References: <11613@hoptoad.uucp> <118@rwing.UUCP> <1145@vision.UUCP>
Organization: U of Toronto Zoology
Lines: 18
Posted: Wed Jul 25 14:51:08 1990
In article <1...@vision.UUCP> ch...@vision.UUCP (Chris Davies) writes:
>The program 'crypt' does not exist outside the US, thanks to the DoD...
Au contraire, any Unix site that was in business early on has it, at least
on an old distribution tape. Its export was perfectly routine until certain,
uh, persons decided to get an Official Opinion on it, at which point the
doors slammed shut.
>... Thus Joe User
>has the additional hassle of writing their own crypt/decrpyt program...
There is quite a bit of crypto software, including implementations of DES
and other relatively good cryptosystems (crypt(1) was poor), in circulation
outside the US. Only DoD thinks that us furriners are incapable of writing
crypto software ourselves.
--
NFS: all the nice semantics of MSDOS, | Henry Spencer at U of Toronto Zoology
and its performance and security too. | he...@zoo.toronto.edu utzoo!henry
Path: gmdzi!unido!mcsun!uunet!cs.utexas.edu!news-server.csri.toronto.edu!
utgpu!utzoo!henry
From: he...@zoo.toronto.edu (Henry Spencer)
Newsgroups: news.sysadmin,comp.mail.uucp
Subject: Re: Passing proprietary messages through competitors or other sites
Message-ID: <1990Jul29.232029.27159@zoo.toronto.edu>
Date: 29 Jul 90 23:20:29 GMT
References: <12687@netcom.UUCP> <6iZZm1w162w@cds1.UUCP>
Organization: U of Toronto Zoology
Lines: 11
Posted: Mon Jul 30 00:20:29 1990
In article <6iZZm1w1...@cds1.UUCP> m...@cds1.UUCP (Mathew Di Nicola) writes:
>There's only one drawback -- encrypting, decrypting, and generating RSA
>keys takes a long time...
There is another: RSA is patented in the US, and the patent owners are
actively defending it against infringement. (There is *no* "fair use"
exemption for patents, so it does not matter what you are using it for,
by the way.)
--
The 486 is to a modern CPU as a Jules | Henry Spencer at U of Toronto Zoology
Verne reprint is to a modern SF novel. | he...@zoo.toronto.edu utzoo!henry
Path: gmdzi!unido!mcsun!uunet!drivax!frotz
From: fr...@drivax.UUCP (Frotz)
Newsgroups: news.sysadmin,comp.mail.uucp
Subject: Re: Passing proprietary messages through competitors or other sites
Message-ID: <PQCN2B5@drivax.UUCP>
Date: 31 Jul 90 18:17:03 GMT
References: <6@raysnec.UUCP> <KARL.90Jul27101617@giza.cis.ohio-state.edu>
<aqmcfe.n4w@wang.com>
Sender: frotz%dri...@uunet.uu.net
Reply-To: frotz%dri...@uunet.uu.net
Organization: Digital Research, Monterey CA
Lines: 9
Posted: Tue Jul 31 19:17:03 1990
f...@wang.com (Tom Fitzgerald) writes:
] If you just mean you'll shortcut to the last FQDN in the path, never mind,
] I think that's pretty well understood by everyone.
OK. I'll byte. What is FQDN? I have not seen this before and
neither has anyone else locally.
--
Frotz
Path: gmdzi!unido!mcsun!uunet!aplcen!uakari.primate.wisc.edu!
zaphod.mps.ohio-state.edu!tut.cis.ohio-state.edu!mesquite.charcoal.com!
charcoal.com!karl_kleinpaste
From: karl_kleinpa...@charcoal.com
Newsgroups: news.sysadmin,comp.mail.uucp
Subject: Re: Passing proprietary messages through competitors or other sites
Message-ID: <KARL.90Jul31204311@mesquite.charcoal.com>
Date: 1 Aug 90 00:43:11 GMT
References: <PQCN2B5@drivax.UUCP>
Sender: karl_kleinpa...@mesquite.charcoal.com
Followup-To: news.sysadmin,comp.mail.uucp
Organization: Charcoal Communicators
Lines: 22
Posted: Wed Aug 1 01:43:11 1990
fr...@drivax.uucp writes:
f...@wang.com (Tom Fitzgerald) writes:
] If you just mean you'll shortcut to the last FQDN in the path, never mind,
] I think that's pretty well understood by everyone.
OK. I'll byte. What is FQDN? I have not seen this before and
neither has anyone else locally.
FQDN == fully-qualified domain name, i.e., a dot-separated group of
names which describe (e.g.) a host hierarchically within the universe
of all hosts.
"mesquite.charcoal.com," "tut.cis.ohio-state.edu," "turbo.bio.net,"
and "rutgers.edu" are FQDNs. "drivax" is an unqualified hostname
(occasionally "OWHN," a one-word host name), as typically found in
UUCP subsystems. "drivax.uucp" is a fake domain name, in that there
is no top-level ".uucp" domain registered in the DNS (Domain Name
System). It is frequently (usually?) recognized by convention (as is
".bitnet") but strictly-conforming Internet sites do not recognize it.
I think I'm going to include a glossary of this stuff when I finish
the FAQ articles on domain registration.
Path: gmdzi!unido!mcsun!uunet!ns-mx!iowasp.physics.uiowa.edu!
maverick.ksu.ksu.edu!ux1.cso.uiuc.edu!brutus.cs.uiuc.edu!wuarchive!
cs.utexas.edu!texbell!splut!jay
From: j...@splut.conmicro.com (Jay "you ignorant splut!" Maynard)
Newsgroups: news.sysadmin,comp.mail.uucp
Subject: Re: Passing proprietary messages through competitors or other sites
Message-ID: <D0X&33:@splut.conmicro.com>
Date: 2 Aug 90 01:04:45 GMT
References: <PQCN2B5@drivax.UUCP> <KARL.90Jul31204311@mesquite.charcoal.com>
Reply-To: j...@splut.conmicro.com (Jay "you ignorant splut!" Maynard)
Organization: Confederate Microsystems, League City, TX
Lines: 15
Posted: Thu Aug 2 02:04:45 1990
In article <KARL.90Jul31204...@mesquite.charcoal.com>
karl_kleinpa...@charcoal.com writes:
>I think I'm going to include a glossary of this stuff when I finish
>the FAQ articles on domain registration.
While you're at it, please include a section on how to update info, too.
I need to change a few things in my domain registration, and have no
concept of how to go about it - and I'm not willing to pay uunet another
$35 to make the change, now that I have direct Internet access (though
not from this machine).
--
Jay Maynard, EMT-P, K5ZC, PP-ASEL | Never ascribe to malice that which can
j...@splut.conmicro.com (eieio)| adequately be explained by stupidity.
"It's a hardware bug!" "It's a +----------------------------------------
software bug!" "It's two...two...two bugs in one!" - _Engineer's Rap_