The Unix Heritage Society mailing list
 help / color / mirror / Atom feed
* [TUHS] 30th Anniversary of most epic netnews post
@ 2021-04-01 12:21 Ron Natalie
  2021-04-01 14:24 ` Adam Sjøgren via TUHS
  2021-04-01 21:11 ` Dave Horsfall
  0 siblings, 2 replies; 9+ messages in thread
From: Ron Natalie @ 2021-04-01 12:21 UTC (permalink / raw)
  To: The Unix Heritage Society mailing list

[-- Attachment #1: Type: text/plain, Size: 3018 bytes --]

From spaf@cs.purdue.EDU Thu Apr  4 23:11:22 1991
Path: ai-lab!mintaka!mit-eddie!wuarchive!usc!apple!amdahl!walldrug!moscvax!perdue!spaf
From: spaf@cs.purdue.EDU (Gene Spafford)
Newsgroups: news.announce.important,news.admin
Subject: Warning: April Fools Time again (forged messages on the loose!)
Message-ID: <4-1-1991@medusa.cs.purdue.edu>
Date: 1 Apr 91 00:00:00 GMT
Expires: 1 May 91 00:00:00 GMT
Followup-To: news.admin
Organization: Dept. of Computer Sciences, Purdue Univ.
Lines: 25
Approved: spaf@cs.purdue.EDU
Xref: ai-lab news.announce.important:19 news.admin:8235

Warning: April 1 is rapidly approaching, and with it comes a USENET
tradition. On April Fools day comes a series of forged, tongue-in-cheek
messages, either from non-existent sites or using the name of a Well Known
USENET person. In general, these messages are harmless and meant as a joke,
and people who respond to these messages without thinking, either by flaming
or otherwise responding, generally end up looking rather silly when the
forgery is exposed.

So, for the few weeks, if you see a message that seems completely out
of line or is otherwise unusual, think twice before posting a followup
or responding to it; it's very likely a forgery.

There are a few ways of checking to see if a message is a forgery. These
aren't foolproof, but since most forgery posters want people to figure it
out, they will allow you to track down the vast majority of forgeries:

	o Russian computers. For historic reasons most forged messages have
	  as part of their Path: a non-existent (we think!) russian
	  computer, either kremvax or moscvax. Other possibilities are
	  nsacyber or wobegon. Please note, however, that walldrug is a real
	  site and isn't a forgery.

	o Posted dates. Almost invariably, the date of the posting is forged
	  to be April 1.

	o Funky Message-ID. Subtle hints are often lodged into the
	  Message-Id, as that field is more or less an unparsed text string
	  and can contain random information. Common values include pi,
	  the phone number of the red phone in the white house, and the
	  name of the forger's parrot.

	o subtle mispellings. Look for subtle misspellings of the host names
	  in the Path: field when a message is forged in the name of a Big
	  Name USENET person. This is done so that the person being forged
	  actually gets a chance to see the message and wonder when he
	  actually posted it.

Forged messages, of course, are not to be condoned. But they happen, and
it's important for people on the net not to over-react. They happen at this
time every year, and the forger generally gets their kick from watching the
novice users take the posting seriously and try to flame their tails off. If
we can keep a level head and not react to these postings, they'll taper off
rather quickly and we can return to the normal state of affairs: chaos.

Thanks for your support.

Gene Spafford, Net.God (and probably tired of seeing this message)

[-- Attachment #2: Type: text/html, Size: 4155 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [TUHS] 30th Anniversary of most epic netnews post
  2021-04-01 12:21 [TUHS] 30th Anniversary of most epic netnews post Ron Natalie
@ 2021-04-01 14:24 ` Adam Sjøgren via TUHS
  2021-04-01 15:20   ` Ron Natalie
  2021-04-01 21:11 ` Dave Horsfall
  1 sibling, 1 reply; 9+ messages in thread
From: Adam Sjøgren via TUHS @ 2021-04-01 14:24 UTC (permalink / raw)
  To: tuhs

Ron quotes:

> Subject: Warning: April Fools Time again (forged messages on the loose!)
> Message-ID: <4-1-1991@medusa.cs.purdue.edu>
> Date: 1 Apr 91 00:00:00 GMT

Interesting; here is the 1988 version:

 · https://article.olduse.net/35111-F%40medusa.cs.purdue.edu

and the ones from 1989:

 · https://article.olduse.net/4-1-89%40medusa.cs.purdue.edu
 · https://article.olduse.net/4-1-1989%40medusa.cs.purdue.edu
 · https://article.olduse.net/4-1-1989%40hydra.cs.purdue.edu

Note the Summary: header in the last variation.

Courtesy of Joey Hess' olduse.net project: http://olduse.net/


  Best regards,

    Adam

-- 
 "Archbishop of anarchy"                                    Adam Sjøgren
                                                       asjo@koldfront.dk


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [TUHS] 30th Anniversary of most epic netnews post
  2021-04-01 14:24 ` Adam Sjøgren via TUHS
@ 2021-04-01 15:20   ` Ron Natalie
  2021-04-01 15:28     ` Larry McVoy
  2021-04-01 15:30     ` John Foust
  0 siblings, 2 replies; 9+ messages in thread
From: Ron Natalie @ 2021-04-01 15:20 UTC (permalink / raw)
  To: tuhs

Thanks,  I was looking for the older ones and couldn't find them.
I knew the "tired of seeing this post" thing meant I was looking at a 
reprise.

By the way, for those who don't know.   Spaf didn't write any of it.    
The message itself was the spoof warned about (and all the "ways to 
tell" appear in the message/headers).


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [TUHS] 30th Anniversary of most epic netnews post
  2021-04-01 15:20   ` Ron Natalie
@ 2021-04-01 15:28     ` Larry McVoy
  2021-04-01 16:14       ` John Floren
  2021-04-01 21:27       ` John Cowan
  2021-04-01 15:30     ` John Foust
  1 sibling, 2 replies; 9+ messages in thread
From: Larry McVoy @ 2021-04-01 15:28 UTC (permalink / raw)
  To: Ron Natalie; +Cc: tuhs

On Thu, Apr 01, 2021 at 03:20:32PM +0000, Ron Natalie wrote:
> Thanks,  I was looking for the older ones and couldn't find them.
> I knew the "tired of seeing this post" thing meant I was looking at a
> reprise.
> 
> By the way, for those who don't know.   Spaf didn't write any of it.    The
> message itself was the spoof warned about (and all the "ways to tell" appear
> in the message/headers).

It's always amazed me that courts will take emails as "evidence" because it is
absolutely trivial to fake them.  Unless they've added some crypto host
identification (have they?)

--lm

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [TUHS] 30th Anniversary of most epic netnews post
  2021-04-01 15:20   ` Ron Natalie
  2021-04-01 15:28     ` Larry McVoy
@ 2021-04-01 15:30     ` John Foust
  1 sibling, 0 replies; 9+ messages in thread
From: John Foust @ 2021-04-01 15:30 UTC (permalink / raw)
  To: tuhs


Of course they're all referring to the original Kremvax.

https://godfatherof.nl/kremvax.html

- John


^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [TUHS] 30th Anniversary of most epic netnews post
  2021-04-01 15:28     ` Larry McVoy
@ 2021-04-01 16:14       ` John Floren
  2021-04-01 16:22         ` Richard Salz
  2021-04-01 21:27       ` John Cowan
  1 sibling, 1 reply; 9+ messages in thread
From: John Floren @ 2021-04-01 16:14 UTC (permalink / raw)
  To: Larry McVoy; +Cc: tuhs

On Thu, Apr 1, 2021 at 8:29 AM Larry McVoy <lm@mcvoy.com> wrote:
> It's always amazed me that courts will take emails as "evidence" because it is
> absolutely trivial to fake them.  Unless they've added some crypto host
> identification (have they?)
>
> --lm

To some extent, yes, via DKIM:
https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail

This came up during the Hunter Biden email, uh, "situation". Basically
you can use the DKIM signature to verify that an email was actually
sent from a particular user account on a particular server. Of course,
it makes no guarantee of who actually *wrote* that email, only that it
was sent by someone with access to the account... or, more sinisterly,
that the owner of the mail server has helped to fake the email! Here's
a POC: https://github.com/robertdavidgraham/hunter-dkim

For unrelated reasons, late last year people started calling for
Google to periodically rotate DKIM keys and release the old ones,
which would mean anyone could spoof an email from a few years ago:
https://blog.cryptographyengineering.com/2020/11/16/ok-google-please-publish-your-dkim-secret-keys/

John

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [TUHS] 30th Anniversary of most epic netnews post
  2021-04-01 16:14       ` John Floren
@ 2021-04-01 16:22         ` Richard Salz
  0 siblings, 0 replies; 9+ messages in thread
From: Richard Salz @ 2021-04-01 16:22 UTC (permalink / raw)
  To: John Floren; +Cc: TUHS main list

[-- Attachment #1: Type: text/plain, Size: 84 bytes --]

Signatures can be forged too but courts seem okay evaluating that kind of
evidence.

[-- Attachment #2: Type: text/html, Size: 106 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [TUHS] 30th Anniversary of most epic netnews post
  2021-04-01 12:21 [TUHS] 30th Anniversary of most epic netnews post Ron Natalie
  2021-04-01 14:24 ` Adam Sjøgren via TUHS
@ 2021-04-01 21:11 ` Dave Horsfall
  1 sibling, 0 replies; 9+ messages in thread
From: Dave Horsfall @ 2021-04-01 21:11 UTC (permalink / raw)
  To: The Eunuchs Hysterical Society

I remember that one well; I recall that Robert Elz also posted a similar 
ome, using the path ...!moscvax!kremvax!kgbvax!gorby.

-- Dave

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [TUHS] 30th Anniversary of most epic netnews post
  2021-04-01 15:28     ` Larry McVoy
  2021-04-01 16:14       ` John Floren
@ 2021-04-01 21:27       ` John Cowan
  1 sibling, 0 replies; 9+ messages in thread
From: John Cowan @ 2021-04-01 21:27 UTC (permalink / raw)
  To: Larry McVoy; +Cc: TUHS main list

[-- Attachment #1: Type: text/plain, Size: 1060 bytes --]

On Thu, Apr 1, 2021 at 11:29 AM Larry McVoy <lm@mcvoy.com> wrote:

It's always amazed me that courts will take emails as "evidence" because it
> is
> absolutely trivial to fake them.  Unless they've added some crypto host
> identification (have they?)


Evidence is not the same as conclusive evidence, and it would be perfectly
proper for one side to introduce emails and the other side to claim that a
particular email or emails are forged.  It would then be up to the trier of
fact (jury or judge) to decide who is most convincing on that meta-issue.



John Cowan          http://vrici.lojban.org/~cowan        cowan@ccil.org
And now here I was, in a country where a right to say how the country should
be governed was restricted to six persons in each thousand of its
population.
For the nine hundred and ninety-four to express dissatisfaction with the
regnant system and propose to change it, would have made the whole six
shudder as one man, it would have been so disloyal, so dishonorable, such
putrid black treason.  --Mark Twain's Connecticut Yankee

[-- Attachment #2: Type: text/html, Size: 2290 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2021-04-01 21:28 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-01 12:21 [TUHS] 30th Anniversary of most epic netnews post Ron Natalie
2021-04-01 14:24 ` Adam Sjøgren via TUHS
2021-04-01 15:20   ` Ron Natalie
2021-04-01 15:28     ` Larry McVoy
2021-04-01 16:14       ` John Floren
2021-04-01 16:22         ` Richard Salz
2021-04-01 21:27       ` John Cowan
2021-04-01 15:30     ` John Foust
2021-04-01 21:11 ` Dave Horsfall

The Unix Heritage Society mailing list

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.vuxu.org/tuhs

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 tuhs tuhs/ http://inbox.vuxu.org/tuhs \
		tuhs@minnie.tuhs.org
	public-inbox-index tuhs

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.tuhs


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git