FAQ: Better living through forgery

FAQ: Better living through forgery

Post by Computer Us » Sun, 11 Jun 1995 04:00:00




Quote:>    Anonymous netnews without "anonymous" remailers

This is terrible! In good ol' times, the ones who could forge at least
had to figure out what was RFC977, be able to write perl or shell or
expect scripts (whatever you like) and find an IHAVE-friendly server.
These people at least were educated enough to understand that they have
some responsibility. Now you post it to news.newusers.questions with all
scripts. Guess what will happen. Guess what will happen to news.??.net,
*.

YOU ARE A *HEAD IRRESPONSIBLE MOTHER*ING BASTARD, FORGER!

 
 
 

FAQ: Better living through forgery

Post by Will Spenc » Sun, 11 Jun 1995 04:00:00




 >>       Anonymous netnews without "anonymous" remailers
 >>
 >This is terrible! In good ol' times, the ones who could forge at least
 >had to figure out what was RFC977, be able to write perl or shell or
 >expect scripts (whatever you like) and find an IHAVE-friendly server.
 >These people at least were educated enough to understand that they have
 >some responsibility. Now you post it to news.newusers.questions with all
 >scripts. Guess what will happen. Guess what will happen to news.??.net,
 >*.
 >YOU ARE A *HEAD IRRESPONSIBLE MOTHER*ING BASTARD, FORGER!

Ever wonder who you are flaming???

David C. Lawrence is the moderator of news.announce.newgroups, the
ultimate arbiter and auditor of RFD/CFV/Newgroup-Rmgroup procedures on
mainstream hierarchies, and thus the de-facto czar of mainstream
Usenet. Basically, in news.*, misc.*, soc.*, talk.*, comp.*, and sci.*,
he is the one who determines authoritatively what is and what is not a
valid newsgroup.

--
/*  Will Spencer / Voyager        :  The advancement and diffusion  */
/*  Member: TNO, The New Order    :  of knowledge is the only       */
/*  alt.2600/#hack FAQ Editor     :  guardian of true liberty.      */
/*  Writer, poet, hacker, human   :               -- James Madison  */

 
 
 

FAQ: Better living through forgery

Post by David C Lawren » Sun, 11 Jun 1995 04:00:00


        Anonymous netnews without "anonymous" remailers

Inspired by the recent "NetNews Judges-L" events, this file has been updated to cover forging control messages.  It is being posted periodically to address
the increasing trend of "how do I fake news?" questions from the lamers, and
the revelation that anonymous remailers are UNSAFE.  In addition to anonymous
posting, you can also do your own article canceling and create and destroy your
own newsgroups using the information presented here.

Save any news article to a file.  We'll call it "hak" in this example.

Edit "hak", and remove any header lines of the form

        From some!random!path!user   (note: "From ", not "From: " !!)
        Article:
        Lines:
        Xref:

Shorten the Path: header down to its LAST two or three "bangized" components.
This is to make the article look like it was posted from where it really was
posted, and originally hit the net at or near the host you send it to.  Or
you can construct a completely new Path: line to reflect your assumed alias.

Make some change to the Message-ID: field, that isn't likely to be duplicated
anywhere.  This is usually best done by adding a couple of random characters to

field to generate these IDs.

Change the other headers to say what you like -- From:, Newsgroups:,
Sender:, etc.  Replace the original message text with your message.  If you are
posting to a moderated group or posting a control message, remember to put in
an Approved: header to bypass the moderation mechanism.

To specifically cancel someone else's article, you need its message-ID.  Your
message headers, in addition to what's already there, should also contain the
following with that message-ID in it.  This makes it a "control message".
NOTE: control messages generally require an Approved: header as well, so
you should add one.




Newsgroups are created and destroyed with control messages, too.  If you
wanted to create, for instance, comp.misc.microsoft.sucks, your control
headers would look like

Subject: cmsg newgroup comp.misc.microsoft.sucks
Control: newgroup comp.misc.microsoft.sucks

Add on the string "moderated" at the end of these if you want the group to
be "moderated with no moderator" as with alt.hackers.  Somewhere in the
body of your message, you should include the following text, changed with
the description of the group you're creating:

For your newsgroups file:
comp.misc.microsoft.sucks               We don't do windows

To remove a group, substitute "rmgroup" for "newgroup" in the header lines
above.  Keep in mind that most sites run all "rmgroup" requests through
a human news-master, who may or may not decide to honor it.  Group creation
is more likely to be automatic than deletion at most installations.  Any
newsgroup changes are more likely to take effect if the come from me, since
my name is hardwired into many of the NNTP control scripts, so using the
From: and Approved: headers from this posting is recommended.

Save your changed article, check it to make sure it contains NO reference
to yourself or your own site, and send it to your favourite NNTP server that
permits transfers via the IHAVE command, using the following script:

=======================
#! /bin/sh
## Post an article via IHAVE.
## args: filename server

if test "$2" = "" ; then
  echo usage: $0 filename server
  exit 1
fi
if test ! -f $1 ; then
  echo $1: not found
  exit 1
fi

# suck msg-id out of headers, keep the brackets
msgid=`sed -e '/^$/,$d' $1 | egrep '^[Mm]essage-[Ii][Dd]: ' | \
  sed 's/.*-[Ii][Dd]: //'`
echo $msgid

( sleep 5
  echo IHAVE $msgid
  sleep 5
  cat $1
  sleep 1
  echo "."
  sleep 1
  echo QUIT ) | telnet $2 119
=======================

If your article doesn't appear in a day or two, try a different server.
They are easy to find.  Here's a script that will break a large file
full of saved netnews into a list of hosts to try.  Edit the output
of this if you want, to remove obvious peoples' names and other trash.

=======================
#! /bin/sh
FGV='fgrep -i -v'
egrep '^Path: ' $1 | sed -e 's/^Path: //' -e 's/!/\
/g' | sort -u | fgrep . | $FGV .bitnet | $FGV .uucp
=======================

Once you have your host list, feed it to the following script.

=======================
#! /bin/sh

while read xx ; do
if test "$xx" = "" ; then continue;
fi
echo === $xx
( echo open $xx 119
  sleep 5

  sleep 4
  echo .
  echo quit
  sleep 1
  echo quit
) | telnet
done
=======================

If the above script is called "findem" and you're using csh, you should do

        findem < list >& outfile

so that ALL output from telnet is captured.  This takes a long time, but when
it finishes, edit "outfile" and look for occurrences of "335".  These mark
answers from servers that might be willing to accept an article.  This isn't a
completely reliable indication, since some servers respond with acceptance and
later drop articles.  Try a given server with a slightly modified repeat of
someone else's message, and see if it eventually appears.

Sometimes the telnets get into an odd state, and freeze, particularly when
a host is refusing NNTP connections.  If you manually kill these hung telnet
processes but not the main script, the script will continue on.  In other
words, you may have to monitor the finding script a little while it is
running.

You will notice other servers that don't necessarily take an IHAVE, but
say "posting ok".  You can probably do regular POSTS through these, but they
will add an "NNTP-Posting-Host: " header containing the machine YOU came from
and are therefore unsuitable for completely anonymous use.

We maintain an IHAVE-friendly host is right here -- news.uu.net.  Feel free
to test these scripts through our server.

PLEASE USE THE INFORMATION IN THIS ARTICLE FOR CONSTRUCTIVE PURPOSES ONLY.

 
 
 

FAQ: Better living through forgery

Post by Michael Shiel » Mon, 12 Jun 1995 04:00:00




> Ever wonder who you are flaming???

> David C. Lawrence is the moderator of news.announce.newgroups, the

I don't see a sequitur here.
--
Shields.
 
 
 

FAQ: Better living through forgery

Post by Peter Vorobie » Mon, 12 Jun 1995 04:00:00





> >>     Anonymous netnews without "anonymous" remailers

> >This is terrible! [snip]
>Ever wonder who you are flaming???

>David C. Lawrence is the moderator of news.announce.newgroups, the

[snip]

YHBT. HAND.
--
Thus spake Kalmoth the Vile, Slayer of One Robot and Seven Pigs.
DISCLAIMER: Opinions expressed in the article above, if any, are channeled from
            the Fungi of Yuggoth and  do not necessarily represent the views of
            my other employers.

 
 
 

FAQ: Better living through forgery

Post by Robert Smi » Mon, 12 Jun 1995 04:00:00



>Ever wonder who you are flaming???

>David C. Lawrence is the moderator of news.announce.newgroups, the
>ultimate arbiter and auditor of RFD/CFV/Newgroup-Rmgroup procedures on
>mainstream hierarchies, and thus the de-facto czar of mainstream
>Usenet. Basically, in news.*, misc.*, soc.*, talk.*, comp.*, and sci.*,
>he is the one who determines authoritatively what is and what is not a
>valid newsgroup.

He's probably not the author of the original post, either, given it's
content. Or did that escape some of you?

--

His mind is a muskeg of mediocity.

 
 
 

FAQ: Better living through forgery

Post by Daniel Hartu » Mon, 12 Jun 1995 04:00:00





> >>   Anonymous netnews without "anonymous" remailers

> >This is terrible! In good ol' times, the ones who could forge at least
[snip]
> >YOU ARE A *HEAD IRRESPONSIBLE MOTHER*ING BASTARD, FORGER!

>Ever wonder who you are flaming???

>David C. Lawrence is the moderator of news.announce.newgroups, the
>ultimate arbiter and auditor of RFD/CFV/Newgroup-Rmgroup procedures on
>mainstream hierarchies, and thus the de-facto czar of mainstream
>Usenet. Basically, in news.*, misc.*, soc.*, talk.*, comp.*, and sci.*,
>he is the one who determines authoritatively what is and what is not a
>valid newsgroup.

Uh, for your benefit, here is the message ID from the
Better Living thru Forgery "FAQ":

--
 Daniel A. Hartung             |  Usenet now has an Arts/Humanities hierarchy!


 http://www.veryComputer.com/~dhartung/ |  

 
 
 

FAQ: Better living through forgery

Post by Toma » Tue, 13 Jun 1995 04:00:00


Man oh man...

I'm no saint, but some people...

Sheesh!

I strongly suggest that some people try to use a dictionary or thesaurus
to get their point across...

And some people wonder why the media is having a field day about the
Internet...

Regards,

  -- Tom

 
 
 

FAQ: Better living through forgery

Post by Rob J. Nau » Tue, 13 Jun 1995 04:00:00




 >>       Anonymous netnews without "anonymous" remailers
 >>
 >This is terrible! In good ol' times, the ones who could forge at least
 >had to figure out what was RFC977, be able to write perl or shell or
 >expect scripts (whatever you like) and find an IHAVE-friendly server.
 >These people at least were educated enough to understand that they have
 >some responsibility. Now you post it to news.newusers.questions with all
 >scripts. Guess what will happen. Guess what will happen to news.??.net,
 >*.
 >YOU ARE A *HEAD IRRESPONSIBLE MOTHER*ING BASTARD, FORGER!

Quote:>Ever wonder who you are flaming???
>David C. Lawrence is the moderator of news.announce.newgroups, the
>ultimate arbiter and auditor of RFD/CFV/Newgroup-Rmgroup procedures on
>mainstream hierarchies, and thus the de-facto czar of mainstream
>Usenet. Basically, in news.*, misc.*, soc.*, talk.*, comp.*, and sci.*,
>he is the one who determines authoritatively what is and what is not a
>valid newsgroup.

And, he isn't the one that posted it. I guess the person using the abusive
language is trying to flame the anonymous user that forged the post, at
least he used the 'IN A FORGED MESSAGE' clause.

Rob
--
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~

REDWOOD Business Group B.V.        Phone:       +31-3404-31310
Princenhof Park 13                 Telefax:     +31-3404-30477
3972 NG DRIEBERGEN
The Netherlands

 
 
 

FAQ: Better living through forgery

Post by fireb » Tue, 13 Jun 1995 04:00:00






> >>   Anonymous netnews without "anonymous" remailers

> >YOU ARE A *HEAD IRRESPONSIBLE MOTHER*ING BASTARD, FORGER!

>Ever wonder who you are flaming???

It seems that he is flaming the person that forged the message. In fact,
that seems *quite*clear*. Maybe before YOU flame someone, you should look at
what they said, instead of taking an opportunity to prove what a smart guy
you are.

Quote:>David C. Lawrence is the moderator of news.announce.newgroups, the
>ultimate arbiter and auditor of RFD/CFV/Newgroup-Rmgroup procedures on
>mainstream hierarchies, and thus the de-facto czar of mainstream
>Usenet. Basically, in news.*, misc.*, soc.*, talk.*, comp.*, and sci.*,
>he is the one who determines authoritatively what is and what is not a
>valid newsgroup.

Even if this was who he was flaming, I'd like you to take note of a few
things:
1) tale did not post that.
2) He clearly flamed the forger.
3) Just because tale is an Important Guy doesn't mean one should fear him,
were he to do something stupid like actually post that idiot's guide to
forgery.
4) rec.* and humanities.* also.
5) The people determine what is and what is not a valid newsgroup. A lot of
people trust tale to do that for them. But he has no "authoritative" power.
Like you said, he has de facto power. He can't decide that a group is a bad
idea, or that he doesn't like the outcome of a vote. It's not part of his
job, it's something that would*people off, it would be quite dishonest.

In short, not one thing you said was accurate or relevant. You're quite the
smart guy, Will.

 
 
 

FAQ: Better living through forgery

Post by Scott A. Moo » Tue, 13 Jun 1995 04:00:00


I would not be stunned if the information in the posting was true. Several
of my knowledgable friends have told me this is possible (I have better
things to do, personally).

But are the standards being updated to make this kind of nonsense
impossible (or more difficult) ? Requiring PGP signatures on control
messages would seem like a start....

                                                [sam] (the real one)

 
 
 

FAQ: Better living through forgery

Post by Nathan J. Me » Tue, 13 Jun 1995 04:00:00



: Ever wonder who you are flaming???
:  
: David C. Lawrence is the moderator of news.announce.newgroups, the

BWAH HAH HAH HAH HAH HAH HAH!

Let's just say that even if I *didn't* know for a fact that Dave is
happily away on vacation right now, I still wouldn't have believed
for even a fraction of an instant that that post actually came from
him.

I suggest that you think for a second about the liklihood that a post
containing explicit instructions for usenet forgery would be posted
under the author's actual real name.

*sigh*  Now all we need is for the bozos at SatelNET to turn those
scripts into a cgi form, and we can all officially give up on this
silly usenet idea.

Yeah, film at 11, I know, I know, I know...

--

|       Will sell soul for date with PJ Harvey.  Inquire within.       |
|If you think I speak for my employer, they'll be happy to correct you.|
|-------------{http://ccat.sas.upenn.edu/nmehl/home.html}---------------

 
 
 

FAQ: Better living through forgery

Post by The BOB » Tue, 13 Jun 1995 04:00:00



: I would not be stunned if the information in the posting was true. Several
: of my knowledgable friends have told me this is possible (I have better
: things to do, personally).

It does work and is useful for a number of reasons other than forgery.
For instance, you can increase your propogation by submitting an
article to several different sites at the same time.

One should note that most newsservers that accept articles via IHAVE do
keep a log of connections. This means that there is a record of what you
have done. The question is:  Will someone look at it?

The BOB(c)
--
Y O U  C A N  Q U O T E  M E  O N  T H A T    Andrew S. Damick
Dave Hayes once did say, "If it's only -your- computer, then I
think you can do what you want."  alt.fan.the-bob ishereandnow
Andrew S. Damick    Y O U  C A N  Q U O T E  M E  O N  T H A T

 
 
 

FAQ: Better living through forgery

Post by Wednesd » Tue, 13 Jun 1995 04:00:00





>: I would not be stunned if the information in the posting was true. Several
>: of my knowledgable friends have told me this is possible (I have better
>: things to do, personally).

>It does work and is useful for a number of reasons other than forgery.
>For instance, you can increase your propogation by submitting an
>article to several different sites at the same time.

Additionally, it provides a fairly reliable means of anonymous posting
to those unwilling to deal with the severe load problems of anon.penet.fi,
the technical morass of the cypherpunk mailers, and the lag problems
associated with telnettable anonymous servers. I am thinking mainly in
terms of the service this script could provide to members of the abuse-
trauma-related support and recovery newsgroups, especially in the face of
one of our primary anonymous account servers going down and another
suffering frequent technical difficulties. The script will probably be
included in the anonymous posting instructions section of the alt.abuse.
transcendence FAQ when I have a chance to deal with it.

Quote:>One should note that most newsservers that accept articles via IHAVE do
>keep a log of connections. This means that there is a record of what you
>have done. The question is:  Will someone look at it?

This is, however, the question one must ask of any anonymous posting system.
There is no 100% safe way to mask one's identity in this matter, barring
hacking your point-of-entry account in the first place (at which point one
faces legal questions).


    You are sentimental. You are passionate. You are actually FUN. You are
wistful. You are scarred. You are, in a philosophic sort of way, beautiful.
--   --   --   --   --   --   --   --   --   --   - Andrew S. Damick -   --

 
 
 

FAQ: Better living through forgery

Post by Lars Marowsky-Br » Tue, 13 Jun 1995 04:00:00


-----BEGIN PGP SIGNED MESSAGE-----

   I think we should better look into PGP approved control messages _NOW_.

Now, here we have it - a forged troublemaker, no THE forged troublemaker.
Sure, there is little to no news in this for the more intelligent and longer
participants of the Net. But I would expect this to get us a lot of
cancelled messages. Perhaps this has a good side, too, namely showing just
how vulnerable UseNet is to idiots. But I don't think this outweights the
disadvantages, ie every 'Stupid *' (to quote the message id) is now able
to, and WILL, cancel messages, creat groups and rm them.

Now, could someone please do a path comparison to check where this spam came
from?

Lars Marowsky-Bree   Voice: +49-571-63663   PGP-key avail. via server

PGP fingerprint:     CF FC 3A F0 86 F1 D3 EB  79 8A CF 75 4F 4C 81 DF

Quote:>                pleasure and pain - often the same                 <

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCzAwUBL9yMH+CsMSXatXlBAQEOBATvSsHNBUH/52CFmoK9I+t84JU6j2CmXNG5
fkYa1eGfqjXR1z+cbGqtsnBukT8b2gYhGNeVSGA+wvTPTOMHRGRkLlmaex4NN/i2
GzBI4wKuaPN47Bh+gl8d9Gp5STXB7MssenzKjPDYNbYQ1UZXkw1lE5PiUTj5I/jv
HmhFYSMU1R68oLpMKKFNBkfr8pcq+jRDJb5KDyFZt+5fGFvOMdQ=
=Co/E
-----END PGP SIGNATURE-----

 
 
 

1. FAQ: Better living through forgery (Updated!)

In news.admin.policy, comp.admin.policy, comp.security.misc, alt.security,
        misc.legal.computing, news.admin.misc, news.groups.questions,
        news.groups, news.newusers.questions, alt.censorship,
        alt.comp.acad-freedom.talk, and alt.current-events.net-abuse,
        somebody who forges their messages and probably isn't actually

        Heed that warning, even though the poster (David Lawrence or not)
doesn't really seem to care.  Forgery is not a joke.
        Forging messages basically breaks down the entire trust that
Usenet is based on, so DO NOT do it just to piss people off -- you are
likely to succeed, and there are a great many ways to trace a forgery.

--

  |   "That article and its poster have been canceled."                  |
  |                      -David B. O'Donnell, Sysadmin, America OnLine   |
 ----========== http://www.cybernothing.org/jdfalk/home.html ==========----

2. HELP: Apple print on BJ 300?

3. Call 1-800-856-2469, LIVE LIVE LIVE 809-474-7588 code2224

4. US Robotics Modems

5. access thru ms-proxy thru unix

6. Does anyone know how to use Adobe FrameMaker?

7. email forgery issues/questions

8. 3.0 -- can't empty trash in *in* box

9. alt.sex forgery allegation

10. CERT forgery

11. E-Mail Forgery in Netscape

12. mail forgery from outlook2000 client