LISTSERV - GAMBIA-L Archives - LISTSERV.ICORS.ORG

GAMBIA-L Archives

The Gambia and Related Issues Mailing List

GAMBIA-L@LISTSERV.ICORS.ORG

	LISTSERV Archives
	GAMBIA-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Managers: Do something about this impersonation
From:	Amadu Kabir Njie <[log in to unmask]>
Reply To:	Amadu Kabir Njie <[log in to unmask]>
Date:	Sun, 7 May 2000 22:57:18 +0200
Content-Type:	text/plain
Parts/Attachments:	text/plain (115 lines)

Hello Katim,

Is there any time limit in which the confirmation request must be replied to
before it "expires"? For example, if I send a message to the list and have
to hurry away on some errand, how long will it take before the posting is
forfeited? I started to wonder just when I replied to the confirmation
request for the mail I just forwarded on behalf of Elhajj Mustapha Fye.

Regards,

Kabir.

PS: In forwarding "THE BLUE WALL OF SILENCE" ON TRACK Elhajj Mustapha Fye, I
meant to write: "I'm forwarding the posting below for Elhajj Mustapha Fye as
he's having access
problems".


----- Original Message -----
From: Katim S. Touray <[log in to unmask]>
To: <[log in to unmask]>
Sent: 7. mai 2000 01:46
Subject: Re: Managers: Do something about this impersonation


> Hi Prince,
>
> Thanks, but no thanks for your contribution on the issue of impersonation
on
> Gambia-L.  The reason for the "thanks" is that all ideas are welcome on
> Gambia-L, and I say "no thanks" because the last thing we need is for
> someone to be giving people more ideas about how to go about messing up
the
> list.
>
> Having said that, I would like to reassure everyone that, fortunately,
there
> is a flaw in Prince's argument.  As I indicated before, the confirmation
> requirement means that whenever you send a posting to the list, the server
> will re-send it to you asking that you confirm that it's indeed from you.
> You will then have to acknowledge the request for confirmation before your
> posting is distributed.  Please note that all you need to do to confirm
that
> the posting is from you is to hit your "Reply" button, and type the "OK"
> without the quotation marks, and then the "Enter" key in the first line of
> your reply.  The server will then distribute your posting to the list.
>
> The fact that the request for confirmation goes to the address that it was
> from means that contrary to what Prince claims, it would not be a trivial
> affair to bypass this bottleneck.  Thus, if I subscribe the address
> [log in to unmask] and someone impersonates me by sending a posting in that
> name, that person will be able to reply to the request for confirmation
only
> if he breaks into my hotmail account, and replies to mail sent there.  In
> that event, not only has the person committed a crime against me (by
> impersonating me), but he or she as also tresspassed Hotmail's computers,
> and should be prepared to deal with the consequences.
>
> To recap, while it is fairly easy to impersonate someone in the absence of
a
> confirmation option, it will from now on be more difficult, simply because
> acknowledgements to the confirmation requests are only accepted if they
come
> from the address to which they were sent.  This is because the list server
> keeps track of confirmation messages using tags it generates itself, and
you
> can only forge them if you see them.  Given that you only see them if they
> are meant for you, why would you want to forge them anyway?
>
> I hope this clears the picture.  Again, please excuse the hassle all this
> will cause.  I'm sure some will find it a bit frustrating in the begining,
> as they grapple with this confirmation thing, but I'm sure very soon,
we'll
> all be pros at it.  Have a great weekend, and best wishes.
>
> Katim
> ----- Original Message -----
> From: Prince Obrien-Coker <[log in to unmask]>
> To: <[log in to unmask]>
> Sent: Saturday, May 06, 2000 12:44 PM
> Subject: Re: Managers: Do something about this impersonation
>
>
> Katim,
>
> I am extremely sorry to inform you that your "confirmation" strategy to
> prevent impersonation will not work with either dynamic IP addresses or
the
> "portmanteau" email accounts like that of Hotmail.com or Yahoo.com. The
> method being used to impersonate someone is more sophisticated than merely
> sending an email in somebody else's name. It is a method more akin to
> hacking or hijacking (cyber-jacking) of someone's email account and that
>
> --------------------------------------------------------------------------
--
>
> To unsubscribe/subscribe or view archives of postings, go to the Gambia-L
> Web interface at: http://maelstrom.stjohns.edu/archives/gambia-l.html
>
> --------------------------------------------------------------------------
--


__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

----------------------------------------------------------------------------

To unsubscribe/subscribe or view archives of postings, go to the Gambia-L
Web interface at: http://maelstrom.stjohns.edu/archives/gambia-l.html

----------------------------------------------------------------------------

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG