• Comment 1/20/2019 8:14 PM.

    From Henri Derksen@2:280/1208 to GREGORY DEYSS on Monday, February 04, 2019 07:38:00
    Hello Gregory,

    I will put the following passwords in place
    areaFIX password ENGINE11
    tic password ENGINE11
    BinkP password ENGINE11A

    Normally passwords are always exchangend by private netmail,
    phone, fax, sms, letter, voice in person at meeting etc,
    but NOT in public via EchoMail !!!
    As a sysop you should know better.
    Now everyone can send mailbombs in most (private) FidoNet message area's
    via your system, even people wo were banned in the past.
    You can also be too transparant.
    So change your passwords again,
    and send them to all your links via a private way.
    Placing passwords in public is not allowed and XAB I think.

    Good luck.

    Henri.

    ---
    * Origin: Connectivity is the Future; UniCorn BBS 31 26 4425506 (2:280/1208)
  • From Ward Dossche@2:292/854 to Henri Derksen on Monday, February 04, 2019 08:10:54
    Henri,

    Normally passwords are always exchangend by private netmail,

    That's a very insecure method if it goes routed as several main mail-moving individuals here have made it no secret they are reading in-transit netmail, even when private-flagged.

    \%/@rd

    --- D'Bridge 3.99 SR41
    * Origin: Ceci n'est pas un courriel (2:292/854)
  • From Andrew Leary@1:320/219 to Ward Dossche on Monday, February 04, 2019 02:28:48
    Hello Ward!

    04 Feb 19 08:10, you wrote to Henri Derksen:

    Normally passwords are always exchangend by private netmail,

    That's a very insecure method if it goes routed as several main mail-moving individuals here have made it no secret they are reading in-transit netmail, even when private-flagged.

    That's why such messages should be sent DIRECT to the concerned system, or communicated to the sysop via a voice call, or possibly an encrypted email.

    Andrew

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: Phoenix BBS * phoenix.bnbbbs.net (1:320/219)
  • From Wilfred van Velzen@2:280/464 to Andrew Leary on Monday, February 04, 2019 13:56:50
    Hi Andrew,

    On 2019-02-04 02:28:48, you wrote to Ward Dossche:

    Normally passwords are always exchangend by private netmail,

    That's a very insecure method if it goes routed as several main
    mail-moving individuals here have made it no secret they are reading
    in-transit netmail, even when private-flagged.

    That's why such messages should be sent DIRECT to the concerned system, or communicated to the sysop via a voice call, or possibly an encrypted
    email.

    Now Ward is going to ask if you have Dutch ancestors, because of stating the obvious... ;)

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Ward Dossche@2:292/854 to Andrew Leary on Monday, February 04, 2019 14:14:40
    Andrew,

    That's why such messages should be sent DIRECT to the concerned system,
    or communicated to the sysop via a voice call, or possibly an encrypted email.

    Any Dutch ancestors? 8-)

    \%/@rd

    {Yes, Wilfred I saw your note ... :-)}

    --- D'Bridge 3.99 SR41
    * Origin: Ceci n'est pas un courriel (2:292/854)
  • From Wilfred van Velzen@2:280/464 to Ward Dossche on Monday, February 04, 2019 14:18:32
    Hi Ward,

    On 2019-02-04 14:14:40, you wrote to Andrew Leary:

    {Yes, Wilfred I saw your note ... :-)}

    Now you are stating the obvious... But you have a Dutch ancestor, if I remember
    correctly. ;)

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Andrew Leary@1:320/219 to Ward Dossche on Monday, February 04, 2019 08:18:20
    Hello Ward!

    04 Feb 19 14:14, you wrote to me:

    That's why such messages should be sent DIRECT to the concerned
    system, or communicated to the sysop via a voice call, or possibly
    an encrypted email.

    Any Dutch ancestors? 8-)

    Mostly Irish, actually. It may seem obvious to us old-timers, but we've all seen new sysops make that mistake (or similar ones) many times before.

    Andrew

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: Phoenix BBS * phoenix.bnbbbs.net (1:320/219)
  • From Ward Dossche@2:292/854 to Wilfred van Velzen on Monday, February 04, 2019 15:09:51
    Wilfred,

    Now you are stating the obvious... But you have a Dutch ancestor, if I remember correctly. ;)

    8-)

    Does Zeeland count as 'The Netherlands" ?

    \%/@rd

    --- D'Bridge 3.99 SR41
    * Origin: Ceci n'est pas un courriel (2:292/854)
  • From Kees van Eeten@2:280/5003.4 to Ward Dossche on Monday, February 04, 2019 15:31:44
    Hello Ward!

    04 Feb 19 15:09, you wrote to Wilfred van Velzen:

    Does Zeeland count as 'The Netherlands" ?

    Certainly, most of Zeeland is below sealevel, how nether do you want to go.

    Kees

    --- GoldED+/LNX 1.1.5
    * Origin: As for me, all I know is that, I know nothing. (2:280/5003.4)
  • From Ward Dossche@2:292/854 to Kees van Eeten on Monday, February 04, 2019 17:56:32
    Kees,

    Does Zeeland count as 'The Netherlands" ?

    Certainly, most of Zeeland is below sealevel, how nether do you want to
    go.

    Waterlandkerkje lies at an altitude of 2 (two) meter. That's not below sea level.

    Zundert is another place related to my ancestry, it lies even higher but in Noord Brabanrd.

    I prefer Zeeland though.

    \%/@rd

    --- D'Bridge 3.99 SR41
    * Origin: Ceci n'est pas un courriel (2:292/854)
  • From Gregory Deyss@1:267/150 to Henri Derksen on Tuesday, February 05, 2019 07:05:30
    Normally passwords are always exchangend by private netmail,
    phone, fax, sms, letter, voice in person at meeting etc,
    but NOT in public via EchoMail !!!
    As a sysop you should know better.

    1. This message did not originate on my system.
    2. I wrote this on the system as a private message and do to a configuration
    issue on that system it was send as echomail.
    3. No such passwords have been established until such time they can be confirmed. (yes, obviously they will be changed, because of the security that could be breached if I went head and used those.
    4. I would think it would be clear that message was not meant to go out as
    echomail.
    5. I was attempting to clean up my part of the nodelist and get rid of the
    deadwood of the systems that are not and have not in sometime been
    participating. It's easy to assume that there are plenty of systems that
    need to be removed.
    6. Sorry for any inconvenience that message may of caused.

    --- Mystic BBS v1.12 A41 2018/12/27 (Windows/64)
    * Origin: Capital Station BBS * telnet://csbbs.dyndns.org * (1:267/150)
  • From Gerrit Kuehn@2:240/12 to Ward Dossche on Wednesday, February 06, 2019 19:15:48
    Hello Ward!

    04 Feb 19 08:10, Ward Dossche wrote to Henri Derksen:


    That's a very insecure method if it goes routed as several main mail-moving individuals here have made it no secret they are reading in-transit netmail, even when private-flagged.

    Just use netmail via gpg, and everything's secure.


    Regards,
    Gerrit

    ... 7:15PM up 37 days, 21:11, 7 users, load averages: 0.10, 0.17, 0.16

    --- Msged/BSD 6.1.2
    * Origin: Tall orders to fulfil (2:240/12)
  • From Ward Dossche@2:292/854 to Gerrit Kuehn on Thursday, February 07, 2019 00:19:07
    Gerrit,

    That's a very insecure method if it goes routed as several main
    mail-moving individuals here have made it no secret they are reading GK>WD> in-transit netmail, even when private-flagged.

    Just use netmail via gpg, and everything's secure.

    You mean PGP? Or am I missing something?

    For the record, decent people handle in-transit netmail in a decent way and pass it on to the next station without reading ... I do it like that, Bjorn does it like that, Michiel does it like that, others as well ...

    \%/@rd

    --- D'Bridge 3.99 SR41
    * Origin: Ceci n'est pas un courriel (2:292/854)
  • From Andrew Leary@1:320/219 to Ward Dossche on Wednesday, February 06, 2019 19:23:30
    Hello Ward!

    07 Feb 19 00:19, you wrote to Gerrit Kuehn:

    Just use netmail via gpg, and everything's secure.

    You mean PGP? Or am I missing something?

    GPG is the Linux version; it stands for GNU Privacy Guard.

    For the record, decent people handle in-transit netmail in a decent
    way and pass it on to the next station without reading ... I do it
    like that, Bjorn does it like that, Michiel does it like that, others
    as well ...

    MBSE on my Linux system doesn't even put in-transit netmail into the local messagebase; the messages are written directly to the outbound packets. On my old OS/2 system, the messages are in the local netmail area for a few seconds while OT/Track runs, and then are packed for the next link in the chain and removed from the netmail area. I would have to seriously work at it to intercept and read in-transit netmail. Quite frankly, I have much better things to do than read others' netmail.

    Andrew

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: Phoenix BBS * phoenix.bnbbbs.net (1:320/219)
  • From Kurt Weiske@1:218/700 to Ward Dossche on Thursday, February 07, 2019 07:05:34
    Re: Re: Comment 1/20/2019 8:14 PM.
    By: Ward Dossche to Gerrit Kuehn on Thu Feb 07 2019 12:19 am

    For the record, decent people handle in-transit netmail in a decent way and pass it on to the next station without reading ... I do it like that, Bjorn does it like that, Michiel does it like that, others as well ...

    Decent people, you mean people with lives away from the keyboard? All my in-transit netmail is passed on and gone from my system as soon as it arrives. --- SBBSecho 3.06-Win32
    * Origin: http://realitycheckbbs.org | tomorrow's retro tech (1:218/700)
  • From Gerrit Kuehn@2:240/12 to Ward Dossche on Thursday, February 07, 2019 17:29:50
    Hello Ward!

    07 Feb 19 00:19, Ward Dossche wrote to Gerrit Kuehn:


    That's a very insecure method if it goes routed as several main
    mail-moving individuals here have made it no secret they are
    reading in-transit netmail, even when private-flagged.

    Just use netmail via gpg, and everything's secure.

    You mean PGP?

    No, I mean gpg.

    Or am I missing something?

    You could try Google or Wikipedia to find out.

    For the record, decent people handle in-transit netmail in a decent
    way and pass it on to the next station without reading ... I do it
    like that, Bjorn does it like that, Michiel does it like that, others
    as well ...

    That's the benefit of encryption: you don't have to rely on these "very insecure" personal commitments of anyone.


    Regards,
    Gerrit

    ... 5:29PM up 38 days, 19:25, 7 users, load averages: 0.15, 0.15, 0.13

    --- Msged/BSD 6.1.2
    * Origin: We are a nation of innovations (2:240/12)
  • From Ward Dossche@2:292/854 to Kurt Weiske on Thursday, February 07, 2019 21:07:08
    Decent people, you mean people with lives away from the keyboard? All my in-transit netmail is passed on and gone from my system as soon as it arrives.

    Way to go !!

    \%/@rd

    --- D'Bridge 3.99 SR41
    * Origin: Ceci n'est pas un courriel (2:292/854)
  • From Ward Dossche@2:292/854 to Andrew Leary on Thursday, February 07, 2019 21:08:11
    I would have to seriously work at it to
    intercept and read in-transit netmail. Quite frankly, I have much better things to do than read others' netmail.

    Way to go 2. 8-)

    \%/@rd

    --- D'Bridge 3.99 SR41
    * Origin: Ceci n'est pas un courriel (2:292/854)
  • From Gerrit Kuehn@2:240/12 to Andrew Leary on Friday, February 08, 2019 19:04:10
    Hello Andrew!

    06 Feb 19 19:23, Andrew Leary wrote to Ward Dossche:


    GPG is the Linux version;

    Not quite. GPG ist a free implementation of the OpenPGP-Standard (according to RFC 4880). It is available for many platforms, including (but not limited to) Linux, various flavours of *ix, Windows, and MacOS.


    Regards,
    Gerrit

    ... 7:04PM up 39 days, 21 hrs, 7 users, load averages: 0.23, 0.22, 0.17

    --- Msged/BSD 6.1.2
    * Origin: And the pastiche we've invented (2:240/12)
  • From Ozz Nixon@1:275/362 to Gerrit Kuehn on Friday, February 08, 2019 21:46:48
    Hello Gerrit.

    08 Feb 19 19:04, you wrote to Andrew Leary:


    GPG is the Linux version;

    Not quite. GPG ist a free implementation of the OpenPGP-Standard (according to RFC 4880). It is available for many platforms, including

    * It is actually a lot older than that... the original author of PGP ran into all kinds of legal problems with his level of security - NSA could no longer monitor communications on BBS, and the few using it in the 93-95 era of email.

    * To circumvent some of his issues with laws, he released GPG as an open source
    *compatible* solution. IDEA encryption was beyond what NSA could reverse. Like
    most *fluff* on the Internet, this was early 90's stuff re-written in the past
    decade to make it sound more politically biased/oriented. However, I was involved as I ported my first BBSes in 1992 to PPP for global communications. A
    decade later, I got involved in law enforcement software development for HLS and other US abbreviations.

    Ozz

    --- FMail-W32 2.0.1.4
    * Origin: Richmond VA (RVA) Fidonet Support (1:275/362)
  • From Gerrit Kuehn@2:240/12 to Ozz Nixon on Saturday, February 09, 2019 10:53:08
    Hello Ozz!

    08 Feb 19 21:46, Ozz Nixon wrote to Gerrit Kuehn:

    GPG is the Linux version;

    Not quite. GPG ist a free implementation of the OpenPGP-Standard
    (according to RFC 4880). It is available for many platforms,
    including

    * It is actually a lot older than that...

    PGP is a lot older, but not GPG (that we were talking about).

    the original author of PGP
    ran into all kinds of legal problems with his level of security - NSA could no longer monitor communications on BBS, and the few using it
    in the 93-95 era of email.

    I know, I was around then, using an "international" version hacked by Stale Schumacher from Sweden (afacr) that could do 2k keys already at that time.

    * To circumvent some of his issues with laws, he released GPG as an
    open source *compatible* solution.

    Nope. He did not release GPG. GPG is the GNU Privacy Guard, part of the GNU Project, and has received major funding from the German government, initially developed by Werner Koch, first released in 1997. The original author of PGP was Phil Zimmermann, first release was in 1991.


    Regards,
    Gerrit

    ... 10:53AM up 40 days, 12:49, 7 users, load averages: 0.06, 0.14, 0.10

    --- Msged/BSD 6.1.2
    * Origin: We are the second generation (2:240/12)
  • From BOB ACKLEY@1:123/140 to OZZ NIXON on Saturday, February 09, 2019 13:44:24
    Hello Gerrit.

    08 Feb 19 19:04, you wrote to Andrew Leary:


    GPG is the Linux version;

    Not quite. GPG ist a free implementation of the OpenPGP-Standard (according to RFC 4880). It is available for many platforms,
    including

    * It is actually a lot older than that... the original author of PGP
    ran into
    all kinds of legal problems with his level of security - NSA could no
    longer
    monitor communications on BBS, and the few using it in the 93-95 era of
    email.

    * To circumvent some of his issues with laws, he released GPG as an
    open source
    *compatible* solution. IDEA encryption was beyond what NSA could
    reverse. Like
    most *fluff* on the Internet, this was early 90's stuff re-written in
    the past
    decade to make it sound more politically biased/oriented. However, I
    was
    involved as I ported my first BBSes in 1992 to PPP for global
    communications. A
    decade later, I got involved in law enforcement software development
    for HLS
    and other US abbreviations.

    The government finally took PGP away from Zimmerman and gave it to RSA Associates, which is in bed with NSA. Any versions of PGP subsequent to
    3.0 undoubtedly have 'back doors' in them
    --- Platinum Xpress/Win/WINServer v3.0pr5
    * Origin: Fido Since 1991 | QWK by Web | BBS.FIDOSYSOP.ORG (1:123/140)