0003099RISK 
880324
cliff@Csa5.LBL.Gov (Cliff Stoll)
RISKS of using the "AT&T Public Phone Plus":   April Fool's warning from Usenet

Date:     Thu, 31 Mar 88 12:17:48 PST
From: cliff@Csa5.LBL.Gov (Cliff Stoll)
Subject:  April Fool's warning from Usenet

Here's the warning from USENET's  news.announce.important:

From: spaf@cs.purdue.EDU (Gene Spafford)
Subject: Warning: April Fools Time again (forged messages on the loose!)
Date: 1 Apr 88 00:00:00 GMT
Organization: Dept. of Computer Sciences, Purdue Univ.

Warning: April 1 is rapidly approaching, and with it comes a USENET
tradition. On April Fools day comes a series of forged, tongue-in-cheek
messages, either from non-existent sites or using the name of a Well Known
USENET person. In general, these messages are harmless and meant as a joke,
and people who respond to these messages without thinking, either by flaming
or otherwise responding, generally end up looking rather silly when the
forgery is exposed.

So, for the next couple of weeks, if you see a message that seems completely
out of line or is otherwise unusual, think twice before posting a followup
or responding to it; it's very likely a forgery.

There are a few ways of checking to see if a message is a forgery. These
aren't foolproof, but since most forgery posters want people to figure it
out, they will allow you to track down the vast majority of forgeries:

        o Russian computers. For historic reasons most forged messages have
          as part of their Path: a non-existent (we think!) russian
          computer, either kremvax or moscvax. Other possibilities are
          nsacyber or wobegon. Please note, however, that walldrug is a real
          site and isn't a forgery.

        o Posted dates. Almost invariably, the date of the posting is forged
          to be April 1.

        o Funky Message-ID. Subtle hints are often lodged into the
          Message-Id, as that field is more or less an unparsed text string
          and can contain random information. Common values include pi,
          the phone number of the red phone in the white house, and the
          name of the forger's parrot.

        o subtle mispellings. Look for subtle misspellings of the host names
          in the Path: field when a message is forged in the name of a Big
          Name USENET person. This is done so that the person being forged
          actually gets a chance to see the message and wonder when he
          actually posted it.

Forged messages, of course, are not to be condoned. But they happen, and
it's important for people on the net not to over-react. They happen at this
time every year, and the forger generally gets [his/her] kick from watching the
novice users take the posting seriously and try to flame their tails off. If
we can keep a level head and not react to these postings, they'll taper off
rather quickly and we can return to the normal state of affairs: chaos.

Thanks for your support.                                     Gene Spafford

           [Especially if the forger is into forging Trojan horseshoes.  PGN]