-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>> There are 2.5 current independent forum systems in the wild. FMS,
>>> Freetalk and Frost. They work well. (FMS the best. /me ducks/ :).
>>
>> I looked at it but I find it a little tricky: it seems it not only
>> downloads the headers of the postings but the content as well. That way it
>> also downloads all kinds of kiddy porn which, of course, I don't want to
>> have.
>
> Not true. At worst it downloads messages containing links to all kinds of
> evil content - if said messages are posted by people who are visible on your
> WoT. (I.e. have positive message trust).
>
> HOWEVER, Frost DOES at least potentially download actual evil content: an
> anonymous spammer can force all Frost users subscribed to a board to download
> any CHKs he wants. Frost is seriously broken.
Not strictly true. If we are talking about US/Britain then text story can be
classified as 'child pornography' (or 'kiddy porn' as it was called above). As
such any software that is used to communicate can be forced to download child
pornography without your knowledge. In fact the very e-mail client you are using
can be abused in such a way. Imagine the scenario where somebody signs up to
this e-mail list and posts pornographic story involving somebody who can be
argued to be under the age of 18, your client will download this (it has no way
to contact a lawyer before downloading each message).
Frost currently uses an old system (that is going to change) which does allow an
attacker to post small bits of any files as a message. Theoretically you will be
downloading, although frost won't recognise such file as a valid message in the
end. That was one of the ways that attacks were done on Frost. The intention
currently seems to be to allow frost to communicate via Freetalk mechanisms.
- Volodya
- --
http://freedom.libsyn.com/ Echo of Freedom, Radical Podcast
"None of us are free until all of us are free." ~ Mihail Bakunin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNYhYQAAoJENW9VI+wmYasJicH/0l46+5e7F2Ai1aHkVqDIycp
lC9pfGW1/JaGoGikkXQ+IeCLuQgmfwKl27JSlUOd2Wyxp8V9hSmd+ndEr136Jgbt
nQ0/7UVYx0NK3sK8M6xj12fXsH4GZYqNggzo0CtNdrhq5SK8G/y/xBC2mY1WcueR
+GtO55yQc4tYEaiX9oAPHrb2x9M3/lKZSDqXb3KqS15sxYHE5ALwgfLx70Enq9A2
Tflb1NJxifuDr9aAlGKZi9HqpeEV6CBA5gtX9YlY6Z1xc5XByrYvDNmqvsYYIo7m
2I0XgxcpVIFgcW6xYoCiOXcq5G579t2wzTk2ysLjBMuWrM/+VFOQXgNETJIf2Cc=
=n/Dt
-----END PGP SIGNATURE-----
_______________________________________________
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
