LE> * Fidonet technology is insecure. It is easy for any individual to simulate
LE>   routing and program control information and, by duplicating the style and
LE>   form of another person's messages, create fraudulent statements which 
LE> appear
LE>   to originate from the second party. All that is required is access to the
LE>   correct software, which is freely available for public download from many
LE>   BBSs, including my own.

You can only forge control information at your system, it will
be legitimate after that, and most likely stick out like dogs
balls.  E.g., how many nodes do you think you can add in the
path of your messages in this echo without anyone being suspicious?  
ie, how many downlinks do you have?  The chances are that you are
like me, and the answer is 0.  And since that only leaves hubs etc,
I think you'll find that they would be caught out pretty quick too.
And the chances of a hub using their own system to simulate that
sort of thing is bugger-all.

LE> * Even given a proven link, the password access systems used in 
LE> Fidonet-style
LE>   bulletin boards such as my own are such that it is still easy for an
LE>   unauthorized person to create and post fraudulent messages purporting to
LE>   originate from another party. Message-by-message logs are NOT retained. 
LE> My
LE>   own system, for example, deletes session logs automatically each week.

You toss mail from insecure sessions?  You're mad if you do.  If
anyone sends me mail, none of it gets processed until I manually
process it, and I can watch where the mail goes to make sure there's
nothing except a little bit of netmail going through.  BFN.  Paul.
@EOT:

---