Another cotse.net bug: 14 aliases deleted w/o warning.

I had 39 aliases listed with my cotse.net account...some of which were
just subscription addies to different lists. Since most of my
subscription addresses were not for list where I could respond, I
decided to unclutter my alias list by deleting them. (Since the cotse.
net mail server doesn't *care what sort of alias I use, it's wide open
to *any mail to me that I don't even have listed...I figured I'd take
advantage of this security breach, and make it work for me in some way.)

(Of course, I keep a separate list of *all my aliases in a text file, in
order to keep track of what addies *I created, vs. what addies some
spammers might come up with, to take advantage of cotse.net's security
breach.)

So, after deleting my fifth trivial aliases, and the alias page
reloaded..guess what? All remaining aliases the *were listed under the
last one I deleted, were GONE, GONE, GONE. This included *seven
non-trivial aliases that I never wanted to delete!

Exiting my account and relogging back in, did *not clear up the problem.
..thus, this is yet one *more glitch I've inadvertently discovered.

So, WARNING TO ALL COTSE.NET USERS:

Keep a separate text file of *all aliases you use, on your hard drive.
There is not telling *when you'll wind up losing any aliases you've
registered in your account.

No wonder cotse.net apologists prefer me to post my queries to either
the helpdesk or chat help...as posting in newsgroups puts any reports
probable glitches on public record! This obviously includes those
glitches which cotse.net admins (and owner) already *know about, but do
not care to admit.

As for *another apologist who said I'd make a good beta tester because I
test unusual situations: well...none of the things I've done on cotse.
net are out of the range of *normal usage for an active subscriber. I
did *not go out of my way to discover *any glitches, I just simply began
using and learning about the standard features that most subscribers
would enjoy using.

My conclusion: cotse.net is filled with unreported glitches...some of
which may compromise a user's security, as well as erase one's settings
in some sections (such as the alias list), and unduly inconvenience
subscribers who put their trust in a service that is *supposed to
specialize in security.

What a hoot! Now, here come the apologists who, at last count, starting
using cuss words and covering up for their "leader", rather than face
the truth (which is the first step towards improving security and user
accommodation).

I never expected to post to alt.cotse again...but this is just
ridiculous, to have a large chunk of my aliases peremptorally erased,
just because I wanted to delete about 10 (of my 39). So, for the sake of
the *decent subscribers who think cotse.net is "all that", I say:

Caveat emptor.

If I stumble upon any other glitches, I'll surely report them here...but
don't expect me to participate in any thread, due to certain hostile
participants, including the owner himself.

I can't imagine what *other glitches I'll discover, as I learn more
about this flakey service...but I'm *sure I'll find 'em...without *ever
having to perform other-than-usual tasks provided by cotse.net.

P.S.: Besides poor response time (if *any) via helpdesk, I find that the
IRC online help can often be useless. The one client I subscribed to
cotse.net, had trouble setting up the stunnel.conf. He went to IRC and
asked them is his settings were correct...they only asked to see the
"connect" and "accept" settings.

They told him to change this:

accept = 127.0.0.1:8082

To this:

accept = 127.0.0.1:8081

Okay, so he did that. Now, please realize that cotse.net's own *help
file says to use 8082, which is what my client did. See:

https://www.cotse.net/support/stunnel.html

But after making that change, he *still couldn't get on. So when I
called him later, he told me he still couldn't connect via cotse's
proxy. So I dropped over and discovered the *real problem:

He had set the "CAfile" path to the executable "stunnel-4.05.exe",
instead of to the certificate "cotse-stunnel.pem". (The path itself was
otherwise correct.)

Now, why didn't the IRC helper ask to go through the settings in
"stunnel.conf", in the first place? There are only six to deal with, and
all simple to see whether or not they're correct...and if not correct,
easy to make the proper change.

IRC online help is mediocre at best; so is the helpdesk e-mail; so is
the security; so is the e-mail service, as I've recently learned. What a
shame!

I can't fine *any reviews or discussions re. cotse.net, either through
search engines, or usenet searches. I'd think that a quality service
would have *much discussion and favorable reviews, easily found on the
'net. But not the case with cotse.net. Their claim that "no service
provides more privacy protection than we do," is untrue. They've simply
cobbled together various features into an appealing package which, under
the surface, is extraordinarily flakey.

One can cobble together's one's *own quality security, with some basic
hacker and security knowledge...using proxomitron,

http://www.proxomitron.info/

contantly updated anonymous proxy list,

http://www.cybersyndrome.net/pla.html

non-IE browser, such as Mozilla's Firefox,

http://www.mozilla.org/

or Opera,

http://www.opera.com

w/high security browser settings (various Mozilla & Opera sites and
newsgroups will keep you updated re. security and privacy. Too many to
menition here, and easy to find on your own).

quality antivirus program,

http://www.grisoft.com/

firewall protection,

http://www.zonelabs.com/

and a secure e-mail service:

http://www.hushmail.com/

All of these can be accomplished via freeware. (The services/products I
just listed are *all free for personal use.)

And I'm *sure there are other low-cost security "complete" package
services out there, that *do maintain a well-run and minimally-glitchy
system, unlike cotse.net.

Setting up your own free security system is *not that difficult, even
for non-geeks. The learning curve is *not that long, and well worth the
education. Most people are *so busy, that they prefer to pay for
packaged services...which often wind up taking advantage of one's
naiveness about computer/Internet operations, by providing substandard
service, including when it comes to security. Microsoft's success in
utilizing dishonest business practices (and their mere wrist-slap in
court) has propelled *many online services to follow suit. I see *some
of that being applied to the operations of cotse.net, among others.

In closing: it was never my intent to seek out problems or be a
whistle-blower on cotse.net. I rightfully assumed it was a reliable
security service. But as things have turned out, I *have become a
whistle blower...and thus accept this role without griping. For what I
have learned is nonetheless of value, and will be part of my own *free
security package I'll provide to our hacktivist community, in the great
open-source/freeware tradition.

P.S.: The author of Proxomitron--a great freeware online security
program that surpasses any other--has recently passed away. Truly a
great loss to the hacker world, and to democracy at large. Not to
mention his family, friends, and associates...he was still young. He was
Scott R. Lemmon.

--
"A government is only as good as its operating system."
- Mighty Mouse Virus
www.gay-bible.org/write/3_security.htm

Chief Thracian Usenet

"Chief Thracian Usenet" <chief_thracian-no-> wrote
in
news:dXNlcjAwMDA=.52ac62d8d5c6b69aaba28ae8eecd98f0 @1090624282.nulluser.com:

> I had 39 aliases listed with my cotse.net account...some of which were
> just subscription addies to different lists.

My goodness but that's a lot...

> (Since the cotse.net mail server doesn't *care what sort of alias I use,
> it's wide open to *any mail to me that I don't even have listed...I
> figured I'd take advantage of this security breach, and make it work for
> me in some way.)

It is not a security breach. It is user ignorance. You were told ad nauseum
how to fix it to your liking but you obviously have chosen not to. Please
don't make me gnaw your face off for this. Learn to use the goldlist
feature. It's not so hard. Come into the helpdesk and I'll even go through
it with you bit by bit. But please stop with the snide comments w/ respect
to security breaches.

> (Of course, I keep a separate list of *all my aliases in a text file, in
> order to keep track of what addies *I created, vs. what addies some
> spammers might come up with, to take advantage of cotse.net's security
> breach.)

You're really getting on my nerves now. Stop that.

It's ALWAYS a good idea to make a backup of anything you do.

> So, after deleting my fifth trivial aliases, and the alias page
> reloaded..guess what? All remaining aliases the *were listed under the
> last one I deleted, were GONE, GONE, GONE. This included *seven
> non-trivial aliases that I never wanted to delete!

You deleted an alias that had sub-aliases (for want of a better term)?
Did you think that you could delete the parent without also removing the
children?

> Exiting my account and relogging back in, did *not clear up the problem.
> .thus, this is yet one *more glitch I've inadvertently discovered.

It sounds like user error to me. I'm sorry if you wind up taking this the
wrong way but you are really ignorant of how things work at Cotse. It's not
a bad thing for that to be the case but you are using your ignorance to
make others wary - this is called the "chicken little" effect - the sky is
NOT falling and if you'd pay attention to what you're told, you would see
this.

> So, WARNING TO ALL COTSE.NET USERS:

Please don't do that. Such warnings should only come from Steve Gielda.

> Keep a separate text file of *all aliases you use, on your hard drive.
> There is not telling *when you'll wind up losing any aliases you've
> registered in your account.

I agree with that part. You should *always* keep backups. You never know
what could happen - nuclear war, an act of usenet terrorism... anything.

> No wonder cotse.net apologists prefer me to post my queries to either
> the helpdesk or chat help...as posting in newsgroups puts any reports
> probable glitches on public record! This obviously includes those
> glitches which cotse.net admins (and owner) already *know about, but do
> not care to admit.

I am nobody's apologist, bub. Displaying your ignorance of how Cotse works
here, the "chicken little" effect I just spoke about, and your seeming lack
of understanding what you are told is only making you look like a typical
kook or troll.

> As for *another apologist who said I'd make a good beta tester because I
> test unusual situations: well...none of the things I've done on cotse.
> net are out of the range of *normal usage for an active subscriber. I
> did *not go out of my way to discover *any glitches, I just simply began
> using and learning about the standard features that most subscribers
> would enjoy using.

These "glitches" you speak of are merely your own ignorance as to how
things work. I don't blame you for being ignorant but I do think you could
find a better way to express it than this confrontational crap here.

> My conclusion: cotse.net is filled with unreported glitches...some of
> which may compromise a user's security, as well as erase one's settings
> in some sections (such as the alias list), and unduly inconvenience
> subscribers who put their trust in a service that is *supposed to
> specialize in security.

(sigh) Hello, McFly... anyone in there?

> I never expected to post to alt.cotse again...but this is just
> ridiculous, to have a large chunk of my aliases peremptorally erased,

YOU erased them! Nobody did it for you, YOU did it. Blaming Cotse for
erasing them is like blaming your underwear for having a hole. You created
the crap (or in this case deleted it) so YOU are responsible...

> Caveat emptor.

That's good advice in any case.

> P.S.: Besides poor response time (if *any) via helpdesk, I find that the
> IRC online help can often be useless. The one client I subscribed to
> cotse.net, had trouble setting up the stunnel.conf. He went to IRC and
> asked them is his settings were correct...they only asked to see the
> "connect" and "accept" settings.
>
> They told him to change this:
>
> accept = 127.0.0.1:8082
>
> To this:
>
> accept = 127.0.0.1:8081

The local port doesn't matter at all. You could use 127.0.0.1:60000 if you
chose to do so.

> Now, why didn't the IRC helper ask to go through the settings in
> "stunnel.conf", in the first place? There are only six to deal with, and
> all simple to see whether or not they're correct...and if not correct,
> easy to make the proper change.

You do realise that the online (IRC) help is staffed by volunteers, don't
you. People who are, you know, actually human? People who can make a
mistake once in awhile... Jeez. Step off already.

> I can't fine *any reviews or discussions re. cotse.net, either through
> search engines, or usenet searches. I'd think that a quality service
> would have *much discussion and favorable reviews, easily found on the
> 'net. But not the case with cotse.net. Their claim that "no service
> provides more privacy protection than we do," is untrue. They've simply
> cobbled together various features into an appealing package which, under
> the surface, is extraordinarily flakey.

Cotse has always gone by word of mouth. That's how I found out about it.
I've had my account close to two years and have yet to have a single issue
that couldn't be fixed either through my own study or help sought from the
helpdesk. That's why I volunteer my time in there.

> One can cobble together's one's *own quality security, with some basic
> hacker and security knowledge...using proxomitron,

You just try to find ONE place (or using your own means) to get the same
quality filters (for one thing) that Cotse has. I know how hard it is
because I've tried.

> http://www.proxomitron.info/

Didn't that become a dead product?

> firewall protection,
>
> http://www.zonelabs.com/

Remind me sometime to show you about your quality firewall there... Try
Outpost instead or Tiny...

> http://www.hushmail.com/

Which requires Java to use... very secure when they can see what you're
doing... Tsk.

> All of these can be accomplished via freeware. (The services/products I
> just listed are *all free for personal use.)

Then may I invite you to go use them and stop bothering Cotse's customers
here?


--

Doc - a really nice guy that looks like a Harley-riding axe murderer
Member of the Cabal

Dealing with life, one hug and one virtual sister at a time

irc2.peacefulhaven.net -or- http://www.peacefulhaven.net

http://www.cotse.net - Use it, you know you want to.
If you're too scared to go look for yourself, ask me

[ Doc Jeff ]

Chief Thracian Usenet said

> I had 39 aliases listed with my cotse.net account...some of which were

Why don't you just dump COTSE and move on?

What's is your motivation for keeping a subscription?


--
99 percent of lawyers give the rest a bad name.

Homer.Simpson