Another cotse.net bug: 14 aliases deleted w/o warning.

Discussion in 'Computer Security' started by Chief Thracian Usenet, Jul 24, 2004.

  1. I had 39 aliases listed with my cotse.net account...some of which were
    just subscription addies to different lists. Since most of my
    subscription addresses were not for list where I could respond, I
    decided to unclutter my alias list by deleting them. (Since the cotse.
    net mail server doesn't *care what sort of alias I use, it's wide open
    to *any mail to me that I don't even have listed...I figured I'd take
    advantage of this security breach, and make it work for me in some way.)

    (Of course, I keep a separate list of *all my aliases in a text file, in
    order to keep track of what addies *I created, vs. what addies some
    spammers might come up with, to take advantage of cotse.net's security
    breach.)

    So, after deleting my fifth trivial aliases, and the alias page
    reloaded..guess what? All remaining aliases the *were listed under the
    last one I deleted, were GONE, GONE, GONE. This included *seven
    non-trivial aliases that I never wanted to delete!

    Exiting my account and relogging back in, did *not clear up the problem.
    ..thus, this is yet one *more glitch I've inadvertently discovered.

    So, WARNING TO ALL COTSE.NET USERS:

    Keep a separate text file of *all aliases you use, on your hard drive.
    There is not telling *when you'll wind up losing any aliases you've
    registered in your account.

    No wonder cotse.net apologists prefer me to post my queries to either
    the helpdesk or chat help...as posting in newsgroups puts any reports
    probable glitches on public record! This obviously includes those
    glitches which cotse.net admins (and owner) already *know about, but do
    not care to admit.

    As for *another apologist who said I'd make a good beta tester because I
    test unusual situations: well...none of the things I've done on cotse.
    net are out of the range of *normal usage for an active subscriber. I
    did *not go out of my way to discover *any glitches, I just simply began
    using and learning about the standard features that most subscribers
    would enjoy using.

    My conclusion: cotse.net is filled with unreported glitches...some of
    which may compromise a user's security, as well as erase one's settings
    in some sections (such as the alias list), and unduly inconvenience
    subscribers who put their trust in a service that is *supposed to
    specialize in security.

    What a hoot! Now, here come the apologists who, at last count, starting
    using cuss words and covering up for their "leader", rather than face
    the truth (which is the first step towards improving security and user
    accommodation).

    I never expected to post to alt.cotse again...but this is just
    ridiculous, to have a large chunk of my aliases peremptorally erased,
    just because I wanted to delete about 10 (of my 39). So, for the sake of
    the *decent subscribers who think cotse.net is "all that", I say:

    Caveat emptor.

    If I stumble upon any other glitches, I'll surely report them here...but
    don't expect me to participate in any thread, due to certain hostile
    participants, including the owner himself.

    I can't imagine what *other glitches I'll discover, as I learn more
    about this flakey service...but I'm *sure I'll find 'em...without *ever
    having to perform other-than-usual tasks provided by cotse.net.

    P.S.: Besides poor response time (if *any) via helpdesk, I find that the
    IRC online help can often be useless. The one client I subscribed to
    cotse.net, had trouble setting up the stunnel.conf. He went to IRC and
    asked them is his settings were correct...they only asked to see the
    "connect" and "accept" settings.

    They told him to change this:

    accept = 127.0.0.1:8082

    To this:

    accept = 127.0.0.1:8081

    Okay, so he did that. Now, please realize that cotse.net's own *help
    file says to use 8082, which is what my client did. See:

    https://www.cotse.net/support/stunnel.html

    But after making that change, he *still couldn't get on. So when I
    called him later, he told me he still couldn't connect via cotse's
    proxy. So I dropped over and discovered the *real problem:

    He had set the "CAfile" path to the executable "stunnel-4.05.exe",
    instead of to the certificate "cotse-stunnel.pem". (The path itself was
    otherwise correct.)

    Now, why didn't the IRC helper ask to go through the settings in
    "stunnel.conf", in the first place? There are only six to deal with, and
    all simple to see whether or not they're correct...and if not correct,
    easy to make the proper change.

    IRC online help is mediocre at best; so is the helpdesk e-mail; so is
    the security; so is the e-mail service, as I've recently learned. What a
    shame!

    I can't fine *any reviews or discussions re. cotse.net, either through
    search engines, or usenet searches. I'd think that a quality service
    would have *much discussion and favorable reviews, easily found on the
    'net. But not the case with cotse.net. Their claim that "no service
    provides more privacy protection than we do," is untrue. They've simply
    cobbled together various features into an appealing package which, under
    the surface, is extraordinarily flakey.

    One can cobble together's one's *own quality security, with some basic
    hacker and security knowledge...using proxomitron,

    http://www.proxomitron.info/

    contantly updated anonymous proxy list,

    http://www.cybersyndrome.net/pla.html

    non-IE browser, such as Mozilla's Firefox,

    http://www.mozilla.org/

    or Opera,

    http://www.opera.com

    w/high security browser settings (various Mozilla & Opera sites and
    newsgroups will keep you updated re. security and privacy. Too many to
    menition here, and easy to find on your own).

    quality antivirus program,

    http://www.grisoft.com/

    firewall protection,

    http://www.zonelabs.com/

    and a secure e-mail service:

    http://www.hushmail.com/

    All of these can be accomplished via freeware. (The services/products I
    just listed are *all free for personal use.)

    And I'm *sure there are other low-cost security "complete" package
    services out there, that *do maintain a well-run and minimally-glitchy
    system, unlike cotse.net.

    Setting up your own free security system is *not that difficult, even
    for non-geeks. The learning curve is *not that long, and well worth the
    education. Most people are *so busy, that they prefer to pay for
    packaged services...which often wind up taking advantage of one's
    naiveness about computer/Internet operations, by providing substandard
    service, including when it comes to security. Microsoft's success in
    utilizing dishonest business practices (and their mere wrist-slap in
    court) has propelled *many online services to follow suit. I see *some
    of that being applied to the operations of cotse.net, among others.

    In closing: it was never my intent to seek out problems or be a
    whistle-blower on cotse.net. I rightfully assumed it was a reliable
    security service. But as things have turned out, I *have become a
    whistle blower...and thus accept this role without griping. For what I
    have learned is nonetheless of value, and will be part of my own *free
    security package I'll provide to our hacktivist community, in the great
    open-source/freeware tradition.

    P.S.: The author of Proxomitron--a great freeware online security
    program that surpasses any other--has recently passed away. Truly a
    great loss to the hacker world, and to democracy at large. Not to
    mention his family, friends, and associates...he was still young. He was
    Scott R. Lemmon.

    --
    "A government is only as good as its operating system."
    - Mighty Mouse Virus
    www.gay-bible.org/write/3_security.htm
     
    Chief Thracian Usenet, Jul 24, 2004
    #1
    1. Advertising

  2. Chief Thracian Usenet

    [ Doc Jeff ] Guest

    "Chief Thracian Usenet" <> wrote
    in
    news:dXNlcjAwMDA=:

    > I had 39 aliases listed with my cotse.net account...some of which were
    > just subscription addies to different lists.


    My goodness but that's a lot...

    > (Since the cotse.net mail server doesn't *care what sort of alias I use,
    > it's wide open to *any mail to me that I don't even have listed...I
    > figured I'd take advantage of this security breach, and make it work for
    > me in some way.)


    It is not a security breach. It is user ignorance. You were told ad nauseum
    how to fix it to your liking but you obviously have chosen not to. Please
    don't make me gnaw your face off for this. Learn to use the goldlist
    feature. It's not so hard. Come into the helpdesk and I'll even go through
    it with you bit by bit. But please stop with the snide comments w/ respect
    to security breaches.

    > (Of course, I keep a separate list of *all my aliases in a text file, in
    > order to keep track of what addies *I created, vs. what addies some
    > spammers might come up with, to take advantage of cotse.net's security
    > breach.)


    You're really getting on my nerves now. Stop that.

    It's ALWAYS a good idea to make a backup of anything you do.

    > So, after deleting my fifth trivial aliases, and the alias page
    > reloaded..guess what? All remaining aliases the *were listed under the
    > last one I deleted, were GONE, GONE, GONE. This included *seven
    > non-trivial aliases that I never wanted to delete!


    You deleted an alias that had sub-aliases (for want of a better term)?
    Did you think that you could delete the parent without also removing the
    children?

    > Exiting my account and relogging back in, did *not clear up the problem.
    > .thus, this is yet one *more glitch I've inadvertently discovered.


    It sounds like user error to me. I'm sorry if you wind up taking this the
    wrong way but you are really ignorant of how things work at Cotse. It's not
    a bad thing for that to be the case but you are using your ignorance to
    make others wary - this is called the "chicken little" effect - the sky is
    NOT falling and if you'd pay attention to what you're told, you would see
    this.

    > So, WARNING TO ALL COTSE.NET USERS:


    Please don't do that. Such warnings should only come from Steve Gielda.

    > Keep a separate text file of *all aliases you use, on your hard drive.
    > There is not telling *when you'll wind up losing any aliases you've
    > registered in your account.


    I agree with that part. You should *always* keep backups. You never know
    what could happen - nuclear war, an act of usenet terrorism... anything.

    > No wonder cotse.net apologists prefer me to post my queries to either
    > the helpdesk or chat help...as posting in newsgroups puts any reports
    > probable glitches on public record! This obviously includes those
    > glitches which cotse.net admins (and owner) already *know about, but do
    > not care to admit.


    I am nobody's apologist, bub. Displaying your ignorance of how Cotse works
    here, the "chicken little" effect I just spoke about, and your seeming lack
    of understanding what you are told is only making you look like a typical
    kook or troll.

    > As for *another apologist who said I'd make a good beta tester because I
    > test unusual situations: well...none of the things I've done on cotse.
    > net are out of the range of *normal usage for an active subscriber. I
    > did *not go out of my way to discover *any glitches, I just simply began
    > using and learning about the standard features that most subscribers
    > would enjoy using.


    These "glitches" you speak of are merely your own ignorance as to how
    things work. I don't blame you for being ignorant but I do think you could
    find a better way to express it than this confrontational crap here.

    > My conclusion: cotse.net is filled with unreported glitches...some of
    > which may compromise a user's security, as well as erase one's settings
    > in some sections (such as the alias list), and unduly inconvenience
    > subscribers who put their trust in a service that is *supposed to
    > specialize in security.


    (sigh) Hello, McFly... anyone in there?

    > I never expected to post to alt.cotse again...but this is just
    > ridiculous, to have a large chunk of my aliases peremptorally erased,


    YOU erased them! Nobody did it for you, YOU did it. Blaming Cotse for
    erasing them is like blaming your underwear for having a hole. You created
    the crap (or in this case deleted it) so YOU are responsible...

    > Caveat emptor.


    That's good advice in any case.

    > P.S.: Besides poor response time (if *any) via helpdesk, I find that the
    > IRC online help can often be useless. The one client I subscribed to
    > cotse.net, had trouble setting up the stunnel.conf. He went to IRC and
    > asked them is his settings were correct...they only asked to see the
    > "connect" and "accept" settings.
    >
    > They told him to change this:
    >
    > accept = 127.0.0.1:8082
    >
    > To this:
    >
    > accept = 127.0.0.1:8081


    The local port doesn't matter at all. You could use 127.0.0.1:60000 if you
    chose to do so.

    > Now, why didn't the IRC helper ask to go through the settings in
    > "stunnel.conf", in the first place? There are only six to deal with, and
    > all simple to see whether or not they're correct...and if not correct,
    > easy to make the proper change.


    You do realise that the online (IRC) help is staffed by volunteers, don't
    you. People who are, you know, actually human? People who can make a
    mistake once in awhile... Jeez. Step off already.

    > I can't fine *any reviews or discussions re. cotse.net, either through
    > search engines, or usenet searches. I'd think that a quality service
    > would have *much discussion and favorable reviews, easily found on the
    > 'net. But not the case with cotse.net. Their claim that "no service
    > provides more privacy protection than we do," is untrue. They've simply
    > cobbled together various features into an appealing package which, under
    > the surface, is extraordinarily flakey.


    Cotse has always gone by word of mouth. That's how I found out about it.
    I've had my account close to two years and have yet to have a single issue
    that couldn't be fixed either through my own study or help sought from the
    helpdesk. That's why I volunteer my time in there.

    > One can cobble together's one's *own quality security, with some basic
    > hacker and security knowledge...using proxomitron,


    You just try to find ONE place (or using your own means) to get the same
    quality filters (for one thing) that Cotse has. I know how hard it is
    because I've tried.

    > http://www.proxomitron.info/


    Didn't that become a dead product?

    > firewall protection,
    >
    > http://www.zonelabs.com/


    Remind me sometime to show you about your quality firewall there... Try
    Outpost instead or Tiny...

    > http://www.hushmail.com/


    Which requires Java to use... very secure when they can see what you're
    doing... Tsk.

    > All of these can be accomplished via freeware. (The services/products I
    > just listed are *all free for personal use.)


    Then may I invite you to go use them and stop bothering Cotse's customers
    here?


    --

    Doc - a really nice guy that looks like a Harley-riding axe murderer
    Member of the Cabal

    Dealing with life, one hug and one virtual sister at a time

    irc2.peacefulhaven.net -or- http://www.peacefulhaven.net

    http://www.cotse.net - Use it, you know you want to.
    If you're too scared to go look for yourself, ask me
     
    [ Doc Jeff ], Jul 24, 2004
    #2
    1. Advertising

  3. Chief Thracian Usenet said

    > I had 39 aliases listed with my cotse.net account...some of which were


    Why don't you just dump COTSE and move on?

    What's is your motivation for keeping a subscription?


    --
    99 percent of lawyers give the rest a bad name.
     
    Homer.Simpson, Jul 24, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. timbo

    thunderbird 0.9 aliases

    timbo, Dec 6, 2004, in forum: Firefox
    Replies:
    2
    Views:
    493
    timbo
    Dec 7, 2004
  2. Tarapia Tapioco

    Re: Another cotse.net bug: 14 aliases deleted w/o warning.

    Tarapia Tapioco, Jul 24, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    463
    Tarapia Tapioco
    Jul 24, 2004
  3. Chief Thracian Usenet

    Re: Another cotse.net bug: 14 aliases deleted w/o warning.

    Chief Thracian Usenet, Jul 24, 2004, in forum: Computer Security
    Replies:
    4
    Views:
    580
    Anonymous
    Jul 26, 2004
  4. Replies:
    2
    Views:
    543
  5. BSM

    Internet Aliases

    BSM, Aug 3, 2006, in forum: Computer Support
    Replies:
    6
    Views:
    427
    Blinky the Shark
    Aug 4, 2006
Loading...

Share This Page