Another bug: 14 aliases deleted w/o warning.

Discussion in 'Computer Security' started by Chief Thracian Usenet, Jul 24, 2004.

  1. I had 39 aliases listed with my account...some of which were
    just subscription addies to different lists. Since most of my
    subscription addresses were not for list where I could respond, I
    decided to unclutter my alias list by deleting them. (Since the cotse.
    net mail server doesn't *care what sort of alias I use, it's wide open
    to *any mail to me that I don't even have listed...I figured I'd take
    advantage of this security breach, and make it work for me in some way.)

    (Of course, I keep a separate list of *all my aliases in a text file, in
    order to keep track of what addies *I created, vs. what addies some
    spammers might come up with, to take advantage of's security

    So, after deleting my fifth trivial aliases, and the alias page
    reloaded..guess what? All remaining aliases the *were listed under the
    last one I deleted, were GONE, GONE, GONE. This included *seven
    non-trivial aliases that I never wanted to delete!

    Exiting my account and relogging back in, did *not clear up the problem.
    ..thus, this is yet one *more glitch I've inadvertently discovered.


    Keep a separate text file of *all aliases you use, on your hard drive.
    There is not telling *when you'll wind up losing any aliases you've
    registered in your account.

    No wonder apologists prefer me to post my queries to either
    the helpdesk or chat posting in newsgroups puts any reports
    probable glitches on public record! This obviously includes those
    glitches which admins (and owner) already *know about, but do
    not care to admit.

    As for *another apologist who said I'd make a good beta tester because I
    test unusual situations: well...none of the things I've done on cotse.
    net are out of the range of *normal usage for an active subscriber. I
    did *not go out of my way to discover *any glitches, I just simply began
    using and learning about the standard features that most subscribers
    would enjoy using.

    My conclusion: is filled with unreported glitches...some of
    which may compromise a user's security, as well as erase one's settings
    in some sections (such as the alias list), and unduly inconvenience
    subscribers who put their trust in a service that is *supposed to
    specialize in security.

    What a hoot! Now, here come the apologists who, at last count, starting
    using cuss words and covering up for their "leader", rather than face
    the truth (which is the first step towards improving security and user

    I never expected to post to alt.cotse again...but this is just
    ridiculous, to have a large chunk of my aliases peremptorally erased,
    just because I wanted to delete about 10 (of my 39). So, for the sake of
    the *decent subscribers who think is "all that", I say:

    Caveat emptor.

    If I stumble upon any other glitches, I'll surely report them here...but
    don't expect me to participate in any thread, due to certain hostile
    participants, including the owner himself.

    I can't imagine what *other glitches I'll discover, as I learn more
    about this flakey service...but I'm *sure I'll find 'em...without *ever
    having to perform other-than-usual tasks provided by

    P.S.: Besides poor response time (if *any) via helpdesk, I find that the
    IRC online help can often be useless. The one client I subscribed to, had trouble setting up the stunnel.conf. He went to IRC and
    asked them is his settings were correct...they only asked to see the
    "connect" and "accept" settings.

    They told him to change this:

    accept =

    To this:

    accept =

    Okay, so he did that. Now, please realize that's own *help
    file says to use 8082, which is what my client did. See:

    But after making that change, he *still couldn't get on. So when I
    called him later, he told me he still couldn't connect via cotse's
    proxy. So I dropped over and discovered the *real problem:

    He had set the "CAfile" path to the executable "stunnel-4.05.exe",
    instead of to the certificate "cotse-stunnel.pem". (The path itself was
    otherwise correct.)

    Now, why didn't the IRC helper ask to go through the settings in
    "stunnel.conf", in the first place? There are only six to deal with, and
    all simple to see whether or not they're correct...and if not correct,
    easy to make the proper change.

    IRC online help is mediocre at best; so is the helpdesk e-mail; so is
    the security; so is the e-mail service, as I've recently learned. What a

    I can't fine *any reviews or discussions re., either through
    search engines, or usenet searches. I'd think that a quality service
    would have *much discussion and favorable reviews, easily found on the
    'net. But not the case with Their claim that "no service
    provides more privacy protection than we do," is untrue. They've simply
    cobbled together various features into an appealing package which, under
    the surface, is extraordinarily flakey.

    One can cobble together's one's *own quality security, with some basic
    hacker and security knowledge...using proxomitron,

    contantly updated anonymous proxy list,

    non-IE browser, such as Mozilla's Firefox,

    or Opera,

    w/high security browser settings (various Mozilla & Opera sites and
    newsgroups will keep you updated re. security and privacy. Too many to
    menition here, and easy to find on your own).

    quality antivirus program,

    firewall protection,

    and a secure e-mail service:

    All of these can be accomplished via freeware. (The services/products I
    just listed are *all free for personal use.)

    And I'm *sure there are other low-cost security "complete" package
    services out there, that *do maintain a well-run and minimally-glitchy
    system, unlike

    Setting up your own free security system is *not that difficult, even
    for non-geeks. The learning curve is *not that long, and well worth the
    education. Most people are *so busy, that they prefer to pay for
    packaged services...which often wind up taking advantage of one's
    naiveness about computer/Internet operations, by providing substandard
    service, including when it comes to security. Microsoft's success in
    utilizing dishonest business practices (and their mere wrist-slap in
    court) has propelled *many online services to follow suit. I see *some
    of that being applied to the operations of, among others.

    In closing: it was never my intent to seek out problems or be a
    whistle-blower on I rightfully assumed it was a reliable
    security service. But as things have turned out, I *have become a
    whistle blower...and thus accept this role without griping. For what I
    have learned is nonetheless of value, and will be part of my own *free
    security package I'll provide to our hacktivist community, in the great
    open-source/freeware tradition.

    P.S.: The author of Proxomitron--a great freeware online security
    program that surpasses any other--has recently passed away. Truly a
    great loss to the hacker world, and to democracy at large. Not to
    mention his family, friends, and associates...he was still young. He was
    Scott R. Lemmon.
    Chief Thracian Usenet, Jul 24, 2004
    1. Advertisements

  2. Chief Thracian Usenet

    [ Doc Jeff ] Guest

    My goodness but that's a lot...
    It is not a security breach. It is user ignorance. You were told ad nauseum
    how to fix it to your liking but you obviously have chosen not to. Please
    don't make me gnaw your face off for this. Learn to use the goldlist
    feature. It's not so hard. Come into the helpdesk and I'll even go through
    it with you bit by bit. But please stop with the snide comments w/ respect
    to security breaches.
    You're really getting on my nerves now. Stop that.

    It's ALWAYS a good idea to make a backup of anything you do.
    You deleted an alias that had sub-aliases (for want of a better term)?
    Did you think that you could delete the parent without also removing the
    It sounds like user error to me. I'm sorry if you wind up taking this the
    wrong way but you are really ignorant of how things work at Cotse. It's not
    a bad thing for that to be the case but you are using your ignorance to
    make others wary - this is called the "chicken little" effect - the sky is
    NOT falling and if you'd pay attention to what you're told, you would see
    Please don't do that. Such warnings should only come from Steve Gielda.
    I agree with that part. You should *always* keep backups. You never know
    what could happen - nuclear war, an act of usenet terrorism... anything.
    I am nobody's apologist, bub. Displaying your ignorance of how Cotse works
    here, the "chicken little" effect I just spoke about, and your seeming lack
    of understanding what you are told is only making you look like a typical
    kook or troll.
    These "glitches" you speak of are merely your own ignorance as to how
    things work. I don't blame you for being ignorant but I do think you could
    find a better way to express it than this confrontational crap here.
    (sigh) Hello, McFly... anyone in there?
    YOU erased them! Nobody did it for you, YOU did it. Blaming Cotse for
    erasing them is like blaming your underwear for having a hole. You created
    the crap (or in this case deleted it) so YOU are responsible...
    That's good advice in any case.
    The local port doesn't matter at all. You could use if you
    chose to do so.
    You do realise that the online (IRC) help is staffed by volunteers, don't
    you. People who are, you know, actually human? People who can make a
    mistake once in awhile... Jeez. Step off already.
    Cotse has always gone by word of mouth. That's how I found out about it.
    I've had my account close to two years and have yet to have a single issue
    that couldn't be fixed either through my own study or help sought from the
    helpdesk. That's why I volunteer my time in there.
    You just try to find ONE place (or using your own means) to get the same
    quality filters (for one thing) that Cotse has. I know how hard it is
    because I've tried.
    Didn't that become a dead product?
    Remind me sometime to show you about your quality firewall there... Try
    Outpost instead or Tiny...
    Which requires Java to use... very secure when they can see what you're
    doing... Tsk.
    Then may I invite you to go use them and stop bothering Cotse's customers


    Doc - a really nice guy that looks like a Harley-riding axe murderer
    Member of the Cabal

    Dealing with life, one hug and one virtual sister at a time -or- - Use it, you know you want to.
    If you're too scared to go look for yourself, ask me
    [ Doc Jeff ], Jul 24, 2004
    1. Advertisements

  3. Chief Thracian Usenet said
    Why don't you just dump COTSE and move on?

    What's is your motivation for keeping a subscription?
    Homer.Simpson, Jul 24, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.