CQ-Contest
[Top] [All Lists]

Re: [CQ-Contest] authentication for log submission

To: CQ Contest <cq-contest@contesting.com>
Subject: Re: [CQ-Contest] authentication for log submission
From: Zack Widup <w9sz.zack@gmail.com>
Date: Tue, 5 Jun 2012 11:21:48 -0500
List-post: <cq-contest@contesting.com">mailto:cq-contest@contesting.com>
It seems to me that a totally fabricated log would stand out when log
checking is done. If I were the contest sponsor, I'd get suspicious if the
log checking results showed 99% errors in QSO's. And the e-mail of the log
sent should have all the header info and could be checked with the person
who supposedly sent the log to verify it came from him/her. An e-mail
header contains much more information than the sender's supposed e-mail
address. An e-mail stripped of the headers would be immediately suspicious.

I guess it depends on how much the sponsor cares about investigating
suspicious logs.

73, Zack W9SZ


On Tue, Jun 5, 2012 at 10:18 AM, W0MU Mike Fatchett <w0mu@w0mu.com> wrote:

> What he is saying is that if I submit a score for W0MU, someone else can
> send another log  overwriting my original submission with some bogus
> information.
>
> You don't have to get a hold of anything.   The robot simply takes the
> log that it receives and processes it.
>
> I can change my email address and look like anyone I want.  Spammers do
> this all the time.  Obviously the IP addresses will be different.
>
> Now that it has been brought up there probably needs to be a more secure
> way to upload your logs and setup a verified identity and if a 2nd log
> were to be uploaded that you would be notified of the 2nd log and would
> need accept or verify the new log or send any further logs with the
> proper credentials for it to be accepted.
>
> I would like to hear from ARRL and CQ etc on how they handle this and if
> they think it has ever happened in the past.....
>
> Mike W0MU
>
> W0MU-1 CC Cluster w0mu.net:23 or w0mu-1.dnsdynamic.com
> Http://www.w0mu.com
>
>
> On 6/5/2012 7:36 AM, Zack Widup wrote:
> > Are you saying that someone can get hold of another station's log
> > after it has been submitted and tamper with it? If that's the case,
> > then the security needs to be placed on the computer where the logs
> > are stored by the contest sponsor.
> >
> > I don't know how e-mailed logs are handled; if someone submits a log a
> > second time, does it wipe out the earlier log stored in the sponsor's
> > files, or are both kept?
> >
> > If someone just fabricated a log, it seems it would be pretty obvious
> > on log checking.
> >
> > Also, an examination of the header of the e-mail file should show
> > where the log came from.
> >
> > 73, Zack W9SZ
> >
> >
> > On 6/4/12, Katsuhiro Kondou<kondou@voyackey.net>  wrote:
> >> Change the subject from the original, and removed related References
> >> headers.
> >>
> >> In article<4FCC7194.3080802@ei5di.com>,
> >>      "Paul O'Kane"<pokane@ei5di.com>  wrote,
> >>      on "Mon, 04 Jun 2012 09:28:04 +0100";
> >>
> >> } In the days of paper logs, we had to submit a signed
> >> } declaration with each log.  With electronic logs, the
> >> } declaration is assumed, but largely forgotten.  One
> >> } practical solution is for the logging software to
> >> } display the declaration and ask for the operator's
> >> } agreement, by having to type the word YES, before the
> >> } Cabrillo log is created.
> >> }
> >> } The declaration, in effect a pledge that is renewed
> >> } with each entry, is good enough for me.
> >>
> >> I'm not sure this was discussed before, but this reminds me that
> >> someone who has malicious intention may submit other station's
> >> log to defeat the station after first submission by actual station.
> >> There looks no authentication method to verify the station for major
> >> contests(please correct me if I am wrong).  Complicated method to
> >> authenticate the station may lead decreasing the number of log
> >> submission, so this may not be applied to all stations.  But I think
> >> there should be some method to authenticate at least for stations who
> >> want to win a prize.
> >>
> >> Please ignore this message if my concern is baseless fear, the
> >> contest sponsors have already taken care of this, or we can trust
> >> everybody since we all have good morals.
> >> --
> >> Katsuhiro "Don" Kondou, JH5GHM
> >> Tokyo, JAPAN
> >> _______________________________________________
> >> CQ-Contest mailing list
> >> CQ-Contest@contesting.com
> >> http://lists.contesting.com/mailman/listinfo/cq-contest
> >>
> > _______________________________________________
> > CQ-Contest mailing list
> > CQ-Contest@contesting.com
> > http://lists.contesting.com/mailman/listinfo/cq-contest
> _______________________________________________
> CQ-Contest mailing list
> CQ-Contest@contesting.com
> http://lists.contesting.com/mailman/listinfo/cq-contest
>
_______________________________________________
CQ-Contest mailing list
CQ-Contest@contesting.com
http://lists.contesting.com/mailman/listinfo/cq-contest

<Prev in Thread] Current Thread [Next in Thread>