[CQ-Contest] authentication for log submission

W0MU Mike Fatchett w0mu at w0mu.com
Tue Jun 5 08:18:52 PDT 2012


What he is saying is that if I submit a score for W0MU, someone else can 
send another log  overwriting my original submission with some bogus 
information.

You don't have to get a hold of anything.   The robot simply takes the 
log that it receives and processes it.

I can change my email address and look like anyone I want.  Spammers do 
this all the time.  Obviously the IP addresses will be different.

Now that it has been brought up there probably needs to be a more secure 
way to upload your logs and setup a verified identity and if a 2nd log 
were to be uploaded that you would be notified of the 2nd log and would 
need accept or verify the new log or send any further logs with the 
proper credentials for it to be accepted.

I would like to hear from ARRL and CQ etc on how they handle this and if 
they think it has ever happened in the past.....

Mike W0MU

W0MU-1 CC Cluster w0mu.net:23 or w0mu-1.dnsdynamic.com
Http://www.w0mu.com


On 6/5/2012 7:36 AM, Zack Widup wrote:
> Are you saying that someone can get hold of another station's log
> after it has been submitted and tamper with it? If that's the case,
> then the security needs to be placed on the computer where the logs
> are stored by the contest sponsor.
>
> I don't know how e-mailed logs are handled; if someone submits a log a
> second time, does it wipe out the earlier log stored in the sponsor's
> files, or are both kept?
>
> If someone just fabricated a log, it seems it would be pretty obvious
> on log checking.
>
> Also, an examination of the header of the e-mail file should show
> where the log came from.
>
> 73, Zack W9SZ
>
>
> On 6/4/12, Katsuhiro Kondou<kondou at voyackey.net>  wrote:
>> Change the subject from the original, and removed related References
>> headers.
>>
>> In article<4FCC7194.3080802 at ei5di.com>,
>> 	"Paul O'Kane"<pokane at ei5di.com>  wrote,
>> 	on "Mon, 04 Jun 2012 09:28:04 +0100";
>>
>> } In the days of paper logs, we had to submit a signed
>> } declaration with each log.  With electronic logs, the
>> } declaration is assumed, but largely forgotten.  One
>> } practical solution is for the logging software to
>> } display the declaration and ask for the operator's
>> } agreement, by having to type the word YES, before the
>> } Cabrillo log is created.
>> }
>> } The declaration, in effect a pledge that is renewed
>> } with each entry, is good enough for me.
>>
>> I'm not sure this was discussed before, but this reminds me that
>> someone who has malicious intention may submit other station's
>> log to defeat the station after first submission by actual station.
>> There looks no authentication method to verify the station for major
>> contests(please correct me if I am wrong).  Complicated method to
>> authenticate the station may lead decreasing the number of log
>> submission, so this may not be applied to all stations.  But I think
>> there should be some method to authenticate at least for stations who
>> want to win a prize.
>>
>> Please ignore this message if my concern is baseless fear, the
>> contest sponsors have already taken care of this, or we can trust
>> everybody since we all have good morals.
>> --
>> Katsuhiro "Don" Kondou, JH5GHM
>> Tokyo, JAPAN
>> _______________________________________________
>> CQ-Contest mailing list
>> CQ-Contest at contesting.com
>> http://lists.contesting.com/mailman/listinfo/cq-contest
>>
> _______________________________________________
> CQ-Contest mailing list
> CQ-Contest at contesting.com
> http://lists.contesting.com/mailman/listinfo/cq-contest


More information about the CQ-Contest mailing list