Re: Steganography covert communications - Between Silk andCyanide
Matt Crawford wrote: David Honig wrote: Unbeknown to the latter, Marks had already cracked General de Gaulle's private cypher in a spare moment on the lavatory. -from the obit of Leo Marks, cryptographer But this was because it was, in fact, one of his own ciphers. Cheers, Ben. Not one that he invented or approved of, but one that he knew and had to work with, yes. Indeed, it was the cipher he inherited (and spent much time and energy to have replaced, for excellent reasons). Cheers, Ben. -- http://www.apache-ssl.org/ben.html - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Hackers Targeting Home Computers
On Friday 04 January 2002 09:54 am, Hadmut Danisch wrote: On my private computer (DSL, dynamically assigned IP address), I detect an increasing density of attack attempts. More or less serious attempts happen every few minutes in average (depends on daytime). Highest density is in the evening hours, when hackers and victims find time to be online. Unless I'm misunderstanding you, I find this hard to believe. [Moderator's note: I find it easy to believe, because I see exactly what he does on the networks I control. I don't know why you are attacked less often. --Perry] On my computer (DSL, fixed IP), which is pretty heavily monitored, I'm detecting only a few, maybe up to a dozen, actual attacks a day. Most of them are from well-known root kits, targeting old vulnerabilities. Sunrpc, lpr, imap, and anonymous ftp seem to be popular. Most attacks come from Asia, eastern Europe used to be popular, but seems to have died down recently. The only way I could get anywhere near your numbers is to count all of the Windows-based http attacks coming from automated worms and the like. I'd be interested in hearing from others what kind and frequency of attacks they're experiencing. This means the probability of an infection of an unprotected private computer is quite high after only some hours of internet access. Most (normal) people I know use such unprotected computers for internet access. This is of course true no matter what the frequency of attacks is. -- Jeff Simmons [EMAIL PROTECTED] Simmons Consulting - Network Engineering, Administration, Security You guys, I don't hear any noise. Are you sure you're doing it right? - My Life With The Thrill Kill Kult - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Hackers Targeting Home Computers
On Fri, Jan 04, 2002 at 11:42:27AM -0800, Jeff Simmons wrote: Unless I'm misunderstanding you, I find this hard to believe. On my computer (DSL, fixed IP), which is pretty heavily monitored, I'm detecting only a few, maybe up to a dozen, actual attacks a day. Most of them are from well-known root kits, targeting old vulnerabilities. Sunrpc, lpr, imap, and anonymous ftp seem to be popular. Most attacks come from Asia, eastern Europe used to be popular, but seems to have died down recently. The only way I could get anywhere near your numbers is to count all of the Windows-based http attacks coming from automated worms and the like. I'd be interested in hearing from others what kind and frequency of attacks they're experiencing. There's good reason for the different results. I'm located in Germany and my DSL line is from Deutsche Telekom (T-DSL, T-Online). This is by far the biggest provider in Germany for private DSL internet access, and they also do provide large numbers of modem and ISDN accounts. They use a few very well known ip address ranges for all DSL, modem and ISDN customers. Scanning the T-Online address ranges allows you to find heaps of german private computers. Many of the attacks I detect come from within the T-Online network, others often come from the countries you describe. I compared results with some of the colleagues results and with results we get from commercial firewalls at the same time. There is a significant difference. It appears that the T-Online network ranges are a favored target of many hackers/scanners/script kiddies. There's no doubt that some attackers prefer attacking private computers and select address ranges where they find most of these computers. Hadmut - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Hackers Targeting Home Computers
At 06:54 PM 1/4/02 +0100, Hadmut Danisch wrote: WASHINGTON -- Computer hackers...are turning their sights to home computers that are...less secure than ever before. On my private computer (DSL, dynamically assigned IP address), I detect an increasing density of attack attempts. I see the same thing here. But most of its http/web attacks against the unicode vulnerability. Back when code red was out of control I performed a little experiment. I took 5 IP address of Code Red infected servers on DSL and tested them for the *very* old (Oct/Nov 2000) unicode vulnerability. All 5 systems had NOT been patched. Its not surprising that I now see virus infected machines trying to attack my systems using unicode attack strings. I guess somebody took the idea one step further and developed a virus. It surprises me that providers like Earthlink GTE (I have one DSL on each) aren't taking measures to filter out virus traffic from infected systems. It seems a simple enough task to me. It seems to me that the biggest cause of the problems are ignorance and lack of concern as the article suggests. So rather than complain and rant, I've setup a non-technical alert list for my friends and family to keep them informed and safe. I try to keep the list fun and easy to read. Its taken a great deal of time and explaining, but slowly more and more of them are beginning to see the bigger picture. My favorite scenario to lay out for my friends is simple and effective. Lets say that a hacker gains control of your computer and uses it to attack another site/system. Lets say that site is a Fortune 500 company or a military or government site. Even if you don't get into trouble, the FBI could still show up on your door step and take your computer away for analysis. No more email or web for you. Oh, and they'll probably need to sift through your phone records to see if the hacker dialed out from your computer. Kiss your privacy goodbye. - hawk - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Baltimore Sun: MD police seek easier wiretaps
http://www.sunspot.net/news/custom/guns/bal-wiretap03.story?coll=bal-home-headlines Md. police seek law for easier wiretaps Use of technology by criminals outruns current authority By Sarah Koenig Sun Staff Originally published January 2, 2002, 9:16 PM EST Aware that police might be eavesdropping, drug dealers not only watch what they say on their cell phones. They burn their phones, and bust them. They create phantom phone numbers and treat a handset the way a tourist might treat a disposable camera, discarding it after a few good shots. As prosecutors and detectives in Baltimore increase the use of wiretaps against major drug organizations, they have discovered that their targets' phone capabilities outpace their own. To catch up, law enforcement officials from across Maryland are proposing legislative changes that would expand and simplify the use of wiretaps. A principal objective is to be able to quickly switch a wiretap from phone to phone, mirroring a suspect's maneuvers. Over the last couple of years, as we've been doing more of these wiretap investigations, we've come face to face with what the shortcomings are, said city State's Attorney Patricia C. Jessamy, who will hold a news conference on the issue today. But efforts to streamline the wiretap application process, which is now closely re viewed by a judge, are sure to meet some opposition in the General Assembly from the American Civil Liberties Union, among others. There is reason to be concerned that the police will become Big Brother, said Maryland ACLU spokesman Dwight Sullivan. We want police to be aggressive in fighting crime, but we also need to have the barrier between the aggressiveness and the public, and that barrier is the judge. Wiretapping is the most intrusive and sophisticated investigative tool police have, to be used only when more conventional methods are exhausted. Maryland's wiretap laws, which require more judicial oversight and offer less flexibility than those of most other states, were last updated in 1988, back when having a pager was cool. Since then, investigators say, technology and sophistication have shot ahead. It's not unusual for drug organizations to buy cell phones in bulk, making sure not to use one line for more than a few days. In one Baltimore case, a suspect owned about 50 cell phones. Current law is geared more toward the phone than the suspect, requiring investigators to reapply for a new warrant each time they want to listen to a new line -- a process that means writing about 100 pages of affidavits explaining to a judge why the wiretap is crucial to a case. Rewriting the warrant applica tion also slows down an investigation, sometimes at a crucial moment. In July, for instance, Eric L. Buckson, 31, a now-convicted drug dealer serving a 40-year prison sentence, had just met with a cocaine source when he noticed someone following his car. He hit a parked vehicle, then another. His car burst into flames and he ran away, leaving the drugs and his tapped cell phone to get drowned by firefighters. To Buckson, the incident was probably a scare and a nuisance. To investigators it represented a significant obstacle: Within hours, Buckson was using a new phone, but it would take prosecutors much longer to apply for a new wiretap. By the end of the investigation, prosecutors would tap 15 different phones, creating 22,000 pages of evidence. Maj. Anthony G. Cannavale, commander of the Baltimore Police Department's drug enforcement unit, said changes to the law would help reduce the criminals' advantage. It's always a game of wits with the drug dealers, he said. We're really at a breakwater point, where if we don't get a handle on the technology, we're going to be out of business. In the past couple of years, Baltimore has greatly expanded its use of wiretaps in an effort to move from street arrests of low-level drug pushers to kingpins with international narcotics connections. The city Police Department and State's Attorney's Office have created special technology units, and they perform more wiretap investigations than any other jurisdiction in Maryland. Though wiretaps consume enormous amounts of time and money, their success is undeniable, as compiled in a recent report prepared by Jessamy's office: In the past two years, wiretaps have led to the dismantling of nine drug organizations -- a total of 118 defendants with links to Colombia and the Dominican Republic, and the seizure of nearly $800,000, 66 cars, 84 guns, 14 kilos of heroin and 10.5 kilos of cocaine. But criminals are becoming more savvy about wiretaps, thanks in part to the recent investigations. Cannavale said his officers have found wiretap affidavits, which include extensive surveillance details, when doing searches in drug dealers' houses -- documents probably provided by their lawyers. In
