RE: Don't Trust Your Eyes or URLs (was Re: TidBITS#766/14-Feb-05)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R.A. Hettinga Don't Trust Your Eyes or URLs - by Glenn Fleishman [EMAIL PROTECTED] The likelihood of falling victim to a spoofed URL on the Web itself is less likely, assuming you start from a site that's a relatively trusted source. Actually, as we've seen in probably the first example of this technique, you can start from a bid on eBay which says click here to pay with PayPal, and get somewhere else; and one will likely assume the best, since he trusts eBay. Marcel -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.8 - Release Date: 2/14/2005
TSA's Secure Flight (was Re: CRYPTO-GRAM, February 15, 2005)
At 6:23 AM -0600 2/15/05, Bruce Schneier wrote: TSA's Secure Flight As I wrote last month, I am participating in a working group to study the security and privacy of Secure Flight, the U.S. government's program to match airline passengers with a terrorist watch list. In the end, I signed the NDA allowing me access to SSI (Sensitive Security Information) documents, but managed to avoid filling out the paperwork for a SECRET security clearance. Last month the group had its second meeting. At this point, I have four general conclusions. One, assuming that we need to implement a program of matching airline passengers with names on terrorism watch lists, Secure Flight is a major improvement -- in almost every way -- over what is currently in place. (And by this I mean the matching program, not any potential uses of commercial or other third-party data.) Two, the security system surrounding Secure Flight is riddled with security holes. There are security problems with false IDs, ID verification, the ability to fly on someone else's ticket, airline procedures, etc. There are so many ways for a terrorist to get around the system that it doesn't provide much security. Three, the urge to use this system for other things will be irresistible. It's just too easy to say: As long as you've got this system that watches out for terrorists, how about also looking for this list of drug dealers...and by the way, we've got the Super Bowl to worry about too. Once Secure Flight gets built, all it'll take is a new law and we'll have a nationwide security checkpoint system. And four, a program of matching airline passengers with names on terrorism watch lists is not making us appreciably safer, and is a lousy way to spend our security dollars. Unfortunately, Congress has mandated that Secure Flight be implemented, so it is unlikely that the program will be killed. And analyzing the effectiveness of the program in general, potential mission creep, and whether the general idea is a worthwhile one, is beyond the scope of the working group. In other words, my first conclusion is basically all that they're interested in hearing. But that means I can write about everything else. To speak to my fourth conclusion: Imagine for a minute that Secure Flight is perfect. That is, we can ensure that no one can fly under a false identity, that the watch lists have perfect identity information, and that Secure Flight can perfectly determine if a passenger is on the watch list: no false positives and no false negatives. Even if we could do all that, Secure Flight wouldn't be worth it. Secure Flight is a passive system. It waits for the bad guys to buy an airplane ticket and try to board. If the bad guys don't fly, it's a waste of money. If the bad guys try to blow up shopping malls instead of airplanes, it's a waste of money. If I had some millions of dollars to spend on terrorism security, and I had a watch list of potential terrorists, I would spend that money investigating those people. I would try to determine whether or not they were a terrorism threat before they got to the airport, or even if they had no intention of visiting an airport. I would try to prevent their plot regardless of whether it involved airplanes. I would clear the innocent people, and I would go after the guilty. I wouldn't build a complex computerized infrastructure and wait until one of them happened to wander into an airport. It just doesn't make security sense. That's my usual metric when I think about a terrorism security measure: Would it be more effective than taking that money and funding intelligence, investigation, or emergency response -- things that protect us regardless of what the terrorists are planning next. Money spent on security measures that only work against a particular terrorist tactic, forgetting that terrorists are adaptable, is largely wasted. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: U.S. Said to Pay Iraq Contractors in Cash
Everyone does this openly over here. Anything less than $500k or so isn't even worth thinking about, since as a kidnap victim, you're sold for about that much. I really don't see why it's worthy of an article. I've been buying cash from other contractors, as well as providing cash on a short-term loan or wire basis, and these activities are common as well. It would be a good environment to deploy various electronic payment systems, but nothing is really up to snuff for the kind of things people do here -- large sums, and making purchases from existing online vendors. Quoting R. A. Hettinga [EMAIL PROTECTED]: http://news.yahoo.com/news?tmpl=storycid=542u=/ap/iraq_loose_cashprinter=1 Yahoo! U.S. Said to Pay Iraq Contractors in Cash 1 hour, 4 minutes ago By LARRY MARGASAK, Associated Press Writer WASHINGTON - U.S. officials in postwar Iraq (news - web sites) paid a contractor by stuffing $2 million worth of crisp bills into his gunnysack and routinely made cash payments around Baghdad from a pickup truck, a former official with the U.S. occupation government says. Because the country lacked a functioning banking system, contractors and Iraqi ministry officials were paid with bills taken from a basement vault in one of Saddam Hussein (news - web sites)'s palaces that served as headquarters for the Coalition Provisional Authority, former CPA official Frank Willis said. Officials from the CPA, which ruled Iraq from June 2003 to June 2004, would count the money when it left the vault, but nobody kept track of the cash after that, Willis said. In sum: inexperienced officials, fear of decision-making, lack of communications, minimal security, no banks, and lots of money to spread around. This chaos I have referred to as a 'Wild West,' Willis said in testimony he prepared to give Monday before a panel of Democratic senators who want to spotlight the waste of U.S. funds in Iraq. A senior official in the 1980s at the State and Transportation departments under then-President Ronald Reagan (news - web sites), Willis provided The Associated Press with a copy of his testimony and answered questions in an interview. James Mitchell, spokesman for the special inspector general for Iraq reconstruction, told the AP that cash payments in Iraq were a problem when the occupation authority ran the country and they continue during the massive U.S.-funded reconstruction. There are no capabilities to electronically transfer funds, Mitchell said. This complicates the financial management of reconstruction projects and complicates our ability to follow the money. The Pentagon (news - web sites), which had oversight of the CPA, did not immediately comment in response to requests Friday and over the weekend. But the administrator of the former U.S. occupation agency, L. Paul Bremer III, in response to a recent federal audit criticizing the CPA, strongly defended the agency's financial practices. Bremer said auditors mistakenly assumed that Western-style budgeting and accounting procedures could be immediately and fully implemented in the midst of a war. When the authority took over the country in 2003, Bremer said, there was no functioning Iraqi government and services were primitive or nonexistent. He said the U.S. strategy was to transfer to the Iraqis as much responsibility as possible as quickly as possible, including responsibility for the Iraqi budget. Iraq's economy was dead in the water and the priority was to get the economy going, Bremer said. Also in response to that audit, Pentagon spokesman Bryan Whitman had said, We simply disagree with the audit's conclusion that the CPA provided less than adequate controls. Willis served as a senior adviser on aviation and communications matters for the CPA during the last half of 2003 and said he was responsible for the operation of Baghdad's airport. Describing the transfer of $2 million to one contractor's gunnysack, Willis said: It was time for payment. We told them to come in and bring a bag. He said the money went to Custer Battles of Middletown, R.I., for providing airport security in Baghdad for civilian passengers. Willis said a coalition driver would go around the Iraqi capital and disburse money from the a pickup truck formerly belonging to the grounded Iraqi Airways airline. The reason is because officials wanted to meld into the environment, he said. Willis' allegations follow by two weeks an inspector general's report that concluded the occupying authority transferred nearly $9 billion to Iraqi government ministries without any financial controls. The money was designated for financing humanitarian needs, economic reconstruction, repair of facilities, disarmament and civil administration, but the authority had no way to verify that it went for those purposes, the audit said. Sen. Byron Dorgan (news, bio, voting record), head of
Paradigms for Paranoids
http://www.theregister.co.uk/2005/02/14/codecon_paradigm_for_paranoids/print.html The Register Biting the hand that feeds IT The Register » Software » Developer » Paradigms for Paranoids By Team Register (feedback at theregister.co.uk) Published Monday 14th February 2005 22:15 GMT Codecon 2005 The fourth annual CodeCon - a workshop for developers of real-world applications that support individual liberties - convened Friday afternoon (11 Feb) at Club NV (envy, not Nevada), amid ghostly laptop panels hovering in violet-tinted danceclub murk. First-day registrations reached a respectable 90 (at $80 each), with more expected as the weekend progresses. The highlight among the first day's five presentations was Ian Goldberg and Nikita Borisov on Off-the-Record Messaging (http://www.cypherpunks.ca/otr/) (OTR), where 'messaging' can be instant messaging in any of its various formats, including online games, and off the record is meant to emulate as closely as possible the realworld strategy of sneaking off somewhere private, where you can talk with absolutely no record of what you said that might come back later to haunt you. (I was reminded of Maxwell Smart's ill-omened Cone of Silence.) Conventional crypto technologies are optimised for (e.g.) enduring longterm contracts, but OTR prefers that messages be written as if in sand, via perfect forward secrecy (PFS) and repudiable authentication. (Even if your conversation is cracked and transcribed, the programmers have included a forgery toolkit that allows you to repudiate such transcripts as trivial to forge.) With such glorious levels of intimate distrust, I was surprised Ian didn't name his exemplary chatterers Bill and Monica - both Ian and Nikita were witty presenters, with the former doing funny voices, and the latter offering, when a projector bulb blew during their demo, to substitute an interpretive dance. Another maniacally brilliant twist is that they can invisibly solicit OTR dialogs from strangers in chat by appending an inconspicuous all-whitespace flag, consisting of a characteristic arrangement of 24 spaces and tabs. And it was a pleasure, as well, to hear the consistently high level of followup questions after their talk. Other first-day presentations: Hal Finney on digital cash (The owner of the server is the enemy), David Reid and Ben Laurie of Apache on adding group-based access controls to the certification process, Walter Landry's exhaustive comparative benchmarking of distributed version-control apps (due to be posted here (http://www.nongnu.org/arx/)), and Cat Okita on reputation management. See the schedule (http://www.codecon.org/2005/schedule.html) and program (http://www.codecon.org/2005/program.html) for details. ® -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
How to isolate DNA with salad-spinner
http://www.theregister.co.uk/2005/02/14/codecon_2005/print.html The Register Biting the hand that feeds IT The Register » Security » Network Security » Original URL: http://www.theregister.co.uk/2005/02/14/codecon_2005/ How to isolate DNA with salad-spinner By Jorn Barger (feedback at theregister.co.uk) Published Monday 14th February 2005 16:25 GMT CodeCon 2005 For sheer hackerly exuberance, the best-received presentation at CodeCon 2005 was the closer by Dan Kaminsky of Doxpara (http://doxpara.com/), showing the progress he's made on his DNS exploit OzymanDNS since he presented it at Defcon last August. At that time he offered to archive Knoppix across 35,000 DNS caches by posting, to each cache, 80 records of 256 bytes each - he's now simplified that to something more like five records of 4k each. It's still untraceable, unblockable by firewalls, and allows effectively unlimited simultaneous downloads, with the download speed limited primarily by how fast your system can run his Perl script. He calls this extremely versatile new trick Fragile Router Protocol and warns security mavens they're going to have to start hustling to have any hope of keeping up. The flashiest demo of the day was Incoherence, a visualization tool for helping record producers maximize the subjective separation between instruments, and to fill the perceived space with a full range of frequencies. This is available as a fun free download (http://omgaudio.com/incoherence/) for various platforms. Meredith Patterson of Integrated DNA Technology showed how to isolate DNA at home using shampoo, meat tenderizer, and a salad-spinner, and assured the audience that anthrax DNA could indeed theoretically be created using the web tools offered by her company. And after the very first Sunday presentation, one audience member claimed he found the new web programming language Wheat so beautiful, it's made me cry! The most stimulating concept of Day Two was arguably a programming triviality - in order to raise the level of debate in their online courseware, H2O, the Berkman Center of Harvard Law School introduced an artificial delay (call it positive community latency perhaps), so that posts were just as likely to be read if their authors took several days to craft them, as if they jumped in immediately with something inane. Slashdot is of course the canonical example of the inverse relation between speed and seriousness - if a latency of even an hour or two were introduced, and all posts made during that time displayed at once in order of karmic reputation, the general level of debate would surely rise substantially. See the CodeCon site for more details (http://www.codecon.org/2005/program.html). ® -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Nigerians turn to vigilantes
http://news.bbc.co.uk/2/low/africa/4265415.stm The BBC Tuesday, 15 February, 2005, 12:38 GMT Nigerians turn to vigilantes By Sola Odunfa BBC Africa Live, Lagos Not so long ago, mangled bodies or charred remains of mob justice victims littered the streets of Lagos, Nigeria's largest city. Health workers could hardly cope with removing the bodies immediately. Many of the victims died in agony from burning tyre necklaces and others were either stoned or beaten to death. Now, there are many fewer such gruesome deaths because well-organised vigilante groups have scared many robbers away. The police were overwhelmed by the sheer number of the criminals. In frustration and anger the public decided to take the law into their hands in self-protection. Mob justice became popular in Nigeria during the years of military rule when violent personal crimes rose uncontrollably. How is your community dealing with crime? Gangs of young men armed with guns and pick-axes rampaged the streets night and day, robbing people with violence. Rape was a common feature in most robberies. Security committees Frightened by the growing crime rate, the public responded by setting up neighbourhood watch or market security committees who, in turn, engaged vigilantes. When armed men broke into my residence five years ago. They did terrible things to my wife and children. Anonymous civil servant They were well paid and armed with locally-made guns and charms. The vigilantes usually live in the neighbourhoods they protect; they know the bad boys there. They will usually send word to suspects to leave the area or face their wrath. If their warning is not heeded, they are known to mount midnight raids on the suspects' hideout. The result is often brutal death. A civil servant who sought anonymity for fear of reprisal, says no robber should be spared. When armed men broke into my residence five years ago. They did terrible things to my wife and children. I have not recovered from that psychological wound. Since then I have been joining any mob anywhere to deal with any robbers caught. They don't deserve to live, he says. Popular support Nowadays, most of the killings are carried out by vigilante groups set up by communities and market traders' groups. The activities of the vigilantes are not supported by the police but not much is done to curb them because they seem to enjoy popular support. In Lagos, the best known of the vigilantes are members of the Odua Peoples Congress (OPC). They have a reputation for being ruthless in dealing with suspected criminals and being incorruptible. Despite being outlawed by President Olusegun Obasanjo four years ago, the OPC continues to enjoy a large measure of public support, not only in Lagos but all over south-west Nigeria. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
'Trustworthy' Computing Now Gates' Focus
http://news.yahoo.com/news?tmpl=storycid=562u=/ap/20050215/ap_on_hi_te/security_conference_6printer=1 Yahoo! 'Trustworthy' Computing Now Gates' Focus 1 hour, 21 minutes ago By MATTHEW FORDAHL, AP Technology Writer SAN JOSE, Calif. - Microsoft Corp. co-founder Bill Gates (news - web sites) is expected to give his perspective Tuesday on computer security and provide an update on the software giant's efforts to make computing more trustworthy. He will speak to an estimated 11,000 security experts gathered for the weeklong RSA Conference, sponsored by RSA Security Inc., based in Bedford, Mass. In the three years since Microsoft launched its initiative to improve the security of its products, the company has changed how its software is written, improved the mechanism for fixing bugs and released some tools for removing virtual pests. So far, results have been mixed. While there have been no major attacks in recent months, the number of worms and viruses continues to grow and other headaches - such as spam, spyware and adware - are multiplying and quickly becoming security threats themselves. Most still target Microsoft Windows, the world's dominant operating system. Since Gates (now the company's chairman and chief software architect) spoke at the RSA Conference in 2004, Microsoft has issued a major security upgrade to Windows XP (news - web sites) aimed at blocking malicious code and protecting users from downloading programs that might carry a virus, worm or other unwanted program. The company also has recently started releasing programs that remove a limited number of worms and other pests. It's also giving away an early version of Microsoft AntiSpyware, a program that removes unwanted programs and helps protect new ones from being installed. But so far it's remained mum on when it will jump into the antivirus software business and directly compete against companies that sell programs designed to shore up Windows. Microsoft declined to comment in advance of the speech. It may be something of a natural evolution for them, although ironic given that it's a majority of their software is what they're having to protect, said Vincent Gullotto, vice president of McAfee's Antivirus and Vulnerability Emergency Response Team. While they're building software to protect their software, they're also building their software to be secure, he added. It should prove to be some interesting times. Meanwhile, Microsoft continues to be a target. Last week, a Trojan horse program was detected that attempts to shut down its antispyware program as well as steal online banking passwords. This particular attempt appears to be the first by any piece of malware to disable Microsoft AntiSpyware, but it may be the first of many such future attacks, said Gregg Mastoras, senior security analyst at Sophos PLC, a security firm. Meanwhile, other security software vendors aren't standing still. Symantec, for instance, has unveiled a new version of its corporate computer security software that promises not only to remove traditional viruses and worms but also adware and spyware. The updated programs are expected to be available next month. Customers are looking for spyware and adware protection from their antivirus vendor, a partner they trust, said Brian Foster, Symantec's senior director of product management for client and host security. McAfee Inc., another antivirus company, also is putting a greater focus on spyware and adware with its McAfee Anti-Spyware Enterprise for corporations. It will be available March 2. McAfee also is announcing that it will send out updates of its virus definitions on a daily, rather than weekly basis. The new program starts Feb. 24 for its corporate clients. The more frequent updates will be available for its retail software in about three months, Gullotto said. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: What is a cypherpunk?
--- ken [EMAIL PROTECTED] wrote: James A. Donald wrote: The state was created to attack private property rights - to steal stuff. Some rich people are beneficiaries, but from the beginning, always at the expense of other rich people. More commonly states defend the rich against the poor. They are what underpins property rights, in the sense of great property More of the usual bullshit, SOP for the quasi-anonymised defenders of local trvth. State _workers_ attack property rights; state _workers_ act to aid 'the rich' in consolidating and concentrating property and property rights against 'the poor'. In exchange for a little job security, state _workers_ have passivly evolved a neat little system which may be exploited by knowledgeable insiders for their own malign purposes. Congratulations to the defenders of Truth, Freedom, and Democracy for in effect rolling back property rights (to say nothing of human and civil rights), in effect cancelling the legal advances brought about by the Magna Carta and succeeding documents. It is a testament to the success and current fashion of reality simplification that state agents may arbitrarily employ the tools of terrorism, appropriation and confiscation, arbitrary detention, and not insignificantly, micromanage _de facto_ slaves according to their whims, or at least those of their privilaged benefactors. This is accomplished by the strategic use of pretexts -- some secret, others validated by tenets of pop culture; none of which may be assailed by reasonable means -- to lend a veneer of legitimacy to the acts of violence. And in this vein I should not need to remind anyone of the fact that theft, as much as a boot to the head or back of the neck, is an act of violence; and no matter if it is perpetrated by seeming officiousness by way in some farcical one-sided and secret legal process, or by dint of a convenient and contrived necessity. - until the industrial revolution that was mostly rights to land other people farm or live on. Every society we know about has had laws and customs defending personal property (more or less successfully) but it takes political/military power to defend the right to exact rent from a large estate, and state power to defend that right for thousands or millions of landowners. Uh-huh. And what of the state of affairs where rights of property, for example, may be subverted by fraud and the means of legal redress (no matter how unjust, inefficient and ineffective they may be for practical purposes) are closed off, one by one, so that the victims of state violence are allowed NO OPTIONS or RELEIF, perhaps to start again from scratch, but more likely to whither and die on the vine, ignored except when it is necessary to reinforce the conditioning to ruin by the application of a periodic boot to the back of the neck. Again, compare the burning of Shenendoah with the Saint Valentine's day massacre. There is just no comparison. Governmental crimes are stupendously larger, and much more difficult to defend against. True. The apposite current comparison is 9/11 the most notorious piece of private-enterprise violence in recent years, and the far more destructive US revenge on Afghanistan and Iraq. Which was hundreds of times more destructive but hundreds of thousands of times more expensive, so far less cost-effective - but in a a war of attrition that might not matter so much. Of course the private-enterprise AQ their friends the Taliban booted themselves into a state, of sorts in Afghanistan, with a little help from their friends in Pakistan and arguable amounts of US weaponry. Not that Afghanistan was the sort of place from which significant amounts of tax could be collected to fund further military adventures. States can get usually get control of far larger military resources than private organisations, and have fewer qualms about wasting them. Not that it makes much difference to the victims - poor peasants kicked off land wanted for oilfields in West Africa probably neither know nor care whether the troops who burned their houses were paid by the oil companies or the local government. And you all may cluck cluck safely in your ivory towers at the sorry state of others affairs, pontificating (again, safely) at an intellectual remove from the ground that is in conflict and at issue. Obvioulsly the best way to seem comitted to change and a solution to difficult problems without actually risking engagement with the core matter. This list is becoming a chore to read. Would someone find out where Tim May and Detwellier (for a start) are hiding, and please recommend them back to Cypherpunks? When such as they were active, we could be assured of lively and entertaining debate. These days, the air is rather too thin to support vigorous and sincere exchange. Regards, Steve
Re: What is a cypherpunk?
--- James A. Donald [EMAIL PROTECTED] wrote: [snip] As governments were created to smash property rights, they are always everywhere necessarily the enemy of those with property, and the greatest enemy of those with the most property. Uh-huh. Perhaps you are using the term 'government' in a way that is not common to most writers of modern American English? Regards, Steve __ Post your free ad now! http://personals.yahoo.ca
Digital Water Marks Thieves
Until, of course, people figure out that taggants on everything do nothing but confuse evidence and custody, not help it. Go ask the guys in the firearms labs about *that* one. Cheers, RAH --- http://www.wired.com/news/print/0,1294,66595,00.html Wired News Digital Water Marks Thieves By Robert Andrews? Story location: http://www.wired.com/news/technology/0,1282,66595,00.html 02:00 AM Feb. 15, 2005 PT CARDIFF, Wales -- Crooked criminal hearts may have fluttered and skipped a beat Monday when some of Britain's most notorious thieves opened a valentine from an unwelcome secret admirer -- one of London's top female police chiefs. But the greeting -- in which Chief Superintendent Vicki Marr wrote thinking of you and what you do -- was not so much an amorous expression to the underworld as part of a sting designed to catch hard-core burglars using new chemical microdot crime-fighting technology. SmartWater is a clear liquid containing microscopic particles encoded with a unique forensic signature that, when found coated on stolen property, provides a precise trace back to the owner and, when detected on a suspect, can conclusively implicate a felon. Likened to giving household items and vehicles a DNA of their own, the fluid is credited with helping cut burglary in Britain to a 10-year low, with some cities reporting drops of up to 85 percent. A decade in the making, SmartWater is the name for a suite of forensic coding products. The first, Instant, is a property-marking fluid that, when brushed on items like office equipment or motorcycles, tags them with millions of tiny fragments, each etched with a unique SIN (SmartWater identification number) that is registered with the owner's details on a national police database and is invisible until illuminated by police officers using ultraviolet light. A second product, the Tracer, achieves a similar goal by varying the blend of chemical agents used in the liquid to produce one of a claimed 10 billion one-off binary sequences, encoded in fluid combinations themselves. SmartWater CEO Phil Cleary, a retired senior detective, hit upon the idea after watching burglars he had apprehended walk free from court due to lack of evidence. It was born out of my frustration at arresting villains you knew full well had stolen property, but not being able to prove it, he said. Just catching someone with hot goods, or a police officer's gut belief a suspect is guilty, are not enough to secure a conviction -- so we turned to science. Cleary is reluctant to discuss trade secret details of a product he has patented, but he concedes that, together with chemist brother Mike, he has developed a mathematical model that allows us to generate millions of chemical signatures -- an identifier he boasts is better than DNA. But more than property can get tagged. In spray form, the fluid marks intruders with a similarly unique code that, when viewed under UV in a police cell, makes a red-faced burglar glow with fluorescent green and yellow blotches. The resemblance to Swamp Thing and the forensic signature found on his body are telltale signs the suspect has been up to no good at a coded property. It's practically impossible for a criminal to remove; it stays on skin and clothing for months, Cleary added. If a villain had stolen a watch, they might try to scrape off the fluid -- but they would have to remove every last speck, which is unlikely. Sometimes burglars who know they are tagged with the liquid scrub themselves so hard behind the ears to get it off, police arresting them end up having to take them into hospital for skin complaints. But we don't have much sympathy for them. Law enforcers are confident SmartWater can help improve Britain's mixed fortunes on combating burglary. Nationwide, instances of the crime have fallen by 42 percent since 1997, but the proportion of those resulting in convictions has also halved, from 27 percent to just 13 percent. So, while SmartWater is available commercially with a monthly subscription, many police forces are issuing free kits to vulnerable households in crime hot spots, hoping it can help put away more perps. The microdot tech could prove invaluable in a courtroom, but it is also an effective deterrent. Most burglaries happen because criminals know there is little chance of being arrested during a break-in, according to U.K. government data (.pdf). But posters and stickers displayed in SmartWater-coded cities and homes warn off would-be crooks. Word on the criminal grapevine, say police, is that anyone stealing from a coded home is likely to leave the crime scene having pilfered an indelible binary sequence that will lead only to jail time; it's not worth the risk. Marr sent her valentine -- reading roses are red, violets are blue, when SmartWater's activated, it's over for you -- to known criminals in Croydon, London, reinforcing the message in what Cleary said amounts to psychological warfare
[i2p] weekly status notes [feb 15] (fwd from jrandom@i2p.net)
- Forwarded message from jrandom [EMAIL PROTECTED] - From: jrandom [EMAIL PROTECTED] Date: Tue, 15 Feb 2005 12:52:27 -0800 To: [EMAIL PROTECTED] Subject: [i2p] weekly status notes [feb 15] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bonjour, sa cette fois de la semaine encore, * Index 1) Net status 2) 0.5 status 3) i2p-bt 0.1.7 4) ??? * 1) Net status While no new bugs have shown up in the network, last week we gained some exposure on a popular French p2p website, which has led to an increase both in users and in bittorrent activity. At the peak, we reached 211 routers on the net, though its hovering between 150 and 180 lately. Reported bandwidth usage has been up as well, though unfortunately the irc reliability has been degraded, with one of the servers lowering their bandwidth limits due to the load. There have been a bunch of improvements to the streaming lib to help with this, but they've been on the 0.5-pre branch, so not yet available to the live net. Another transient problem has been the outage of one of the HTTP outproxies (www1.squid.i2p), causing 50% of outproxy requests to fail. You can temporarily remove that outproxy by opening up your I2PTunnel config [1], editing the eepProxy, and changing the Outproxies: line to contain only squid.i2p. Hopefully we'll get that other one back online soon to increase redundancy. [1] http://localhost:7657/i2ptunnel/index.jsp * 2) 0.5 status There has been lots of progress this past week on 0.5 (I bet you're tired of hearing that, 'eh?). Thanks to the help of postman, cervantes, duck, spaetz, and some unnamed person, we've been running a test network with the new code for nearly a week and have worked through a good number of bugs that I hadn't seen in my local test network. For the past day or so now, the changes have been minor, and I don't forsee any substantial code left before the 0.5 release goes out. There is some additional cleaning, documentation, and assembly left, and it doesn't hurt to let the 0.5 test network churn through in case additional bugs are exposed over time. Since this is going to be a BACKWARDS INCOMPATIBLE RELEASE, to give you time to plan for updating, I'll fix a simple deadline of THIS FRIDAY as when 0.5 will be released. As bla mentioned on irc, eepsite hosts may want to take their site down on Thursday or Friday and keep them down until Saturday when many users will have upgraded. This will help reduce the effect of an intersection attack (e.g. if 90% of the network has migrated to 0.5 and you're still on 0.4, if someone reaches your eepsite, they know you're one of the 10% of routers left on the network). I could start to get into whats been updated in 0.5, but I'd end up going on for pages and pages, so perhaps I should just hold off and put that into the documentation which I should write up :) * 3) i2p-bt 0.1.7 duck has put together a bugfix release to last week's 0.1.6 update, and word on the street says its kickass (perhaps /too/ kickass, given the increased network usage ;) More info up @ the i2p-bt forum [2] [2] http://forum.i2p.net/viewtopic.php?t=300 * 4) ??? Lots of other things going on in the IRC discussions and on the forum [3], too much to briefly summarize. Perhaps the interested parties can swing by the meeting and give us updates and thoughts? Anyway, see y'all shortly =jr -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCEl/OGnFL2th344YRAkZQAKC5A+M6tX01BKKplopedAqvpV0QZQCgy+C7 Cbz/JT+3L2OfdhKAy8p/isQ= =VUm2 -END PGP SIGNATURE- ___ i2p mailing list [EMAIL PROTECTED] http://i2p.dnsalias.net/mailman/listinfo/i2p - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgpWzavPYe4Gn.pgp Description: PGP signature
But does it pass Diehard?
Apologies for introducing crypto-related stuff: RNG that reads minds and predicts future: http://www.rednova.com/news/display/?id=126649 Can This Black Box See Into the Future? DEEP in the basement of a dusty university library in Edinburgh lies a small black box, roughly the size of two cigarette packets side by side, that churns out random numbers in an endless stream. At first glance it is an unremarkable piece of equipment. Encased in metal, it contains at its heart a microchip no more complex than the ones found in modern pocket calculators. But, according to a growing band of top scientists, this box has quite extraordinary powers. It is, they claim, the 'eye' of a machine that appears capable of peering into the future and predicting major world events. The machine apparently sensed the September 11 attacks on the World Trade Centre four hours before they happened - but in the fevered mood of conspiracy theories of the time, the claims were swiftly knocked back by sceptics. But last December, it also appeared to forewarn of the Asian tsunami just before the deep sea earthquake that precipitated the epic tragedy. Now, even the doubters are acknowledging that here is a small box with apparently inexplicable powers. 'It's Earth-shattering stuff,' says Dr Roger Nelson, emeritus researcher at Princeton University in the United States, who is heading the research project behind the 'black box' phenomenon. 'We're very early on in the process of trying to figure out what's going on here. At the moment we're stabbing in the dark.' Dr Nelson's investigations, called the Global Consciousness Project, were originally hosted by Princeton University and are centred on one of the most extraordinary experiments of all time. Its aim is to detect whether all of humanity shares a single subconscious mind that we can all tap into without realising. And machines like the Edinburgh black box have thrown up a tantalising possibility: that scientists may have unwittingly discovered a way of predicting the future. Although many would consider the project's aims to be little more than fools' gold, it has still attracted a roster of 75 respected scientists from 41 different nations. Researchers from Princeton - where Einstein spent much of his career - work alongside scientists from universities in Britain, the Netherlands, Switzerland and Germany. The project is also the most rigorous and longest-running investigation ever into the potential powers of the paranormal. 'Very often paranormal phenomena evaporate if you study them for long enough,' says physicist Dick Bierman of the University of Amsterdam. 'But this is not happening with the Global Consciousness Project. The effect is real. The only dispute is about what it means.' The project has its roots in the extraordinary work of Professor Robert Jahn of Princeton University during the late 1970s. He was one of the first modern scientists to take paranormal phenomena seriously. Intrigued by such things as telepathy, telekinesis - the supposed psychic power to move objects without the use of physical force - and extrasensory perception, he was determined to study the phenomena using the most up-to-date technology available. One of these new technologies was a humble-looking black box known was a Random Event Generator (REG). This used computer technology to generate two numbers - a one and a zero - in a totally random sequence, rather like an electronic coin-flipper. The pattern of ones and noughts - 'heads' and 'tails' as it were - could then be printed out as a graph. The laws of chance dictate that the generators should churn out equal numbers of ones and zeros - which would be represented by a nearly flat line on the graph. Any deviation from this equal number shows up as a gently rising curve. During the late 1970s, Prof Jahn decided to investigate whether the power of human thought alone could interfere in some way with the machine's usual readings. He hauled strangers off the street and asked them to concentrate their minds on his number generator. In effect, he was asking them to try to make it flip more heads than tails. It was a preposterous idea at the time. The results, however, were stunning and have never been satisfactorily explained. Again and again, entirely ordinary people proved that their minds could influence the machine and produce significant fluctuations on the graph, 'forcing it' to produce unequal numbers of 'heads' or 'tails'. According to all of the known laws of science, this should not have happened - but it did. And it kept on happening. Dr Nelson, also working at Princeton University, then extended Prof Jahn's work by taking random number machines to group meditations, which were very popular in America at the time. Again, the results were eyepopping. The groups were collectively able to cause dramatic shifts in the patterns of numbers. From then on, Dr Nelson was hooked. Using the internet, he connected up 40
Re: What is a cypherpunk?
On 2005-02-15T13:23:37-0500, Steve Thompson wrote: --- James A. Donald [EMAIL PROTECTED] wrote: [snip] As governments were created to smash property rights, they are always everywhere necessarily the enemy of those with property, and the greatest enemy of those with the most property. Uh-huh. Perhaps you are using the term 'government' in a way that is not common to most writers of modern American English? I think it's fair to say that governments initially formed to protect property rights (although we have no historical record of such a government because it must have been before recorded history began). They then developed into monarchies which were only really set up to protect property rights of the ruler(s). With the advent of various quasi-democratic forms of government, the law has been compromised insofar as it protects property rights. You no longer have a right to keep all your money (taxes), no longer have a right to grow 5' weeds in your front yard if you live in a city, and no longer have a right to own certain evil things at all, at least not without special governmental permission. There were analogous compromises in democratic Athens and quasi-democratic Rome. When democratic states inevitably fold into tyranny, some of those restrictions remain. Right now most states have a strange mix of property rights protections (e.g. the Berne convention and the DMCA) and property rights usurpations (e.g. no right to own certain weapons; equal protection). -- Certainly there is no hunting like the hunting of man, and those who have hunted armed men long enough and liked it, never really care for anything else thereafter. --Hemingway, Esquire, April 1936
Re: How to Stop Junk E-Mail: Charge for the Stamp
Oh no, the idiotic penny black idea rides again. Like the movie War Games when a young Matthew Broderick saves the world by causing the WOPR computer to be distracted into playing itself tic-tac-toe rather than launching a pre-emptive nuclear strike. It was a MOVIE, made in 1983 nonetheless, get over it. More seriously, what attracts people to this penny black idea is that they realize that the only thing which will stop spammers is to interject some sort of economic constraint. The obvious constraint would be something like stamps since that's a usage fee. But the proposer (and his/her/its audience) always hates the idea of paying postage for their own email, no, no, there must be a solution which performs that economic miracle of only charging for the behavior I don't like! An economic Maxwell's demon! So, just like the terminal seeking laetrile shots or healing waters, they turn to not even half-baked ideas such as penny black. Don't charge you, don't charge me, charge that fellow behind the tree! Oh well. Eventually email will just collapse (as it's doing) and the RBOCs et al will inherit it and we'll all be paying 15c per message like their SMS services. I know, we'll work around it. Of course by then they'll have a multi-billion dollar messaging business to make sure your attempts to by-step it are outlawed and punished. Consider what's going on with the music-sharing world, as another multi-billion dollar business people thought they could just defy with anonymous peer-to-peer services... The point: I think the time is long past due to grow up on this issue and accept that some sort of limited, reasonable-usage-free, postage system is necessary to prevent collapse into monopoly. -- -Barry Shein Software Tool Die| [EMAIL PROTECTED] | http://www.TheWorld.com Purveyors to the Trade | Voice: 617-739-0202| Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*
Re: What is a cypherpunk?
On 2005-02-15T21:40:34+, Justin wrote: On 2005-02-15T13:23:37-0500, Steve Thompson wrote: --- James A. Donald [EMAIL PROTECTED] wrote: [snip] As governments were created to smash property rights, they are always everywhere necessarily the enemy of those with property, and the greatest enemy of those with the most property. Uh-huh. Perhaps you are using the term 'government' in a way that is not common to most writers of modern American English? I think it's fair to say that governments initially formed to protect property rights (although we have no historical record of such a government because it must have been before recorded history began). They then developed into monarchies which were only really set up to protect property rights of the ruler(s). It seems I've been brainwashed by classical political science. What I wrote above doesn't make any sense. Judging from social dynamics and civil advancement in the animal kingdom, monarchies developed first and property rights were an afterthought. -- Certainly there is no hunting like the hunting of man, and those who have hunted armed men long enough and liked it, never really care for anything else thereafter. --Hemingway, Esquire, April 1936
Re: What is a cypherpunk?
At 9:40 PM + 2/15/05, Justin wrote: I think it's fair to say that governments initially formed to protect property rights (although we have no historical record of such a government because it must have been before recorded history began). BZZZT. Wrong answer. Governments first steal property, then control it. Property is created when someone applies thought to matter and gets something new. It is theirs until they exchange it for something that someone else has, or discard it. But property is created by *individuals*, not some collective fraud and extortion racket called a government. Governments are founded when someone creates a monopoly on force. Actually, people use force against each other, and, in agrarian societies at least, the natural tend in force 'markets' is towards monopoly. We tend to get bigger governments (like political economist Mancur Olsen says, bandits who don't move) when people become sedentary and there's more property to steal, and that hunter-gatherers are more anarchistic, egalitarian, than civilized people. But that's more a function of the resources a given group controls. The San bushmen, for instance, are much more egalitarian than the Mongols, for instance, because the San have fewer material goods to control than the Mongols did, especially after the Mongols perfected warfare enough to control cities -- which, I suppose, proves my point. Property is like rights. We create it inherently, because we're human, it is not bestowed upon us by someone else. Particularly if that property is stolen from someone else at tax-time. Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
SHA-1 broken?
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html damn chinese.
Re: How to Stop Junk E-Mail: Charge for the Stamp
Barry Shein [EMAIL PROTECTED] writes: Eventually email will just collapse (as it's doing) and the RBOCs et al will inherit it and we'll all be paying 15c per message like their SMS services. And the spammers will be using everyone else's PC's to send out their spam, so the spam problem will still be as bad as ever but now Joe Sixpack will be paying to send it. Hmmm, and maybe *that* will finally motivate software companies, end users, ISPs, etc etc, to fix up software, systems, and usage habits to prevent this. Peter.
Re: U.S. Said to Pay Iraq Contractors in Cash
Everyone does this openly over here. Anything less than $500k or so isn't even worth thinking about, since as a kidnap victim, you're sold for about that much. I really don't see why it's worthy of an article. I've been buying cash from other contractors, as well as providing cash on a short-term loan or wire basis, and these activities are common as well. It would be a good environment to deploy various electronic payment systems, but nothing is really up to snuff for the kind of things people do here -- large sums, and making purchases from existing online vendors. Quoting R. A. Hettinga [EMAIL PROTECTED]: http://news.yahoo.com/news?tmpl=storycid=542u=/ap/iraq_loose_cashprinter=1 Yahoo! U.S. Said to Pay Iraq Contractors in Cash 1 hour, 4 minutes ago By LARRY MARGASAK, Associated Press Writer WASHINGTON - U.S. officials in postwar Iraq (news - web sites) paid a contractor by stuffing $2 million worth of crisp bills into his gunnysack and routinely made cash payments around Baghdad from a pickup truck, a former official with the U.S. occupation government says. Because the country lacked a functioning banking system, contractors and Iraqi ministry officials were paid with bills taken from a basement vault in one of Saddam Hussein (news - web sites)'s palaces that served as headquarters for the Coalition Provisional Authority, former CPA official Frank Willis said. Officials from the CPA, which ruled Iraq from June 2003 to June 2004, would count the money when it left the vault, but nobody kept track of the cash after that, Willis said. In sum: inexperienced officials, fear of decision-making, lack of communications, minimal security, no banks, and lots of money to spread around. This chaos I have referred to as a 'Wild West,' Willis said in testimony he prepared to give Monday before a panel of Democratic senators who want to spotlight the waste of U.S. funds in Iraq. A senior official in the 1980s at the State and Transportation departments under then-President Ronald Reagan (news - web sites), Willis provided The Associated Press with a copy of his testimony and answered questions in an interview. James Mitchell, spokesman for the special inspector general for Iraq reconstruction, told the AP that cash payments in Iraq were a problem when the occupation authority ran the country and they continue during the massive U.S.-funded reconstruction. There are no capabilities to electronically transfer funds, Mitchell said. This complicates the financial management of reconstruction projects and complicates our ability to follow the money. The Pentagon (news - web sites), which had oversight of the CPA, did not immediately comment in response to requests Friday and over the weekend. But the administrator of the former U.S. occupation agency, L. Paul Bremer III, in response to a recent federal audit criticizing the CPA, strongly defended the agency's financial practices. Bremer said auditors mistakenly assumed that Western-style budgeting and accounting procedures could be immediately and fully implemented in the midst of a war. When the authority took over the country in 2003, Bremer said, there was no functioning Iraqi government and services were primitive or nonexistent. He said the U.S. strategy was to transfer to the Iraqis as much responsibility as possible as quickly as possible, including responsibility for the Iraqi budget. Iraq's economy was dead in the water and the priority was to get the economy going, Bremer said. Also in response to that audit, Pentagon spokesman Bryan Whitman had said, We simply disagree with the audit's conclusion that the CPA provided less than adequate controls. Willis served as a senior adviser on aviation and communications matters for the CPA during the last half of 2003 and said he was responsible for the operation of Baghdad's airport. Describing the transfer of $2 million to one contractor's gunnysack, Willis said: It was time for payment. We told them to come in and bring a bag. He said the money went to Custer Battles of Middletown, R.I., for providing airport security in Baghdad for civilian passengers. Willis said a coalition driver would go around the Iraqi capital and disburse money from the a pickup truck formerly belonging to the grounded Iraqi Airways airline. The reason is because officials wanted to meld into the environment, he said. Willis' allegations follow by two weeks an inspector general's report that concluded the occupying authority transferred nearly $9 billion to Iraqi government ministries without any financial controls. The money was designated for financing humanitarian needs, economic reconstruction, repair of facilities, disarmament and civil administration, but the authority had no way to verify that it went for those purposes, the audit said. Sen. Byron Dorgan (news, bio, voting record), head of
Don't Trust Your Eyes or URLs (was Re: TidBITS#766/14-Feb-05)
At 6:21 PM -0800 2/14/05, TidBITS Editors wrote: Don't Trust Your Eyes or URLs - by Glenn Fleishman [EMAIL PROTECTED] The clever folks at the Shmoo Group, a bunch of interesting security folks who punch holes in assumptions about what's secure on the Internet, have discovered a simple way to fool most browsers into believing that they've connected to a secure Web site when they've been spoofed into connecting to a rogue location with a different name. It's ironic, but Internet Explorer is entirely exempt from this spoof. Opera, Safari and KHTML-based browsers, and all Mozilla and Firefox browsers suffer from this weakness on all platforms. http://www.shmoo.com/ http://www.shmoo.com/idn/homograph.txt In brief, the Shmoos found that a poorly implemented method of allowing international language encoding within domain names, called International Domain Name (IDN) support, allows a malicious party to display what appears to be one domain name in the Location field of a browser while connecting you to another. Phishing scams have just become more difficult to identify. This exploit is made possible by a system called punycode, which has been widely adopted according to the Shmoo Group. Domain names that use characters outside of unaccented Western alphabet letters via Unicode/UTF-8 are converted into a string of Roman letters (see Matt Neuburg's Two Bytes of the Cherry: Unicode and Mac OS X for more information on Unicode). This conversion isn't a problem, per se: it means that domain names outside of the English character set can be used freely without confusing browsers and can be registered using simple English characters for backwards compatibility within the domain naming infrastructure. http://db.tidbits.com/getbits.acgi?tbser=1217 The flaw is twofold: first, affected browsers display whatever the encoded version of the character is, which might look identical to another language's character. For instance, the Shmoos use the Russian lower-case letter A, which is encoded as 1072; in UTF-8 using decimal (base 10) notation, and displays in browsers that support IDN as a lower-case A indistinguishable from a Roman lowercase A. http://www.fileformat.info/info/unicode/char/0430/ The second problem leads from the first: it's possible to have a legitimate SSL (Secure Sockets Layer) digital certificate for the punycode-based domain name. Thus, in an example that the Schmoos posted for a while (now replaced), you see https://www.paypal.com/; in your browser URL field, and the SSL signals are all there - you get no warnings, the lock icon is present, and Firefox's Security tab in the Page Info window says the Web site's identity is verified. Click View in that same tab in Firefox, and you'll see the full punycode name of the Web site, however, which is www.xn--pypal-4ve.com. Copy the URL from the Location field and paste it into Terminal, and you'll see the encoded version in standard UTF-8 format, too, which looks like www.p1072;ypal.com. I don't know that there's an easy solution to this problem. It's the result of choice by the developers of the various browsers to display precisely what a Unicode character looks like, which is reasonable enough. But at the same time they use a kludgy, opaque hack in the background to map that Unicode character to an English character to provide full backwards compatibility with what was once a U.S.-centric domain naming system, one that retains substantial vestiges of that history. If you're a Firefox user, I recommend obtaining and installing a utility called SpoofStick, which alerts you to what is being called homograph spoofing; that is, the character or glyph looks like another, unrelated glyph. If you visit the Shmoo site with SpoofStick installed, you get a big lovely warning. http://www.corestreet.com/spoofstick/ Trust has gone out the window when you follow links in email or on Web sites. There's no longer a way to be sure that the domain name you're visiting is the one you think you are unless you check the URL out in Terminal or have SpoofStick installed. Realistically, the upshot of this situation is that you must be even more careful about following links you receive in email to sites that ask for sensitive information. A message that purports to be from PayPal customer service, for instance, may look right and even use URLs that appear to connect to PayPal's site, but could in fact be taking you to another site designed to capture your username and password. The likelihood of falling victim to a spoofed URL on the Web itself is less likely, assuming you start from a site that's a relatively trusted source. When in doubt, fall back on common sense and check the URL by pasting suspect URLs into Terminal to see if they're concealing any unusual Unicode characters. Hopefully
TSA's Secure Flight (was Re: CRYPTO-GRAM, February 15, 2005)
At 6:23 AM -0600 2/15/05, Bruce Schneier wrote: TSA's Secure Flight As I wrote last month, I am participating in a working group to study the security and privacy of Secure Flight, the U.S. government's program to match airline passengers with a terrorist watch list. In the end, I signed the NDA allowing me access to SSI (Sensitive Security Information) documents, but managed to avoid filling out the paperwork for a SECRET security clearance. Last month the group had its second meeting. At this point, I have four general conclusions. One, assuming that we need to implement a program of matching airline passengers with names on terrorism watch lists, Secure Flight is a major improvement -- in almost every way -- over what is currently in place. (And by this I mean the matching program, not any potential uses of commercial or other third-party data.) Two, the security system surrounding Secure Flight is riddled with security holes. There are security problems with false IDs, ID verification, the ability to fly on someone else's ticket, airline procedures, etc. There are so many ways for a terrorist to get around the system that it doesn't provide much security. Three, the urge to use this system for other things will be irresistible. It's just too easy to say: As long as you've got this system that watches out for terrorists, how about also looking for this list of drug dealers...and by the way, we've got the Super Bowl to worry about too. Once Secure Flight gets built, all it'll take is a new law and we'll have a nationwide security checkpoint system. And four, a program of matching airline passengers with names on terrorism watch lists is not making us appreciably safer, and is a lousy way to spend our security dollars. Unfortunately, Congress has mandated that Secure Flight be implemented, so it is unlikely that the program will be killed. And analyzing the effectiveness of the program in general, potential mission creep, and whether the general idea is a worthwhile one, is beyond the scope of the working group. In other words, my first conclusion is basically all that they're interested in hearing. But that means I can write about everything else. To speak to my fourth conclusion: Imagine for a minute that Secure Flight is perfect. That is, we can ensure that no one can fly under a false identity, that the watch lists have perfect identity information, and that Secure Flight can perfectly determine if a passenger is on the watch list: no false positives and no false negatives. Even if we could do all that, Secure Flight wouldn't be worth it. Secure Flight is a passive system. It waits for the bad guys to buy an airplane ticket and try to board. If the bad guys don't fly, it's a waste of money. If the bad guys try to blow up shopping malls instead of airplanes, it's a waste of money. If I had some millions of dollars to spend on terrorism security, and I had a watch list of potential terrorists, I would spend that money investigating those people. I would try to determine whether or not they were a terrorism threat before they got to the airport, or even if they had no intention of visiting an airport. I would try to prevent their plot regardless of whether it involved airplanes. I would clear the innocent people, and I would go after the guilty. I wouldn't build a complex computerized infrastructure and wait until one of them happened to wander into an airport. It just doesn't make security sense. That's my usual metric when I think about a terrorism security measure: Would it be more effective than taking that money and funding intelligence, investigation, or emergency response -- things that protect us regardless of what the terrorists are planning next. Money spent on security measures that only work against a particular terrorist tactic, forgetting that terrorists are adaptable, is largely wasted. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: What is a cypherpunk?
--- ken [EMAIL PROTECTED] wrote: James A. Donald wrote: The state was created to attack private property rights - to steal stuff. Some rich people are beneficiaries, but from the beginning, always at the expense of other rich people. More commonly states defend the rich against the poor. They are what underpins property rights, in the sense of great property More of the usual bullshit, SOP for the quasi-anonymised defenders of local trvth. State _workers_ attack property rights; state _workers_ act to aid 'the rich' in consolidating and concentrating property and property rights against 'the poor'. In exchange for a little job security, state _workers_ have passivly evolved a neat little system which may be exploited by knowledgeable insiders for their own malign purposes. Congratulations to the defenders of Truth, Freedom, and Democracy for in effect rolling back property rights (to say nothing of human and civil rights), in effect cancelling the legal advances brought about by the Magna Carta and succeeding documents. It is a testament to the success and current fashion of reality simplification that state agents may arbitrarily employ the tools of terrorism, appropriation and confiscation, arbitrary detention, and not insignificantly, micromanage _de facto_ slaves according to their whims, or at least those of their privilaged benefactors. This is accomplished by the strategic use of pretexts -- some secret, others validated by tenets of pop culture; none of which may be assailed by reasonable means -- to lend a veneer of legitimacy to the acts of violence. And in this vein I should not need to remind anyone of the fact that theft, as much as a boot to the head or back of the neck, is an act of violence; and no matter if it is perpetrated by seeming officiousness by way in some farcical one-sided and secret legal process, or by dint of a convenient and contrived necessity. - until the industrial revolution that was mostly rights to land other people farm or live on. Every society we know about has had laws and customs defending personal property (more or less successfully) but it takes political/military power to defend the right to exact rent from a large estate, and state power to defend that right for thousands or millions of landowners. Uh-huh. And what of the state of affairs where rights of property, for example, may be subverted by fraud and the means of legal redress (no matter how unjust, inefficient and ineffective they may be for practical purposes) are closed off, one by one, so that the victims of state violence are allowed NO OPTIONS or RELEIF, perhaps to start again from scratch, but more likely to whither and die on the vine, ignored except when it is necessary to reinforce the conditioning to ruin by the application of a periodic boot to the back of the neck. Again, compare the burning of Shenendoah with the Saint Valentine's day massacre. There is just no comparison. Governmental crimes are stupendously larger, and much more difficult to defend against. True. The apposite current comparison is 9/11 the most notorious piece of private-enterprise violence in recent years, and the far more destructive US revenge on Afghanistan and Iraq. Which was hundreds of times more destructive but hundreds of thousands of times more expensive, so far less cost-effective - but in a a war of attrition that might not matter so much. Of course the private-enterprise AQ their friends the Taliban booted themselves into a state, of sorts in Afghanistan, with a little help from their friends in Pakistan and arguable amounts of US weaponry. Not that Afghanistan was the sort of place from which significant amounts of tax could be collected to fund further military adventures. States can get usually get control of far larger military resources than private organisations, and have fewer qualms about wasting them. Not that it makes much difference to the victims - poor peasants kicked off land wanted for oilfields in West Africa probably neither know nor care whether the troops who burned their houses were paid by the oil companies or the local government. And you all may cluck cluck safely in your ivory towers at the sorry state of others affairs, pontificating (again, safely) at an intellectual remove from the ground that is in conflict and at issue. Obvioulsly the best way to seem comitted to change and a solution to difficult problems without actually risking engagement with the core matter. This list is becoming a chore to read. Would someone find out where Tim May and Detwellier (for a start) are hiding, and please recommend them back to Cypherpunks? When such as they were active, we could be assured of lively and entertaining debate. These days, the air is rather too thin to support vigorous and sincere exchange. Regards, Steve
Digital Water Marks Thieves
Until, of course, people figure out that taggants on everything do nothing but confuse evidence and custody, not help it. Go ask the guys in the firearms labs about *that* one. Cheers, RAH --- http://www.wired.com/news/print/0,1294,66595,00.html Wired News Digital Water Marks Thieves By Robert Andrews? Story location: http://www.wired.com/news/technology/0,1282,66595,00.html 02:00 AM Feb. 15, 2005 PT CARDIFF, Wales -- Crooked criminal hearts may have fluttered and skipped a beat Monday when some of Britain's most notorious thieves opened a valentine from an unwelcome secret admirer -- one of London's top female police chiefs. But the greeting -- in which Chief Superintendent Vicki Marr wrote thinking of you and what you do -- was not so much an amorous expression to the underworld as part of a sting designed to catch hard-core burglars using new chemical microdot crime-fighting technology. SmartWater is a clear liquid containing microscopic particles encoded with a unique forensic signature that, when found coated on stolen property, provides a precise trace back to the owner and, when detected on a suspect, can conclusively implicate a felon. Likened to giving household items and vehicles a DNA of their own, the fluid is credited with helping cut burglary in Britain to a 10-year low, with some cities reporting drops of up to 85 percent. A decade in the making, SmartWater is the name for a suite of forensic coding products. The first, Instant, is a property-marking fluid that, when brushed on items like office equipment or motorcycles, tags them with millions of tiny fragments, each etched with a unique SIN (SmartWater identification number) that is registered with the owner's details on a national police database and is invisible until illuminated by police officers using ultraviolet light. A second product, the Tracer, achieves a similar goal by varying the blend of chemical agents used in the liquid to produce one of a claimed 10 billion one-off binary sequences, encoded in fluid combinations themselves. SmartWater CEO Phil Cleary, a retired senior detective, hit upon the idea after watching burglars he had apprehended walk free from court due to lack of evidence. It was born out of my frustration at arresting villains you knew full well had stolen property, but not being able to prove it, he said. Just catching someone with hot goods, or a police officer's gut belief a suspect is guilty, are not enough to secure a conviction -- so we turned to science. Cleary is reluctant to discuss trade secret details of a product he has patented, but he concedes that, together with chemist brother Mike, he has developed a mathematical model that allows us to generate millions of chemical signatures -- an identifier he boasts is better than DNA. But more than property can get tagged. In spray form, the fluid marks intruders with a similarly unique code that, when viewed under UV in a police cell, makes a red-faced burglar glow with fluorescent green and yellow blotches. The resemblance to Swamp Thing and the forensic signature found on his body are telltale signs the suspect has been up to no good at a coded property. It's practically impossible for a criminal to remove; it stays on skin and clothing for months, Cleary added. If a villain had stolen a watch, they might try to scrape off the fluid -- but they would have to remove every last speck, which is unlikely. Sometimes burglars who know they are tagged with the liquid scrub themselves so hard behind the ears to get it off, police arresting them end up having to take them into hospital for skin complaints. But we don't have much sympathy for them. Law enforcers are confident SmartWater can help improve Britain's mixed fortunes on combating burglary. Nationwide, instances of the crime have fallen by 42 percent since 1997, but the proportion of those resulting in convictions has also halved, from 27 percent to just 13 percent. So, while SmartWater is available commercially with a monthly subscription, many police forces are issuing free kits to vulnerable households in crime hot spots, hoping it can help put away more perps. The microdot tech could prove invaluable in a courtroom, but it is also an effective deterrent. Most burglaries happen because criminals know there is little chance of being arrested during a break-in, according to U.K. government data (.pdf). But posters and stickers displayed in SmartWater-coded cities and homes warn off would-be crooks. Word on the criminal grapevine, say police, is that anyone stealing from a coded home is likely to leave the crime scene having pilfered an indelible binary sequence that will lead only to jail time; it's not worth the risk. Marr sent her valentine -- reading roses are red, violets are blue, when SmartWater's activated, it's over for you -- to known criminals in Croydon, London, reinforcing the message in what Cleary said amounts to psychological warfare