EncFS
EncFS provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE library and Linux kernel module to provide the filesystem interface. You can find links to source and binary releases below. As with most encrypted filesystems, Encfs is meant to provide security against off-line attacks; ie your notebook is stolen, your backups are stolen, etc. The way Encfs works is different from the loopback encrypted filesystem support built into the Linux kernel because it works on files at a time, not an entire block device. This is a big advantage in some ways, but does not come without a cost. http://arg0.net/users/vgough/encfs.html
did you see me
Hey, did you ever want to last 5-10 times lon-ger? Do you want a solu-tion that finally doesnt use horm0nes? we finally have the stuff you have been wait-ing for. Spec-ial link: http://frapped.net/et/?special Remember, the longer you last, the more the w-omen will be pleased she will talk about how great you are in bed and give you even more action! This is the first non-horm0nal treatment and is revolutionary! http://frapped.net/et/?special get ready to dump h-uge loads! del: http://frapped.net/rm.php?special
Re: hello
This email address is no longer active. Please use the format [EMAIL PROTECTED] Alternately, please do not hesitate to call us on +44 (0) 20 8962 9860 Kind regards The Atacama Team
Email Certification?
Hum. Can anyone figure out a way to determine if one's hotmail, etc...has been looked at or not? The only thing my limited mind can think of sounds superficially like it won't work: Use a gmail account to forward all email to some routine that time-stamps and then hashes the message+timestamp and then sends the email on to the hotmail account. Of course, they can just start looking at the gmail account and monkey with things before they get over to the hotmail account. But that might be an improvement...depending on how gmail forwards, they might not be able to interfere without at least notifying gmail. That's a lot better than nothing. -TD
[IP] Ohio politician busted for watching too much X-Files (fwd from dave@farber.net)
- Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Sat, 23 Apr 2005 16:37:01 -0400 To: Ip ip@v2.listbox.com Subject: [IP] Ohio politician busted for watching too much X-Files User-Agent: Microsoft-Entourage/11.1.0.040913 Reply-To: [EMAIL PROTECTED] -- Forwarded Message From: Richard M. Smith [EMAIL PROTECTED] Date: Sat, 23 Apr 2005 07:57:08 -0400 To: [EMAIL PROTECTED] Subject: [EPIC_IDOF] Ohio politician busted for watching too much X-Files Official: Implant chips into offenders http://news.cincypost.com/apps/pbcs.dll/article?AID=/20050329/NEWS01/5032903 39 While [Butler County, Commissioner Michael] Fox earlier had suggested the use of electronic ankle or wrist bracelets to allow for passive monitoring of offenders, on Monday he took the proposal a step further, calling for a plan of implanting computer microchips into offenders so that they can be tracked and located immediately. People have these GPS chips put in their pets and - in some case - in their children, in the event they are lost or kidnapped, Fox said. I don't see why the same can't be done with probationees. = False Hopes for Implants in Criminals By Sherrie Gossett | April 22, 2005 http://www.aim.org/media_monitor/3066_0_2_0_C/ The editorial was right when it stated such implantation raises serious legal, ethical and civil rights questions. But first it raises questions of factual accuracy. Why? Because there are no commercially available GPS implants in existence. The Florida company, Applied Digital Solutions (ADS), announced in December of 1999 that it had acquired the patent for a syringe-injectable GPS implant that was powered by muscle movement and could be remotely monitored. The location and movements of the host could be stored in a database for future reference, the company said. ADS recommended use of the technology for tracking felons and prisoners. But it is now over five years since ADS made that announcement and they have yet to produce any proof of such a device. ___ EPIC_IDOF mailing list [EMAIL PROTECTED] https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_idof -- End of Forwarded Message - You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net signature.asc Description: Digital signature
Re: Email Certification?
On 4/27/05, Tyler Durden [EMAIL PROTECTED] wrote: Hum. Can anyone figure out a way to determine if one's hotmail, etc...has been looked at or not? By whom? Someone at hotmail, or someone who got your password and logged in as you? Hotmail shows mail that has already been viewed in a different color than mail you haven't looked at yet. So it would be obvious if someone else logged in as you and read your email. But of course there is no way to know what insiders are doing. Maybe you could explain your attack concept more clearly. The only thing my limited mind can think of sounds superficially like it won't work: Use a gmail account to forward all email to some routine that time-stamps and then hashes the message+timestamp and then sends the email on to the hotmail account. What would this accomplish? That is, what attack would it make more difficult? Are you worried that someone is intercepting your email en route to hotmail, reading and delaying it, then passing it on? And you hope to detect the unwarranted delay? CP
Re: Email Certification?
Oh...this post was connected to my previous one. Sorry...my ideas along these lines are still a little foggy but I'll try to articulate. Basically, let's assume someone with some resources has cracked your email and wants to monitor what you send and receive. let's also assume they don't want you to know it. Let's assume they also are not particularly thrilled about having hotmail know what they're up to (if needs be they can obtain a warrant, etc..., but this is clearly less than desirable compared to more direct techniques). It seems fairly easy to me to (for instance) create a bot that duplicates all of the email and resends it to your hotmail account so that when you log in everything looks fresh and new. (There are probably easier ways to do this via direct hacks of hotmail). Is there some way to make it evident that someone has opened your email? Right now, I can't think of anything you could do aside from suggesting that hotmail (or whoever) offer some kind of encryption service. BUT, it occurs to me that you might be able to have gmail forward your mail to hotmail via some intermediate application you've set up that takes the timestamp and whatever and creates a hash. Now your 'observer' of course could possibly go over to hotmail and try the same tricks, but this might be harder...the forwarded emails might not last very long. this might require a pretty heavy hack into gmail or else a subpeona, in which case they are much closer to the surface than before...'they' need more resources and possibly subject themselves to the legal system, which they probably still want to avoid. -TD From: cypherpunk [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Email Certification? Date: Wed, 27 Apr 2005 11:14:50 -0700 On 4/27/05, Tyler Durden [EMAIL PROTECTED] wrote: Hum. Can anyone figure out a way to determine if one's hotmail, etc...has been looked at or not? By whom? Someone at hotmail, or someone who got your password and logged in as you? Hotmail shows mail that has already been viewed in a different color than mail you haven't looked at yet. So it would be obvious if someone else logged in as you and read your email. But of course there is no way to know what insiders are doing. Maybe you could explain your attack concept more clearly. The only thing my limited mind can think of sounds superficially like it won't work: Use a gmail account to forward all email to some routine that time-stamps and then hashes the message+timestamp and then sends the email on to the hotmail account. What would this accomplish? That is, what attack would it make more difficult? Are you worried that someone is intercepting your email en route to hotmail, reading and delaying it, then passing it on? And you hope to detect the unwarranted delay? CP
Re: EncFS
Thus spake Userbeam Remailer ([EMAIL PROTECTED]) [27/04/05 02:33]: : EncFS provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE library and Linux kernel module to provide the filesystem interface. You can find links to source and binary releases below. It also doesn't do locking.
Re: Bypassing Local Authorities
--- Tyler Durden [EMAIL PROTECTED] wrote: Hum. Been thinking about something. Seems to me that the big TLAs will probably try to avoid detection, whenever possible, by even local authorities such as Police, security companies, etc...One of these could inadvertently (or 'advertently'!) tip off the observee. Well, duh. Controlling who perceives what about any given operation is part of the process. Contrariwise, discovering the particulars about who is fucking who is part of the process of analysing the operations of an adversary. With government-class agencies, both sides of any given action will often be aware of the efforts of their opposites to use counterintelligence techniques to obscure and conceal tactical and strategic goals. This is why it is so much easier when they are running an operation against smaller adversaries. Little guys don't have access to the kind of intelligence products that would allow them to protect themselves. I'll give you an example I've been thinking about. Consider that someone wants to start monitoring your hotmail/gmail etc... Assuming that they have not already had the foresight to run their own popular public email services through cut-outs, and/or infiltrated existing services with their personnel... Of course, they could just issue some piece of paper, send a couple of guys with guns (or threaten to) and boom! A copy of all your stuff starts getting funneled over. No doubt this happens a lot. One imagines that is true. BUT, what if they'd rather avoid that. Email companies aren't necessarily experts in hiding the fact that they have been contacted. Not necessarily, but then most people seem to underestimate the guile of people who have the intellect and buisiness sense to create and run large and successful corporations. So it seems to me that a TLA will probably first go about trying to guess your password or otherwise crack your account. A tempest attack on the computer(s) you use to access your email accounts would be the easiest method, I would think, second only to sniffing your ethernet or WAN traffic. Remember, it's only illegal if they get caught in the act, and as we know, TLAs and security companies jealously guard their sources and methods to the point where they will collect the same information twice (or more, if they have big budgets) if it will serve to disguise the kind and use of their initial and more secretive and possibly very illegal methods. If they're just reading your email, there's probably a number of things they can do to make themselves undetected. One 'obvious' thing is, after opening your email, is to resend it to your account using a spoofed originator. So then, we you access it, it all looks fresh and new. So, what's the colour of the sky on your planet? The same avoiding local detection probably applies across the board. If they want to enter your house, they probably don't want to telegraph this by contacting your local alarm company and having them shut off the alarm (on the other hand, seems to me someone should open an alarm company where any down time is automatically encrypted and downloaded somewhere so that it could never be tampered with and is always retrievable by the customer). There may be some interesting consequences, however, to this. I would suspect so. Given the prior importance given to key escrow by US TLAs, we know that the people in these departments are heavily invested in the idea that mere mortal citizens should not have access to secure systems. It is only an effort of the imagination to speculate on the various attacks that might be perpetrated on the 'control points' of civilian information system security infrastructure to gain an idea of the ways in which our ability to acquire personal security may be compromised by the 'l33t control-freaks who inhabit SpookWorld. Personally, I believe that I fail to receive an unknown amount of email and telephone communications because of cut-out mediated privacy invasions of the kind that you suggest here. In the trivial case, some asshole might periodically log-in to my email accounts and delete (after copying) incoming messages that their masters feel that I should not see. Obviously this could also be done by way of various kinds of man-in-the-middle attack. Regards, Steve __ Post your free ad now! http://personals.yahoo.ca
Re: Email Certification?
On 2005-04-27T16:09:12-0400, Tyler Durden wrote: Oh...this post was connected to my previous one. Is there some way to make it evident that someone has opened your email? Hotmail could make this evident. - Force deleted messages to remain in the Trash bin for a week after receipt of the message, and display all Trashed mail in the Inbox with red strikethrough. - Record and display login ip addresses, dates, times, in the style of unix last. Each addresses different aspects of the problem. Right now, I can't think of anything you could do aside from suggesting that hotmail (or whoever) offer some kind of encryption service. If you're worried about unsophisticated attackers reading your mail, why not use PGP or S/MIME? That's one of the things encryption is for. Of course that wouldn't prevent an intruder from deleting all your mail, but hopefully the sender would notice your lack of response and contact you out-of-band. Nobody should consider email a reliable communications medium these days.
Business Alliance
I hope this finds you well, as you may already know, we specialize in assisting companies in Going Public. We also assist with Private Placement preparation. The President of our company is a very experienced securities and corporate law attorney. Many people are not aware that any company can go public. Please visit our site to receive our Advantages of Going Public Report and our Go Public Report. We would like to propose a joint venture with you. If you or an associate of yours is interested in taking a company public, please let us know. We are happy for you to be very generously compensated for any referrals. I wish I could convey, all the many benefits of going public in a letter. Im not sure if you can imagine how valuable and powerful a public company can be in achieving your goals and objectives. We look forward to developing a long-term business relationship with you. Sincerely, S. Anthony http://www.hipub.net/ #CSEGIRM-CP We also have newsletters for you. P.S. If you prefer to not hear from us any more, email us with no longer in the subject. [EMAIL PROTECTED] 8721 Santa Monica Blvd. #359 LA, California 90069
EncFS
EncFS provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE library and Linux kernel module to provide the filesystem interface. You can find links to source and binary releases below. As with most encrypted filesystems, Encfs is meant to provide security against off-line attacks ie your notebook is stolen, your backups are stolen, etc. The way Encfs works is different from the loopback encrypted filesystem support built into the Linux kernel because it works on files at a time, not an entire block device. This is a big advantage in some ways, but does not come without a cost. http://arg0.net/users/vgough/encfs.html