Re: network topology considerations
On Fri, 29 Mar 2002 [EMAIL PROTECTED] wrote: I'd like to discuss what the considerations are for network topology. The particular topology I mentioned (which I've since been convinced isn't really a cube or torus after all) was Torus only comes into equation when you're talking about a global network, or orbiting assemblies (orbits are circular, try projecting an assembly of 2^n nodes on a surface of a sphere). Try mapping next-neighbour connected 2^n nodes on a 3d lattice into 1d. You can handle projections from higher dimensions by looking at a normalized connection table. Here's a snip from an old paper of mine: This table represents the 3-cube: ref. Binary Signs binary connected ID Count OffsetsIDs +---+-+--+---+---+ (alt.: | 0 | 000 | +++ | +4 +2 +1 | 4 2 1 | perfect | 1 | 001 | ++- | +4 +2 -1 | 5 3 0 | shuffle | 2 | 010 | +-+ | +4 -2 +1 | 6 0 3 | stages (1,2,3) | 3 | 011 | +-- | +4 -2 -1 | 7 1 2 | of the initial | 4 | 100 | -++ | -4 +2 +1 | 1 6 5 | ref. ID) | 5 | 101 | -+- | -4 +2 -1 | 2 7 4 | | 6 | 110 | --+ | -4 -2 +1 | 3 4 7 | | 7 | 111 | --- | -4 -2 -1 | 4 5 6 | +---+-+--+---+---+ boolean 5-cube5-grid (open-space version. free links not shown) -##-#---#---#--- -##-#---#---#--- #--#-#---#---#-- #-##-#---#---#-- #--#--#---#---#- ##-##-#---#---#- -###---#---# -##-##-#---#---# ###-#---#--- #-##-##-#---#---#--- -#--#--#-#---#-- -#-##-##-#---#---#-- --#-#--#--#---#- --#-##-##-#---#---#- ---#-###---# ---#-##-##-#---#---# ###-#---#--- #---#-##-##-#---#---#--- -#--#--#-#---#-- -#---#-##-##-#---#---#-- --#-#--#--#---#- --#---#-##-##-#---#---#- ---#-###---# ---#---#-##-##-#---#---# #---###-#--- #---#-##-##-#---#---#--- -#---#--#--#-#-- -#---#-##-##-#---#---#-- --#---#-#--#--#- --#---#-##-##-#---#---#- ---#---#-### ---#---#-##-##-#---#---# ###-#---#--- #---#---#-##-##-#---#--- -#--#--#-#---#-- -#---#---#-##-##-#---#-- --#-#--#--#---#- --#---#---#-##-##-#---#- ---#-###---# ---#---#---#-##-##-#---# #---###-#--- #---#---#-##-##-#---#--- -#---#--#--#-#-- -#---#---#-##-##-#---#-- --#---#-#--#--#- --#---#---#-##-##-#---#- ---#---#-### ---#---#---#-##-##-#---# #---###-#--- #---#---#-##-##-#--- -#---#--#--#-#-- -#---#---#-##-##-#-- --#---#-#--#--#- --#---#---#-##-##-#- ---#---#-### ---#---#---#-##-##-# #---#---###- #---#---#-##-##- -#---#---#--#--# -#---#---#-##-## --#---#---#-#--# --#---#---#-##-# ---#---#---#-##- ---#---#---#-##- Notice that the N=5 hypercube has a fractal connectivity in the connection table. designed with the idea that it's important to be able to reliably query the entire network without sending any nodes duplicate queries. I didn't have time to follow this discussion, but that requirement strikes me as unreasonable. It is a really good idea to incorporate defectivity into your network, whether virtual (mounted on top of existing networks) or real, assuming they're to scale to a size beyond trivial. If you consider the constraints of the physical layer (crossbars don't scale, and latency limits bidirectional acknowledged protocols to short links), you'll that doesn't leave you with too many choices.
Re: Celsius 451 -the melting point of Cat-5 Re: network topology
On Fri, 29 Mar 2002, Greg Broiles wrote: This sounds like a bad assumption to me - both because it seems unworkable given the size of the IPv4 address space (without even thinking about IPv6), and because randomly probing other machines isn't likely to be allowed (or successful) in a more security-aware environment, which is what the DMCA and its ilk are creating. If we're talking about the physical layer, not the virtual layer, the size of the address space is quite irrelevant, it's the density of occupation (fraction of p2p nodes/total address space) that counts. In the beginning, the density is low, so excessive scanning is necessary. However, you got your P2P package from a place (unless you use the P2P network to distribute own clients), and it could come with a number of last known nodes to connect to. Depending on whether you optimize for performance (high dimensionality) or high security (low dimensionality, prestige-based nodes) you would use different strategies. The physical layer of use-owned infrastructure is routed ad hoc mesh, with the connectivity being typically restricted to nearest members. Also, you will have dynamic nodes, which move around, and change their connectivity, and lots of nodes popping in and out. For this, you wouldn't want to use anything like TCP/IP but a geodetic routing scheme, which is local-knowledge-only based. Basically zero admin traffic outside of your direct neighbourhood, and a position fix for free, too. Latency is typically bad as long you do only store-and-forward instead of cut-through. Cut-through does make more sense with high local bandwidth within cell and high link throughput (vacuum as FIFO, only spilling over into local memory when your local cell bandwidth is exceeded). Also, from an inbound perspective, it's not sensible to respond to incoming queries from unknown users with potentially incriminating information - e.g., If he's connected to my port 31337, he's here for my warez, I'll give him a full list! - because what looks like an inbound random probe may be a sweep performed by hostile actors, e.g., http://www.mediaenforcer.com or http://www.baytsp.com. High security networks need to be cell-based, and use prestige as verified by crypto authentication. Your transaction track makes you accrue mana. A narc node would have to serve years before being admitted into local cell's inner sanctum, which relativates the damage of a local cell gone bust. Also, it is only a question of time until we'll see (stealthy) internet worms with p2p cargo. This could really boost a fledgling network into 100 kNode size virtually overnight. Naive self-organization is not a reasonable approach for a hostile environment. P2P content networks exist (and have always existed) in a hostile environment. Problem with this is that P2P network designers typically operate in a babe in the woods mode, while hardening the network properly is very hard. http://freenetproject.org/cgi-bin/twiki/view/Main/WebHome seems to be less clueless than most, but it's hard to evaluate it on paper. Designs which depend on friendly behavior on the part of unknown counterparties are doomed. Eliminate the friendly assumption, or eliminate the unknown aspect of the counterparties before transacting with them.
Re: Celsius 451 -the melting point of Cat-5 Re: network topology
On Fri, 29 Mar 2002, Major Variola (ret) wrote: 3. Slow connections, slow machines Thanks to gamers, ping latencies are getting better. ADSL is a pain, but even 128 kBit upstream can be useful, if aggregated from multiple sites. Queries for distributed P2P search engines should use ACKless protocols, obviously. To resist 1. you can use port 80, which ISPs can't block without losing most 'legitimate' utility for the masses :-) Or you use randomly Um, you can, just block incoming connections. It's a problem with REST. varying ports and have to do more door-knocking. If you run a P2P-agnostic firewall, you'll have a problem with random incoming ports. I suggest camouflaging as bona fide traffic, including gaming and streaming multimedia. To resist 2. you have to be able to randomly probe IP addresses to find a node. Yes, probabilistic headless node discovery vs. a centralist approach. Now that I write it up, I realize a tree has the flaw that child nodes' queries must go through slow upstream links. So I will think about algorithms to grow meshes dynamically, robustly, to overcome that problem. Don't use trees, trees are stupid. Use high-dimensional meshes. We welcome comments pointers, and apologize for the rambling.
Re: Celsius 451 -the melting point of Cat-5 Re: network topology
On Fri, 29 Mar 2002, Major Variola (ret) wrote: 3. Slow connections, slow machines Thanks to gamers, ping latencies are getting better. ADSL is a pain, but even 128 kBit upstream can be useful, if aggregated from multiple sites. Queries for distributed P2P search engines should use ACKless protocols, obviously. To resist 1. you can use port 80, which ISPs can't block without losing most 'legitimate' utility for the masses :-) Or you use randomly Um, you can, just block incoming connections. It's a problem with REST. varying ports and have to do more door-knocking. If you run a P2P-agnostic firewall, you'll have a problem with random incoming ports. I suggest camouflaging as bona fide traffic, including gaming and streaming multimedia. To resist 2. you have to be able to randomly probe IP addresses to find a node. Yes, probabilistic headless node discovery vs. a centralist approach. Now that I write it up, I realize a tree has the flaw that child nodes' queries must go through slow upstream links. So I will think about algorithms to grow meshes dynamically, robustly, to overcome that problem. Don't use trees, trees are stupid. Use high-dimensional meshes. We welcome comments pointers, and apologize for the rambling.
Re: network topology
On Wed, 27 Mar 2002 [EMAIL PROTECTED] wrote: I don't recall ever having read of this type of structure before, but it seems so obvious that I'm sure it's been discussed before. So is there a name for it? Does anyone use it? has it been shown to be utterly worthless? You don't mean something like this: http://www.perfdynamics.com/Papers/Gnews.html do you? For myself, I used to call virtual high-dimensional lattice topologies hypergrids, or n-grids.
Re: design considerations for distributed storage networks
On Sat, 23 Mar 2002 [EMAIL PROTECTED] wrote: If mojo failed in the way, and for the reasons you describe, the failure was not that it was money like, but that it was insufficiently money like. Since the value of mojo was indefinite, its value could never be well matched to its purpose. I think claims to Mojo's demise are a bit premature: http://mnet.sourceforge.net/ The commercial part has folded, however the niche is clearly not commercial.
Re: Define signal and noise.
On Sat, 23 Mar 2002, Aimee Farr wrote: The real issue seems more properly couched as salience. The blur here causes conceptual errors, and I would appreciate enlightenment, by way of an alternative taxonomy and any refs to recent papers measuring the S/N ratio within a channel. There's no observer-invariant ranking of content. There's clustering, though. User feedback paraphernalia attached to each message (say, X-Rank: http://cpunx.org/cgi-bin/rank?agent=farrrating=doublepluspunkalicious), similiarly to Googlebar's smiley/frowny and a bit of clustering run server-side could do wonders here. Trouble is, you'd need MUAs who are aware of X-Rank, and/or attach ranking urls at the bottom of each message. Plus, server-side infrastructure.
Re: Let's knock off the Reformatted repostings of junky newsarticles
On Fri, 15 Mar 2002, Tim May wrote: And even if they are not properly formatted posts, if they are just more fucking news articles, PLEASE DON'T WASTE BANDWIDTH by politely reformatting them and sending them again! Right. Please subscribe to [EMAIL PROTECTED] (you could set preferences to no email delivery), and send relevant stuff there. Keep this list free of clutter.
decent full duplex voice crypto
I've been playing with SpeakFreely yesterday (Win2k, not the Linux version yet), and found the quality adequate (I'm using a high-quality USB headphones) yet the CB-style mouse pressing objectionable. Haven't had time to test PGPfone and Nautilus yet, so is there at all any system with real full duplex? Linux version preferable (the Labtec Axis 712 USB headset can do full-duplex according to http://info.fuw.edu.pl/~pliszka/linux-USB/ ) If there's no full-duplex crypto packages, alternative nominations for other free true full-duplex VoIP is welcome. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3
Re: Interesting new cipher patent
A question: assuming, you have a class of random number generators with lots of internal state (Lots: like 10^6 bits) Let's say the evolution through state space of that generator is provably reversible (or nearly reversible), and that the Hamiltonian of the system is stochastic (system evolution is a randomwalk in state space) The result is a pseudorandom number generator with a ridiculously long periode, and good randomness of output, obviously A simple cypher based on it would exchange the pseudorandom generator state (the key) through a secure channel, similiarly to a one time pad Can someone point me towards papers describing construction of above generators? I'm thinking about reversible cellular automata (is Gutowitz the only guy who did CA crypto?) or automata networks with changing connection geometry (ie the connection is also encoded in the state and changes with each iteration) with the number of total iterations estimated from lightcone considerations Point of this: * algorithmic construction of PRNGs with provable properties * lots of internal state, hence bit leakage even for a lot of messages buys attacker little * scalable (add more state as hardware improves) * directly mappable to hardware, very good parallelism Any pointers? On Wed, 27 Feb 2002, Khoder bin Hakkin wrote: Cipher mixer with random number generator Abstract An encryption device has a random number generator whose output is combined by exclusive-or with plaintext input which has been encrypted by a first block cipher The combined exclusive-or output is encrypted with a second block cipher mechanism which produces a second enciphered output The output of the random number generator is also encrypted by a third block cipher mechanism which produces a third enciphered output The first and second block cipher mechanisms differ from each other United States Patent 6,351,539 February 26, 2002 -- Eugen* Leitl a href=http://leitlorg;leitl/a __ ICBMTO: N48 04'148'' E11 36'412'' http://wwwleitlorg 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3
Re: Interesting new cipher patent
On Thu, 28 Feb 2002, Morlock Elloi wrote: As for PRNGs, if you can exchange million bits securely, the desired unicity distance (based on your paranoia level) will determine how often you must re-key Given system lifetime of a decade, and the rate of traffic (clearly a TBps router leaks more than a few email messages), you might not have to rekey at all I am not sure that there is a *simple* prng with 10^6 bit state Feeding Okay, so there seems to be a niche for it The simplicty refers to the algorithm Of course you have to represent the state, and a parallel implementation would of course add a constant factor to each bit of state million bits to 1-DES 64 bits at a time and using the output as the key for the next cycle could be one way for dilluting entropy
Re: Recording Sunder on the Subway
On Wed, 27 Feb 2002, Sunder wrote: Still having such stickers around is a good thing. It lets the sheeple know they're being watched. Maybe some of them will feel unhappy enough to complain about it. I'm told they started installing cameras in the local buses (Munich, Germany). Haven't seen them myself yet.
Re: Auto Keys RNG
On Sat, 23 Feb 2002, Bill Stewart wrote: If the ignition key crypto communications happen out at the steering wheel, it's defeatable by basic hotwiring, but if they make the communications happen from the electronic ignition module, that's tougher to crack. The enterprising car thief _could_ carry around a set Tougher indeed, if you decrypt the ignition table based on the secret in the car key transponder. Something like a nuke PAL. (They're not doing that yet, I know). of EPROMs for different car models - or could resort to car-jacking, or They're not EPROMS. Last time I ran into them these are custom embeddeds (68HC11, MC68k derivates on a custom serial packet bus for BMW, nowadays they probably will use ARM), with most code in PROM, some EEPROM (nowadays flash, I guess) and some RAM. You'd need an entire part, and they're not available on the open market. (Assuming, you'll go to the pains of driving up a flatbed truck to the parking lot, and a specialist who can exchange and program controlled parts, which really asks for high end cars for the effort to pay). social-engineering at parking lots. Fancy electronics don't know that Looks easier that way. you stole the keys. But those attacks are more trouble than stealing an unattended car, and work equally well against non-cryptographic cars, so it's a real risk reduction.
Re: CDR: Re: [Reformatted] Eugene Leitl want to ban thoughtcrime
On Sun, 24 Feb 2002, matt taylor wrote: You have to be an upover nutcase? Who banned nutcases? When? Where can I I have no problem with nutcases, as long as they're not disruptive. You're being disruptive to this list. appeal?EL should know all about the soviet abuse of psychiatry. I don't want you instituionalized. I just want you to behave borderline normally on this channel. who's using this public resource for private dumping ground, If its public it cant be private.It's not *dumping either.Has EL complained Yes, it's public, not your private property. So stop dumping your trash here. to one of the hard spam merchants here? I try to track down and report spammers whenever it is possible. You're fortunately not hard to track. ALL the complainers and whingers were bested by me in debate that's easily checked. ? while posting *a lot* (including profanity and casual death threats, iirc) A lot to you maybe but not in proportion to the noise.The fact I bested you in debate rankle? Profanity and casual death threats oh my! From an Australian! Gott in Himmel! I don't give a damn about your death threats and profanity. Your ISP does: http://www.nex.com.au/support/terms.htm The customer must not use their Internet access to annoy, harass or harm other Internet customers. The customer must not use their Internet access for any unlawful purpose or in any unlawful manner. Clear enough? Shall I pull up a number of your posts which are in violation of these rules you accepted when you signed up with your ISP? and constantly changing his email address, thus avoiding filtering. I have a meat addy and had to change my ISP recently,someone I vaguely remember making a fool of take's exception. I'll try and stay with my present ISP to humor the lunatic but he now says he's complaining to my new ISP! I deny altering adress's to avoid filtering and I can prove it.Proof of my alleged misdeeds looks thin to nonexistant. I had to change my filtering rules thrice to block you. This means you're not interested in being minimally disruptive, but actually trying to get past people's rules. This won't do. I don't propose the list policy to be changed, this particular forum should be unmoderated. Gee thanks Adolf. However, complaining to Matt's ISP (whose terms he's clearly in violation with) Que? I didn't start sending large unsolicited e-mails and continue after being asked to stop.EL has.JJ and lord high executioner. Yes, you're absolutely innocent. Matt Taylor, keep up polluting this list, and I'll personally pull up the choicest of your fewmets, and forward them to your ISP. and some grassroot pressure (if there are 100 people on his list willing to send back each of his messages 10x, he's dealing with a 1000x amplification factor on each and single of his messages) seems to be in order. Does anyone see anything wrong with this plan? Well as recipient I could mention the shoot first and ask questions later aspect.Then theres the fact that I only post material here I can rationalize as being of some interest to at least some of you.I'm not Who's thinking Matt Taylor contributes valuable material to this list? A show of hands? Yohn Young, perhaps? sabotaging the list and have promised to keep my posts in proportion to the *hard* spam.Eugene is a unilateralist,a cowboy and is risking a repeat of a At some point you were contributing at least 10 posts in my inbox. previous failed policy.Like the president he should be killfiled.All the whingers about me on this list have been made fools of by me in legit debate so their motives in attacking me are suspect.Pure ad Hominen from such imbeciles means I won the debate,why do people hate a winner indeed.I appeal to the sweet reason of the list. Until I figure out a way to counter this below the belt attack on me I Returning all your emails to you is a below the belt attack? Huh? shall be forced to return all EL's stuff to him and here by hand.I would appreciate any tech advice from other list members,TIA.Kill the president,matt T.
Re: RSA shaken down for cash?
Because Matt Taylor won't keep a single email address, and thus making filtering him impractical, and because the cypherpunks list does not seem to encourage limits on communication I suggest returning every single message to him, whether manually, or via a procmail recipe. He stores information on cypherpunks archives, let us store a few large binaries in his inbox. On Fri, 22 Feb 2002, matt taylor wrote: from:http://www.aci.net/kalliste/ A HREF=http://www.aci.net/kalliste/;The Home Page of J. Orlin Grabbe - -- VP Gore Strong-Arms Crypto Company, then Demands Donation Between 1995 and 1996 Al Gore called 44 people from the White house to solicit money for his re-election. Those calls netted the DNC over $2 million dollars. The Vice President placed these calls from the White House on his DNC credit card. One person Mr. Gore called was Sandford Robertson, part owner of the San Francisco investment banking firm Robertson, Stephens and Co. The Vice President's call obtained $142,000 from Sandy Robertson for the DNC. Yet, Sandy was already well known in the DNC camp. Between 1993 and 1997, Sandy Robertson or his wife donated over $700,000 to various campaigns, including $100,000 for Clinton's 1993 inauguration. Robertson, Stephens and Co. are also major financial backers of Security Dynamics, the present owners of RSA Inc. It was Robertson, Stephens and Co. that filed the agreement documents with the SEC (Security and Exchange Commission) for the merger of RSA and Security Dynamics in April of 1996. Of course, Robertson, Stephens and Co. were well paid to sponsor the RSA/SDI merger deal. Robertson and Stephens not only wrote the merger agreement between RSA and SDI they also underwrote the first two public offerings of SDI stock. Robertson, Stephens Company has provided certain investment banking services to Security Dynamics from time to time, including acting as an underwriter for each of the two public offerings of shares of the common stock of Security Dynamics. In addition, Robertson, Stephens Company maintains a market in shares of the common stock of Security Dynamics. Furthermore, Robertson, Stephens Company has acted as financial advisor to Security Dynamics in connection with the Merger for which a portion of our fees is due and payable upon delivery of this opinion and the remaining portion of our fees is due and payable contingent upon the closing of the Merger. SEC Merger Document April, 1996 ROBERTSON, STEPHENS COMPANY LLC Edwin David Hertz Jim Bidzos, RSA chairman, stated that Al Gore personally lobbied him to sell the RSA crypto patents to the US Government. It is reported that Al failed and Bidzos walked out. Al Gore has never denied nor confirmed Mr. Bidzos's remarks about his effort on behalf of the US government. Yet, Jim Bidzos also took a trip to Beijing in late 1995. The result of that trip was second trip to Beijing in February of 1996 and a deal with the Academy of Science to sell encryption technology directly to the PRC government. The Clinton administration, quick to prosecute anyone who sold encryption outside the US, did nothing to stop the RSA deal with China. Al Gore tried to buy the rights to encryption technology from RSA for the US government. That was an official act performed by the Vice President. Al Gore has also played a major role in the Clinton Administration's Crypto policy. He was fully briefed early on about Clipper and later would lobby hard to push the draconian controls sought by the government. Yet, despite the obvious conflict of interest, Al Gore did not hesitate to solicit donations from the very same company he had just tried to strong-arm. Al dialed for money from the same company that needed the administration's approval for export. In the end... Money was exchanged and services were rendered. China now has the RSA crypto technology, Al Gore got the donation money and Sandy Robertson stands to become even richer. 1 if by land, 2 if by sea. Paul Revere - encryption 1775 -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3
IP: Pentagon Readies Efforts to Sway Sentiment Abroad (fwd)
possibly even false ones? and even Western Europe. As official policy? I wonder which genius comes up with those ideas. -- Forwarded message -- Date: Tue, 19 Feb 2002 01:08:47 -0500 From: David Farber [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: IP: Pentagon Readies Efforts to Sway Sentiment Abroad http://www.nytimes.com/2002/02/19/international/19PENT.html By JAMES DAO and ERIC SCHMITT The Pentagon is planning to provide news items, possibly even false ones, to foreign media in order to influence public opinion in both friendly and unfriendly countries. The plans, which have not received final approval from the Bush administration, have stirred opposition among some Pentagon officials who say they might undermine the credibility of information that is openly distributed by the Defense Department's public affairs officers. The military has long engaged in information warfare against hostile nations for instance, by dropping leaflets and broadcasting messages into Afghanistan when it was still under Taliban rule. But it recently created the Office of Strategic Influence, which is proposing to broaden that mission into allied nations in the Middle East, Asia and even Western Europe. The office would assume a role traditionally led by civilian agencies, mainly the State Department. snip For archives see: http://www.interesting-people.org/archives/interesting-people/
RE: Pentagon Readies Efforts to Sway Sentiment Abroad (fwd)
On Tue, 19 Feb 2002, Lucky Green wrote: So where is the news? Is it that the government is admitting to this well-known fact? Admitting to run PSYOPS against allies has novelty at least to me. Widespread realization of this results in loss of efficiency in communication (everything is assumed to be a lie a priori unless proven otherwise) and voter-driven change in policy (e.g. EU-US axis).
RE: Say a goodnight prayer for joshua.
On Wed, 13 Feb 2002, Aimee Farr wrote: Jim Bell was arrested for stalking protected persons. Not even our military is exposed to the sort of personalized fear and exposure that public servants and their families experience today. Maybe they shouldn't have become public servants, then. War is an act of force to compel our enemy to do our will. Where a man's family is concerned, words count. WTF is this supposed to mean? I'm fairly certain you just crossed the Rubicon. You make even less sense than proffr.
Re: DC to get spycams --no choice but to accept it
On Wed, 13 Feb 2002, Greg Newby wrote: In Brin's world, there would also be cameras in the DC police departments for us to watch the watchers. More: Shouldn't mention Brin, as his symmetry assumption (re quis custodiet) is never true, yet interpreted superficially is very much like public biometrics apology. Near-future high-quality biometrics extraction could be cheaply integrated into surveillance gear, and given ubiquitous wireless allow realtime database matching and data warehousing. Such capabilities are much too powerful to trust people with.
RE: Say a goodnight prayer for joshua.
On Thu, 14 Feb 2002, Aimee Farr wrote: See Clausewitz. See 49 BC Julius Ceasar. See failure to provide context.
RE: Say a goodnight prayer for joshua.
On Thu, 14 Feb 2002, Trei, Peter wrote: There's a fine balance between assuming a common background which provides shorthand referents, and being a showoff. Um, I resolved the references just fine. It's just I missed the context, because proffr goes to /dev/null
Shmoo Group - Software security geek site (fwd)
-- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Fri, 8 Feb 2002 10:41:54 -0800 From: Mr. FoRK [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Shmoo Group - Software security geek site I love the word 'shmoo' (but I'd spell it 'schmoo') -- http://www.shmoo.com/ About The Shmoo Group Who we are The Shmoo Group was formed on or about March 1999 utilizing several ice cold Guinesses and some youthful idealism. We're a group of security, system, and network professionals who all have a bit too little free time and a few too many ambitions. To that end, we decided to start up a security resource on the web that would pretty much be a free-form, hippy-love event. What we ended up with is what you see here. What we do TSG has many ongoing projects. We run 2 news sites, Securitygeeks and Macsecurity.org. We write software as needed (check out Osiris and FEMA). We also partake in various acts of crypto and security advocacy such as the Capture the Capture the Flag and the RSA Party Planner. Last but not least, TSG maintains a large list of web resources including mail archives (bugtraq, FW1, IDS, etc), crypto source code, a MAC address search and ccTLD search, and list of resources on writing secure code. http://xent.com/mailman/listinfo/fork
RE: list spam, game theory, etal.
On Wed, 6 Feb 2002, Trei, Peter wrote: This is abuse of the whole notion of a mailing list as a place of discourse. It is a sociopathic disregard for everyone who uses the list as a place for discussion and persuasion. It is more contemptable than even spam. 1) he's nuts. he won't listen to you. 2) somebody please post that procmail recipe which would clog up his mailbox
Re: Morphing Idiot
On Fri, 1 Feb 2002 [EMAIL PROTECTED] wrote: On Fri, 1 Feb 2002, proffr11 wrote: Date: Fri, 01 Feb 2002 19:43:44 +1100 From: proffr11 [EMAIL PROTECTED] This is becoming Usenet: you shitcan one address, and he starts using another. Er, could somebody please kindly repost that evil procmail recipe (the one with the remailer feature)?
Re: Speak-Freely and a Telephone (fwd)
-- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Fri, 1 Feb 2002 14:52:16 -0800 (PST) From: Jeffrey Streifling [EMAIL PROTECTED] To: Alejandro Néstor Vargas [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Speak-Freely and a Telephone I read your message with great interest because I wanted to connect Speak-Freely with a telephone also. I do know there were a group of developers creating software drivers for this purpose, but for some reason the development has been stopped. Well... I hav not much time but I can help if the project is already started. If you can help, may be we could continue the project. Where do you seen this? With this type of setup, Speak-Freely becomes a very very powerful communications tool. I have done this. I set up a Speak Freely to POTS gateway that allowed somebody to connect to the machine over the Internet and make an outbound call from the machine, which ran unattended. This turns out to be a fairly difficult thing to do. (1) Because there is no way to manage line turnaround from the remote telephone, you must do everything the full-duplex way. (2) To run unattended in an obvious way, you will probably want to base your system on a Unix-like platform, BUT a lot of Unix-like platforms restrict to you half-duplex. (3) You cannot wire a sound card to the phone line in the obvious way and expect to do full duplex. Everything you drive onto the wire from the DAC will feed back into the ADC real loud, making communication impossible. To solve this, you will need a specially wound transformer called a hybrid coupler. Internally, they are not all that complex, and they show up in a variety of telephony equipment, but the kind of thing you will want for this job is a bit of a rare item. The best way to do this is to talk to find your friendly amateur radio operator and ask how to get a phone patch. You will still need to know how to wire up small amplifiers and resistor networks to handle the impedance transformations. (4) If you are connecting to a POTS line, you need a way to control your output impedance. High impedance = on hook; low impedance = off hook. If your hybrid is high impedance, you can put a Hayes style modem in parallel with it to manage dialing and hookswitching. If your hybrid is low-impedance (forcing the phone off-hook), you will need to retrofit it with a relay to hang up the line with, and make the necessary arrangements for controlling it. (Remember how pulse dialing works?) (5) There are several cans of worms on the computer side, including management, security, CPU management, and others. I never did get a good interface worked out for the whole mess. Rather than pull your hair out, you should consider getting hardware that is suited to the job (Quicknet makes something called the Linejack, and there is a company called Voicetronix which would be useful for larger setups). Rather than use Speak Freely, which is oriented to interactive use, try something along the lines of the tools from www.openh323.org. H.323 does not really address encryption (to my knowledge); use CIPE. Actually, the encryption in Speak Freely (at least the current Unix version) has a number of problems. The two grossest problems are the fact that the one-time pad is not one time (it's one time per packet) and the fact that the IDEA encryption uses the cipher feedback mode with an all zero initialization vector, thereby encrypting the first eight bytes by XORing them with a constant (the not-so-onetime-pad problem, round two). This trivially gives away the farm. More minor issues include the fact that text chat is not encrypted (from what I can tell), and DES has too short a key to be of much use anymore. The moral of the story is, Use Blowfish!. (Is there a fix in the works?) Anyway, my project never did work all that well -- it was short on CPU power, my prototyped (unshielded) circuits picked up a lot of noise, the interface was clunky, grounding was problematic, and keeping the signal amplitude at reasonable levels through the whole apparatus turned out to be a nightmare. Good luck; you'll need it! Jeffrey Streifling [EMAIL PROTECTED] * * * To unsubscribe from this mailing list, send E-mail containing the word unsubscribe in the message body (*not* as the Subject) to [EMAIL PROTECTED]
Re: biometrics (fwd)
On Sat, 26 Jan 2002, Jim Choate wrote: Yowzer!!! Step away from the PCB! Thermite is too slow. What you need is something quick which blows away your secrets, not your digits. While not as elegant as recent nanoporous silicon/oxidizer, some 100 mg of electrodetonated (electrolyte capacitor) lead azide on top of the die would do. Another possibility is to make part of the die package from HE (but you still need a primer to set it off).
[linux-elitists] NYLUG.org Invitation to LinuxWorld pub event inNYC, Jan 31st @7:45pm (fwd)
-- Forwarded message -- Date: Fri, 25 Jan 2002 10:33:26 -0500 (EST) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED], nylug-talk [EMAIL PROTECTED], nylug-announce [EMAIL PROTECTED] Subject: [linux-elitists] NYLUG.org Invitation to LinuxWorld pub event in NYC, Jan 31st @7:45pm Elitists and Nyluggers, If you plan to be in New York City for the LinuxWorld Expo show, I hope you'll join us to sign pgp keys at an after-show pub event. At the conclusion of Drew Streib's BOF (Birds of a Feather) OpenPGP talk around 7:30pm, everybody will walk over to the Tir Na Nog bar located nearby on 8th Avenue between 33rd and 34th Streets. A section in the cathedral bar area is reserved for us. Check it out: www.tirnanognyc.com/4.html When the exhibits close at 6pm, people from the New York Linux Users Group booth will walk over to Drew's BoF located in room 1E13 downstairs on level 2. Here's more info on the talk: www.linuxworldexpo.com/confprogram/wc/sub_pages/sub2.shtml#Importance __ ** After-Show Pub Event Details ** Thurs 31 January, 2002 7:45pm Tir Na Nog bar and restaurant 5 Penn Plaza 8th Avenue between 33rd and 34th Streets map: http://tirnanognyc.com/2.html We will mostly be hanging out, signing each other's keys, and discussing Linux. In the remote event that you can not meet us ;) please be sure to look us up the next time you are in town. - Jim http://www.nylug.org http://linuxworldexpo.com http://www.nylug.org/keys Jim Gleason VA Software email: [EMAIL PROTECTED] http://www.vasoftware.com phone: 212-858-7684 Pres. New York Linux Users Group fax: 212-858-7685 http://www.nylug.org ___ linux-elitists http://zgp.org/mailman/listinfo/linux-elitists
Re: aibo and the dmca (fwd)
On Fri, 25 Jan 2002, Michael Motyka wrote: The whole fucking thing is absurd. The idea that I can't hack around with a piece of HW that I paid for is OBSCENE. Not that I am in the least interested in aibo but the priciple is a real problem. Sony is very nazi about it (which is the reason I never buy anything from them). I'm surprised you never ran into policies of Sony or several other Japanese companies.
Re: More clueless news forwardings
I would suggest to use http://groups.yahoo.com/group/cpunx-news/ as a newsticker/cpunks news dumping ground while keeping the main list free from twitter. On Sun, 20 Jan 2002, Tim May wrote: Recently arrived here from Choate Prime, Jei the Finn sends us 12 (that I counted) forwarded news items on Saturday. I guess he thinks we need Yet Another News Forwarding Service. He joins mattd, Choate, Hettinga and others in the filter file. --Tim May That the said Constitution shall never be construed to authorize Congress to infringe the just liberty of the press or the rights of conscience; or to prevent the people of the United States who are peaceable citizens from keeping their own arms. --Samuel Adams -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3
Re: Responsibility.
On Thu, 17 Jan 2002, Aimee Farr wrote: When you paint targets on people, other individuals may cause them harm, seeking some measure of your acceptance. Some here might have Luckily, only individuhhals here. So, keep painting. actual followers, not fans or confederates-in-cause. Some individuals here, and you even as a group don't have to ask for somebody to be hurt, just imply that it is consistent with your wishes. When somebody expresses targeted violent sentiments, and you Can people be responsible for actions of crazy people? don't correct them, they perceive that as a ratification. (While mattd is a self-identifier, others might not be. You might not even know about them.) Such suggestions are a time-tested method of obtaining plausible deniability for violent political action. I'd rather prefer to think of this as a rowdy bar. A place to have fun, a place to get a bloody nose, possibly. I would think SOMEBODY can at least make the effort to say something when violent sentiments are expressed. Why? Consenting adults here, last time I looked. Guess not.
IP: Pres. Bush to Head-Up National ID System (fwd)
-- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Fri, 11 Jan 2002 19:55:58 -0500 From: David Farber [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: IP: Pres. Bush to Head-Up National ID System Date: Fri, 11 Jan 2002 18:14:24 To: (Recipient list suppressed) From: [EMAIL PROTECTED] SCAN THIS NEWS 1.10.2002 Pres. Bush to Head-Up National ID System As previously reported here, Congress has recently directed the US Department of Transportation to establish model guidelines for encoded data on driver's licenses issued by states as part of the 2002 transportation funding legislation. The Congressional directive also instructs federal agencies to work together towards development and installation of fingerprint or retinal scanners at airports which will read and verify data stored on the license documents. The directive constitutes formal establishment of a national ID system under the leadership of President George W. Bush as chief executive of his administration. According to the Congressional report the system will be used for national security and to prevent fraud. It will also be used to stop underage drinking. The newly established Department of Transportation safety agency will manage a federal database linking state driver information. The 1993 Driver's Privacy Protection Act (DPPA), codified at Title 18, Section 2721, will serve as the authority for this program. The Act ~requires~ states to release personal information from motor vehicle records for purposes of national defense (security) and matters involving national or regional emergencies; all under direction of the President. The DPPA also authorizes the Secretary of Transportation to collect and collate transportation related information whenever the Secretary decides such collection will contribute to the improvement of the transportation system of the United States. The American Association of Motor Vehicle Administrators (AAMVA) has already drafted a national ID standard. One of the required features of the AAMVA standard is digitally encoded inclusion of Social Security Numbers -- even though it is often claimed by proponents that SSNs would not be included. The AAMVA national ID standard also incorporates fingerprint and digital photo criteria. AAMVA's standards director, Nathan Root, was recently quoted -- in an effort to counter opposition to their national ID scheme -- saying, they're giving these systems too much credit in even assuming that somebody would be able and interested to track everybody's whereabouts and doings. If you believe Nathan Root, you deserve a national ID. --- CONFERENCE REPORT ON H.R. 2299, DEPARTMENT OF TRANSPORTATION AND RELATED AGENCIES APPROPRIATIONS ACT, 2002 (H.R. 2299) ftp://ftp.loc.gov/pub/thomas/cp107/hr308.txt Conference Report (H. Rept. 107-308) Model guidelines for encoded data on driver's licenses.-- In light of the terrorist attacks of September 11th, it is clear that all levels of government need to work in concert to deter and prevent future attacks. One means of doing so is to ensure that individuals asked to identify themselves are not using false identities. The increasing availability through the internet of expertly crafted false identification makes the task very difficult. The conferees are aware of technology, existing today, that can quickly scan any encoded data on the reverse of a driver's license to validate the license as legitimately issued. By reviewing personal data encoded on the license, it can also be used to assist in making a quick determination that the person displaying the license is the person to whom it was issued. The conferees strongly encourage the department to consider the development of model guidelines specifying the types of encoded data that should be placed on driver's licenses for security purposes, and to work in concert with states and related licensing bodies toward the early implementation of such measures. This could benefit the nation's efforts to improve security as well as assist in reducing fraud and underage drinking. Document and biometric scanning technologies.-- Document and biometric scanners linked to federal databases by computers and containing advanced authentication capabilities would facilitate the processing of background checks, provide fingerprint and additional biometric identification capabilities, and authenticate documents presented for identification. It is the conferees' understanding that such off the shelf, commercially available technology is in use or being tested by the Immigration and Naturalization Service. The conferees encourage FAA to assess such document and biometric scanning technologies for use at all commercial service airports. The conferees also
Re: Random Data Compressed 100:1 (Guffaw)
On Tue, 8 Jan 2002, Steve Schear wrote: combinations/permutations and auto correlations to code for the runs. I say attempted, because I was never able to find acceptable algorithms to satisfy my requirement. I still believe these algorithms exist, it was just my limitations in identifying the underlying math needed. http://www.google.com/search?q=IFS+image+compressionsourceid=operanum=100ie=utf-8oe=utf-8
Re: Shoe bomb and how to defeat spyware
On Tue, 8 Jan 2002, Ken Brown wrote: that triacetone triperoxide can be home-made, and has intriguing HMDT is another alternative. Really fun to work with: Newsgroups: rec.pyrotechnics Subject: Re: HMDT Date: 10 Mar 92 04:53:20 GMT Organization: Tampere Univ. of Technology, Finland. : : Well, I put a small piece of HMTD into a brick, and hitted it with a hammer, and it didn't detonate. I also tried a 'spark-test' from a lighter, and didn't managed to detonate HMTD. ( Indeed in ntp, and in normal condition, HMTD wont detonate If you light it, It'll burn like cellulose nitrate - with a yellow flame. Well, I was more than Happy to see, That I'd found A PERFECT Primary-explosive to detonate high-explosives. Well At the July of 1989 It happened, I was damping HMTD into a .22 LR copper cartridge, with a standart match, you see holding that cartridge in my left hand ,when it suddendly detonated, A HUGE explosion, and I found that for some reason, my hand was bleeding abt 1/2 liter of blood per min ( 1/9 gallon per min ) , and I could see my bone 'shining' through scraped human tissue. Epiloque. Never NEVER load B-caps in your hand, Always use special tamping device when loading Blasting caps - any other use for HMTD is silly - Believe me, I had hitted HMTD with a Hammer, It didn't detonate, and now, when I try to load that stuff from same batch into a copper container, It detonates, even I press with maybe 1/2 kg ( = 1 pound ) force it. Maybe the batch was impure, but believe me, It really explode without no reason. I must say that HMTD is a good explosive, but It's truly unpredictable. I'm sure that there are many others in this newsgroup who can tell the same thing - months of hard handling, and then, a explosion by a minumum force. : : reference to ping pong balls dissolved in acetone. Interestingly, They're made (or used to be made until very recently) from celluloid, nitrocellulose of low degree of nitration plasticized with camphor. It is soluble in acetone, but diethylether/ethanol is a better solvent. I don't see this being anything else than binder, stabilizer or desensibilizer for the organic peroxides/PETN. despite scare stories, a simple google search doesn't turn up details on how to make the stuff (neither does the Science Citation Index, which might have been a better bet, though I imagine anyone with access to a University library could get the information) A simple Google search should pull up dozens of links on how to make it. Don't. If you don't know how to make it, it means you can't handle it safely. Quantities of organic peroxides in novice's hands will quickly make them missing digits, or Worse. Organic peroxides are much too instable to be safely worked with, period. And google has just told me that the husband of a colleague of mine has published a paper on PETN - thousands of tons of which are apparently manufactured every year and used in industry and medicine (it is a vasodilator and cardioactive drug). So it might not be too difficult to find that for sale. http://www.faqs.org/faqs/sci/chem-faq/part3/section-2.html See: 13.8 What is the chemical structure of common explosives? -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3
Prisoner on line discussion (fwd)
-- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Sat, 5 Jan 2002 15:28:18 -0600 From: Joyce Scrivner [EMAIL PROTECTED] To: silent t [EMAIL PROTECTED] Subject: Prisoner on line discussion I've got video tapes (from the tv) of all the episodes and some odds and ends of other things. Fun show. - Original Message - At 3:33 PM -0800 1/4/02, Laissez Faire Books wrote: Julian Sanchez will be hosting a discussion board on The Prisoner Series. Come join in and pick Julian's brain on the series or discuss it's finer points with other fans. This board will begin on January 11th, get your questions ready! == RECENTLY ARRIVED IN STOCK THE PRISONER Complete Set on DVD By Patrick McGoohan AE Television, 2001 One of the most challenging and thought-provoking television series of all time, THE PRISONER is the strange saga of a former government operative (Patrick McGoohan) sent to a twisted prison called the village. Known only as No. 6, he engages in a battle of wills with the powers that be (represented by the nefarious and constantly changing No. 2 and a bizarre, chilling presence called the Rover) that wish to extract his secrets and break his spirit. Digitally re-mastered and presented in its original order, this set includes all seventeen episodes of the unforgettable series that introduced a whole new type of hero to the TV world. FN8564, 10 DVD Videos, 884 min List Price: $199.75 Our Price: $149.95 You Save: $49.80 (25%) http://www.laissezfairebooks.com/product.cfm?op=viewpid=FN8564aid=10154 *** [EMAIL PROTECTED] *** joyce scrivner *** All My Own Opinions *** Transported to a surreal landscape, a young girl kills the first woman she meets and then teams up with three complete strangers to kill again. -- Marin County newspaper's TV listing for THE WIZARD OF OZ
Re: Orange crush
On Mon, 7 Jan 2002, cubic-dog wrote: Dunno, maybe you're right, I couldn't get it to happen in the lab with phenols when I was a chem student without actually burning it. I I wouldn't cook polyhalogenated phenol dry or in high-boiling point solvents in presence of copper powder, and alcali. http://www.ping.be/~ping5859/Eng/ChlorineDiChem.html
IP: Judge OKs FBI Keyboard Sniffing (fwd)
-- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Sun, 06 Jan 2002 13:46:30 -0500 From: David Farber [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: IP: Judge OKs FBI Keyboard Sniffing [ In keeping with protocol, I was an expert witness (pro-bono) for the defense and submitted several affidavits on the technical issues djf] http://www.wired.com/news/privacy/0,1848,49455,00.html Judge OKs FBI Keyboard Sniffing By Declan McCullagh 2:00 a.m. Jan. 4, 2002 PST WASHINGTON -- The Justice Department can legally use a controversial electronic surveillance technique in its prosecution of an alleged mobster. In the first case of its kind, a federal judge in Newark, New Jersey has ruled that evidence surreptitiously gathered by the FBI about Nicodemo S. Scarfo's reputed loan shark operation can be presented in a trial later this year. U.S. District Judge Nicholas Politan said last week that it was perfectly acceptable for FBI agents armed with a court order to sneak into Scarfo's office, plant a keystroke sniffer in his PC and monitor its output. Scarfo had been using Pretty Good Privacy (PGP) encryption software to encode confidential business data -- and frustrate the government's attempts to monitor him. [snip] The court order from the federal magistrate judge stated that the FBI could install and leave behind software, firmware, and/or hardware equipment, which will monitor the inputted data entered on Nicodemo S. Scarfo's computer in the target location so that the FBI can capture the password necessary to decrypt computer files by recording the key related information as they are entered. Defense attorneys had said that the PGP pass-phrase snatching was akin to a telephone wiretap and pointed out that the FBI never obtained a wiretap order. Scarfo's lawyers also claimed the FBI was conducting a general search of the sort loathed by the colonists at the time of the American Revolution and thereafter outlawed by the Fourth Amendment's prohibition of unreasonable searches. For archives see: http://www.interesting-people.org/archives/interesting-people/
Re: Detweiler, Vulis, Toto, John Young, and mattd
On Sun, 6 Jan 2002, Tim May wrote: I'm thinking there's some common miswiring in the brains of these folks. If you think cpunks are bad, try cryonicists. Ugh.
Re: Hackers Targeting Home Computers (fwd)
-- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Mon, 07 Jan 2002 11:15:48 -0800 From: Hack Hawk [EMAIL PROTECTED] To: Kent Borg [EMAIL PROTECTED], Eugene Leitl [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: Hadmut Danisch [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Hackers Targeting Home Computers Although I originally used the word filter to describe a possible ISP action to address certain problems, the following statement from KB was more what I meant to suggest. And also Lynn Wheeler's statement about Dynamic IP addresses not being allowed to host HTTP services because it's not in the consumer/client agreement anyway. At 09:02 AM 1/7/02 -0500, KB wrote: Once word gets out that letting your computer be breached can get your internet account suspended, people might start applying patches, Linux might start making some inroads, and Micro$oft might quit shipping so many new bugs every week. Now, since the suggestion/idea prompted several responses, I'd like to offer one other opinion to see what some of you think about it. I know that it's possibly been discussed here before, but hopefully I won't get flamed too bad. :) Sorry, I'm kind of new to this particular list. When I performed my experiment a few months back, I had the idea to create a Code Green worm (like somebody actually did) that would go out and forcefully patch those vulnerable systems. I even went as far as developing a small tftp daemon that could serve up the CG virus to other infected systems for a short period of time. In light of all the discussion I've previously read on such matters, I decided against implementing the CG counter Virus. However, I'm starting to think that such counter viruses aren't such a bad idea, and here's the primary reason *why* I believe that. Currently, our government (people like Ashcroft) are slowly taking away our freedoms in an effort to gain control over the problem. Personally, I have a real hard time with this. I don't like Ashcroft and others like him having the ability to come into my home and phone lines and monitor everything I do. If they just happen to label me as a potential terrorist, then I'm basically f*#$ed and loose all my rights. I fully appreciate the dangers of our world, and why somebody like Ashcroft may want to sacrifice our liberties to gain control of worldly problems. However, there is *another* way. We can either sit back, and let people like Ashcroft take control of the cyber situation, or we can step up to the plate, and take control of the problem ourselves. My non-technical mailing list was my first non-intrusive step up to the plate. Perhaps in the future, stepping up should be a little more intrusive. If the freedoms I value so much are at stake, then maybe the rewards outweigh the risk of damaging someone's ego by patching their systems for them. IMHO. - hawk - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Shoe bomb (fwd)
-- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Sun, 6 Jan 2002 22:32:31 -0500 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Shoe bomb At 1:02 am -0800 12/26/01, Talley, Brooks wrote: This guy, for example, tried to light plastic explosives with a fuse (10% success rate at most), using a smelly match rather than a lighter, and did so while sitting in his seat rather than in a lavatory. Was he asking to be caught, or just incredibly stupid? He was seated close to the fuel tank. The explosive is essentially just a primer for the fuel. The following article is pretty unsettling, in that it makes the case that - the technique is carefully thought out, and - there will be more of these attacks, and - there aren't good ways to stop them. -Olin --- http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2002/01/06/MN222117.DTL Shoe-bomb flight -- a trial run? U.S., British officials fear similar attacks in the works Simon Reeve, Special to The Chronicle Sunday, January 6, 2002 London -- As investigators gather evidence about possible links between alleged airline shoe-bomber Richard Reid and the al Qaeda terrorist organization, intelligence officials on both sides of the Atlantic are floating a disturbing theory: that Reid's bombing attempt may have been a trial run for future, simultaneous attacks against passenger jets to be carried out by supporters of Osama bin Laden. U.S. and British intelligence officials believe that the British citizen on American Airlines Flight 63 from Paris to Miami on Dec. 22 was a foot soldier sent to check the destructive power of shoe bombs against civilian targets. One senior British intelligence official said there are indications that more than a few, but less than a dozen individuals may be preparing similar attacks in the near future. These officials cite similarities with a weapon developed by Ramzi Yousef, mastermind of the 1993 World Trade Center bombing, who plotted a series of simultaneous attacks on U.S. airliners in the mid-1990s. There is a definite pattern here with Yousef's past attacks that we would be foolish to ignore, said one highly placed intelligence official. They have tried this before, and they are trying it again. During the flight, Reid allegedly tried to detonate explosives hidden in his shoes with a lighted match. Crew and passengers averted a disaster by jumping on the 28-year-old London-born suspect. MOTHER OF SATAN BOMBS Preliminary studies by the FBI indicate Reid's black suede basketball shoes contained between 8 and 10 ounces of the explosive triacetone triperoxide, or TATP -- called The Mother of Satan by Palestinian militants, because its inherent instability makes it dangerous to both the victims and bomb maker. The TATP in Reid's shoes was blended with an explosive called PETN, or pentaerythritol tetranitrate, which can be ignited with a normal cigarette lighter. PETN is a key ingredient of Semtex, the Czech-made military explosive used to down Pan Am Flight 103 over Lockerbie, Scotland, in 1988. These bombs are sophisticated devices, said the British intelligence official. They would have been difficult and dangerous to produce. Reid could not have done this himself -- he would have trouble tying his own shoelaces. It seems we may have an expert bomb maker on the loose in Europe. LINKS TO 20TH HIJACKER Among the links being pursued by investigators are telephone conversations, known to British intelligence, between Reid and Zacarias Moussaoui, the so- called 20th hijacker who was indicted on conspiracy charges in connection with the Sept. 11 attacks, and reports that the two worshiped at the same mosque in London. Moussaoui's attorney entered a plea of not guilty for his client in Virginia last week. Investigators are also probing the origins of the money used by Reid, who has no visible means of support, as he traveled to seven different countries last year. Among the cities Reid visited was Amsterdam. The Binnenlandse Veiligheids Dienst (BVD), the Dutch security service, is trying to reconstruct Reid's movements and to establish whether an al Qaeda cell there may be plotting attacks on passenger jets. Reid has told FBI agents that he contacted Dutch arms dealers via the Internet and paid $1,800 for the explosives. But intelligence sources speculate that Reid obtained them from an al Qaeda explosives expert in Amsterdam, who adapted the shoes in preparation for Reid's attack. FBI agents and British anti-terrorist officials, meanwhile, have concluded that the shoe-bomb plot originated with the ideas of Yousef, an early al Qaeda operative who suggested flying passenger jets into buildings. 'PROJECT BOJINKA'
pine filtering
While in pine, hit the keys m s r f a http://www.umanitoba.ca/campus/acn/docs/pine/pine-filters.html Use e.g. mattd [EMAIL PROTECTED] as From pattern Set up a folder e.g. called junk in Filter action. Of course, procmail is better, but you have to be careful when setting it up, since it is easy to lose mail, if you don't know what you're doing. http://www.ling.helsinki.fi/users/reriksso/procmail/mini-faq.html
IP: Fw: Drawing A Blank -- ACLU Report on the Failure of FaceRecognition in Tampa (fwd)
-- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Thu, 3 Jan 2002 20:04:45 -0400 From: David Farber [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: IP: Fw: Drawing A Blank -- ACLU Report on the Failure of Face Recognition in Tampa -Original Message- From: Barry Steinhardt [EMAIL PROTECTED] Date: Thu, 03 Jan 2002 15:27:36 To: Dave Farber [EMAIL PROTECTED] Subject: Drawing A Blank -- ACLU Report on the Failure of Face Recognition in Tampa Dave, The use of the biometric facial recognition technology, along with video surveillance on the streets of Tampa, Florida is an overhyped failure that has been seemingly abandoned by police officials, according to a report released today by the American Civil Liberties Union. System logs obtained by the ACLU through Florida's open-records law show that the system never identified even a single individual contained in the department's database of photographs. And in response to the ACLU's queries about the small number of system logs, the department has acknowledged that the software -- originally deployed last June, 2001 -- has not been actively used since August. The report entitled Drawing a Blank : The Failure of Face Recognition in Tampa, can be found at http://www.aclu.org/issues/privacy/drawing_blank.pdf. Our announcement can be found at http://www.aclu.org/news/2001/n010302a.html. Barry Steinhardt Sent from Dave's Blackberry. For archives see: http://www.interesting-people.org/archives/interesting-people/
Re: Future Gnu's
On Thu, 3 Jan 2002, Eric Cordian wrote: There is a critical mass of drek above which no one will bother searching for stuff worth reading in the list. Without mentioning any names, might I suggest that certain prolific posters need to stop posting 15 badly formatted seemingly unintelligible messages every time they visit. Spare your breath. The only way to shut up someone with a mental condition is to kick him off the list, to leave the list, or use filtering. They're entirely closed to rational argumentation. People who have something to say are usually not that patient, and just leave the list. Overpermissiveness results in quality loss.
Magic Lantern - The FBI's viral key-logger (fwd)
Date: Wed, 02 Jan 2002 00:08:38 -0600 From: nnburk [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Organization: Planetscape Enterprises X-Accept-Language: en,ru To: Matthew Gaylor [EMAIL PROTECTED] Subject: Magic Lantern - The FBI's viral key-logger Please feel free to distribute this far and wide: Magic Lantern - The FBI's viral key-logger - The Latest - http://lists.jammed.com/ISN/2001/12/0037.html[ISN] FBI confirms Magic Lantern project exists http://lists.jammed.com/ISN/2001/12/0039.html[ISN] Infamous hacker group helps the Feds http://lists.jammed.com/ISN/2001/12/0043.htmlRe: [ISN] Infamous hacker group helps the Feds - cDc calls announcement satire http://lists.jammed.com/ISN/2001/12/0053.htmlRe: [ISN] Infamous hacker group helps the Feds http://lists.jammed.com/ISN/2001/12/0064.html[ISN] DIRT-Magic Lantern Firm Barred from Gov Work http://lists.jammed.com/ISN/2001/12/0063.htmlFBI may be getting full benefit of Magic Lantern... from BadTrans.B [ISN] FBI surveillance bonanza in BadTrans.B worm http://www.politechbot.com/p-02955.htmlFrom the We don't need no stinkin' oversight dept.: Politech: FBI refuses to tell Congress aide about classified Magic Lantern http://www.corpwatch.org/issues/PID.jsp?articleid=1108Homeland Security, Homeland Profits Technology Already in the Hands of Law Enforcement http://www.corpwatch.org/news/PND.jsp?articleid=1092FBI Software Records Each Keystroke http://www.corpwatch.org/news/PND.jsp?articleid=1009Software Firms Object to FBI Eavesdropping http://www.nytimes.com/2001/12/31/technology/ebusiness/31TECH.9.html Scarfo, Phase 2: a.k.a. Magic Lantern CYBERSECURITY - Threat of Terrorism on U.S. Infrastructure (nytimes.com) What is Magic Lantern? http://www.msnbc.com/news/660096.asp?cp1=1FBI software cracks encryption wall Magic Lantern part of new Enhanced Carnivore Project http://www.epic.org/privacy/carnivore/foia_documents.htmlEPIC Carnivore (and 'Enhanced Carnivore') FOIA Documents http://www.zdnet.com/zdnn/stories/news/0,4586,5099906,00.htmlZDNet News: FBI's magic revealed as old tricks http://www.washingtonpost.com/wp-dyn/articles/A3371-2001Nov22.htmlFB I Is Building a 'Magic Lantern' (washingtonpost.com) http://www.washingtonpost.com/wp-dyn/articles/A1436-2001Nov22.htmlFB I Develops Eavesdropping Tools (washingtonpost.com) McAfee sides with FBI against customers on Magic Lantern http://www.politechbot.com/p-02822.htmlDeclan McCullagh's Politech FBI reportedly creating Magic Lantern anti-crypto virus http://www.politechbot.com/p-02834.htmlDeclan McCullagh's Politech McAfee sides with FBI against customers on Magic Lantern http://www.factsquad.org/radio/2001-11-26.mp3The Spy in Your Computer? (.mp3) from Fact Squad Radio http://www.politechbot.com/p-02837.htmlDeclan McCullagh's Politech Has McAfee sided with FBI on Magic Lantern detection? http://www.ct.heise.de/newsticker/data/wst-26.11.01-001/Spokesman for NAI in Germany disputes the Washington Post article from the German news site Heise Online http://www.politechbot.com/p-02839.htmlDeclan McCullagh's Politech McAfee replies -- by denying any FBI contacts of any sort http://www.interesting-people.org/ob/htsearch?config=lists_elistx_com restrict=%2Finteresting-people%2Fmethod=andsort=scorewords=%22magi c+lantern%22Magic Lantern Discussion from Dave Farber's Interesting-People elist http://www.politechbot.com/cgi-bin/politech.cgi?name=mcafeeDeclan McCullagh's Politech Background on McAfee/NAI http://www.wired.com/news/conflict/0,2100,48648,00.htmlWired News Summary 'Lantern' Backdoor Flap Rages, By Declan McCullagh http://www.politechbot.com/p-02840.htmlDeclan McCullagh's Politech AP's Ted Bridis replies to McAfee: I stand by my reporting http://www.politechbot.com/p-02846.htmlDeclan McCullagh's Politech McAfee broadens denial: No contact with government of any sort http://www.theregister.co.uk/content/55/23057.htmlAV vendors split over FBI Trojan snoops http://www.politechbot.com/p-02851.htmlDeclan McCullagh's Politech Symantec pledges to acquiese to FBI backdoor demands http://www.politechbot.com/cgi-bin/politech.cgi?name=lanternPolitech Summary re: Magic Lantern http://www.theregister.co.uk/content/6/23150.htmlFBI 'Magic Lantern' reality check (original article picked up by ISN, below) http://lists.jammed.com/ISN/2001/12/0015.html[ISN] Magic Lantern reality check http://news.cnet.com/news/0-1003-200-7944351.html?tag=rltdnwsFBI snoop tool old hat for hackers http://www.zdnet.com/zdnn/stories/comment/0,5859,2829781,00.htmlWarn ing - The FBI knows what you're typing http://www.zdnet.com/zdnn/stories/news/0,4586,5100528,00.htmlAntivir us firms: FBI loophole is out of line http://dailynews.yahoo.com/h/nm/20011210/tc/attack_tech_dc.htmlAntiv irus Firms Say They Won't Create FBI Loophole http://www.politechbot.com/p-02914.htmlPolitech: Symantec, McAfee backpedal furiously on espionage enabled-software http://www.politechbot.com/p-02918.htmlPolitech: More on Symantec,
Re: Fun with bleach and nail polish remover
On Sun, 30 Dec 2001, Sampo Syreeni wrote:
Yes, it's unstable, but what, exactly, is it that makes $H_{2}O_{2}$
organic?
Hydrogen peroxide is not an organic peroxide. Concentrated hydrogen
peroxide is unstable, and can violently decompose, especially if catalysts
(finely distributed metals, pyrolysite) are present, but it does not
detonate. The usual use for it is for hypergolic rocket fuel (with
unsymmetrical dimethyl hydrazine).
Organic peroxides is something else entirely. You can make organic
peroxides using hydrogen peroxide, though it is not advisable for laymen.
In fact, due to their instability, it is better not to work with them at
all. Considerable potential for severe or even terminal injury there.
Re: Fun with bleach and nail polish remover
On Sun, 30 Dec 2001, KPJ wrote: Minor correction: /H2H2/ should be /H2O2/, naturally. Organic peroxides are useful as improvised blasting caps, but otherwise much too unstable.
[Htech] A gift for language (fwd)
-- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Sun, 23 Dec 2001 00:11:10 -0500 From: Brian Atkins [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: [Htech] A gift for language You can use winzip to determine what language or even what author a small piece of text is from: http://pil.phys.uniroma1.it/~loreto/press.html (I got this from new scientist dead tree, but this .ps file is all I can find quickly) -- Brian Atkins Singularity Institute for Artificial Intelligence http://www.singinst.org/ Yahoo! Groups Sponsor -~-- Access Your PC from Anywhere - Full setup in 2 minutes - Free Download http://us.click.yahoo.com/1GUySC/E6eDAA/ySSFAA/PMYolB/TM -~- -BEGIN TRANSHUMANTECH SIGNATURE- Post message: [EMAIL PROTECTED] Subscribe:[EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] List owner: [EMAIL PROTECTED] List home:http://www.yahoogroups.com/group/transhumantech/ -END TRANSHUMANTECH SIGNATURE- Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
FY;) [Pigdog] I've changed my mind, the 2nd amendment rocks (fwd)
-- Forwarded message -- Date: Sun, 23 Dec 2001 12:42:51 -0800 (PST) From: Donkey Hotey [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Pigdog] I've changed my mind, the 2nd amendment rocks So yesterday for my girlfriend's birthday 10 of us went to the Jackson Arms Shooting Range ( http://www.jacksonarms.com ) in Millbrae to shoot some guns. I was a little scared about going, guns being EVIL and WRONG and very Un-Berkeley (unless they're melted down into a statue provoting nonviolence), but it was her 30th birthday, and she could do whatever the hell she pleases. We signed up for the novice package, which I must say is a pretty damn good deal. A retired cop gives you a 30 minute lecture on gun safety, how guns work, how to grip them, how to aim them and all that good stuff. He used a Ruger MkII .22 pistol for the demonstration. It was a little disturbing, because I was sitting in the front of the class, and everytime he needed to show one side of the gun or the other, he would point it up and around in this big dramatic motion. The intent was so that the gun never faced anybody, but it was still a little scarey. After the lecture and a little video that showed the semi-automatic pistol reloading, we got to go to the range. Everybody got a Ruger .22 and 100 bullets for target practice, but we were also allowed to upgrade our pistols later. We had the lane for two hours. I was a tad bit scared when I picked up the gun, but not much as I would have been if I hadn't had the course. All my shots were consistently at 7 o'clock on the target (which was only 7 yards away). I was sticking my trigger finger too far into the trigger, so I was pulling it down and to the left (I'm left handed). The 3 women who were there were all DROP DEAD ACCURATE though. I mean right in the center of the target every single time. So we started upgrading our guns. I tried a 9mm (don't know what kind) which I thought was as little jumpy and harsh, a Smith Wesson revolver (a .38 which is a .357 which is a .356 or some such nonsense) which was FUCKING AWESOME, and a .44 which made really big wholes. I have to say I liked the revolver the most. Once I shot the other weapons, I went back to the .22 and was a hell of a lot more accurate. The thing seemed like a weak little toy gun. It might as well be shooting suction darts. They have a whole bunch of targets that you can choose from my favorite was the hostage page. It had some unabomber looking guy with a gun pointed at a woman. I blasted the woman right between the eyes. While we were there, a reporter from K101 who was doing a story on women and guns interviewed us. I guess she's a regular and when she learned a woman was celebrating her 30th birthday by learning how to shoot, she had to be there. The woman kept asking Mary about safety and protection and Mary said oh, no, I just wanted to shoot stuff. I guess we weren't what she was looking for. Mary will get a copy of the story in the mail, so we'll see her take later. Wow I really didn't think I'd enjoy shooting guns. Now I need to join a militia right away. The teacher at one point did mention the 2nd amendment. He said although the 2nd amendment guarantees us the right to bear arms, we do not believe guns are for everybody. So that was wholesome and refreshing. When the revolution comes I won't shoot him. Actually I think I'll stay away from him, after I saw what he could do rapidfire. Also he would like the world to know that Danny Glover doesn't know how to handle a firearm. yikes! guns are cool! What's a hippyuppymus to do?!?! -- go ahead, make my day. BLAM BLAM BLAM BLAM BLAM BLAM -- Ben Franklin
IP: Government questions over Windows XP security flaws (fwd)
-- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Fri, 21 Dec 2001 20:24:18 -0500 From: David Farber [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: IP: Government questions over Windows XP security flaws http://www.kfwb.com/news/nat/n122113.html FBI, Pentagon Quiz Microsoft Over Windows XP Problems WASHINGTON (AP) 12.21.01, 4:05p -- FBI and Defense Department officials and some top industry experts sought reassurance Friday from Microsoft Corp. that a free software fix it offered effectively stops hackers from attacking major flaws discovered in the latest version of Windows. The government's rare interest in the problems with Windows XP software, which is expected to be widely adopted by consumers, illustrates U.S. concerns about risks to the Internet. Friday's discussions came during a private conference call organized by the FBI's National Infrastructure Protection Center, its top cyber-security unit. Microsoft's experts bluntly acknowledged the threats posed by the Windows XP problems, but they assured federal officials and industry experts that its fix -- if installed by consumers -- resolves the issues. The company acknowledged Thursday that Windows XP suffers from serious problems that allow hackers to steal or destroy a victim's data files across the Internet or implant rogue computer software. The glitches were unusually serious because they allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet. Microsoft declined to tell U.S. officials Friday how many consumers downloaded and installed its fix during the first 24 hours it was available. Experts from Internet providers, including ATT Corp., argued that information was vital to determine the scope of the threat. Microsoft also indicated it would not send e-mail reminders to Windows XP customers to remind them of the importance of installing the patch. One participant in the call, who spoke on condition of anonymity, otherwise described Microsoft officials as extremely forthright. Microsoft explained that a new feature of Windows XP can automatically download the free fix, which takes several minutes, and prompt consumers to install it. The patch is effective, said Steve Lipner, Microsoft's director of security assurance, who participated in Friday's call. There was a discussion of the importance of the Windows auto-update capability. People were encouraged by the fact that we'll get the patch to people. Officials also expressed fears to Microsoft about electronic attacks launched against Web sites and federal agencies during next week's Christmas holidays from computers running still-vulnerable versions of Windows, participants said. Several experts said they had already managed to duplicate within their research labs so-called denial of service attacks made possible by the Windows XP flaws. Such attacks can overwhelm Web sites and prevent their use by legitimate visitors. That was the one you'll more likely see over Christmas break, one participant said. Another risk, that hackers can implant rogue software on vulnerable computers, was considered more remote because of the technical sophistication needed. The FBI's cyber-security unit has been particularly worried lately about the threats from denial of service attacks. It warned again Thursday that it has reason to believe that the potential for (denial of service) attacks is high. The FBI said people have indicated they plan to target the Defense Department's Web sites, as well as other organizations that support the nation's most important networks. Participants in Friday's call included the FBI; Defense Department; the U.S. Federal Computer Incident Response Center; federally funded CERT Coordination Center; eEye Digital Security Inc., which discovered the Windows XP problems; Network Associates Inc.; the System Administration, Networking and Security Institute; and others. For archives see: http://www.interesting-people.org/archives/interesting-people/
RE: CNN.com on Remailers
On Mon, 17 Dec 2001, Trei, Peter wrote: If I were a remailer operator, I'm not sure I'd like this. Active cooperation with another remaler operator means that if he/she/it does something illegal, you could be dragged in How is this different from the current situation? Is usage of a specific mainstream protocol sufficient protection from conspiracy charges? Joe Bob Postfixuser is hardly a remailer operator. on 'conspiracy' charges, regardless whether you actually had any knowledge of the the other operators nefarious activities. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3
Re: CNN.com on Remailers
On Sat, 15 Dec 2001, Steve Schear wrote: During your rant on re-mailers I mentioned the desirability of using popular P2P services in conjunction with remailers, possibly as middleman nodes. Len pointed out the problems with re-mailer system stability if P2P clients were used as they come and go. During the break there was a short P2P nodes are ephemeral, the content is not. A short message hop from node to node is in the second range. Assuming the message doesn't sit on the node too long (running danger of it being pulled) and there are multiple redundant messages in transit (you wanted more idle traffic? here's is your idle traffic) the probability of delivery should be higher than the current remailers'. discussion of using the P2P clients to generate cover traffic on remailers. This should be simple and involve no risk to those running the clients. Ask Google for XML-RPC and Freenet and/or Mojo Nation. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3
The MS DRM Patent and Freedom to Speak and Think (fwd)
-- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Fri, 14 Dec 2001 23:08:13 -0500 From: Seth Johnson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: The MS DRM Patent and Freedom to Speak and Think In his November 6 essay You're Free to Think, (http://davenet.userland.com/2001/11/06/youreFreeToThink), Dave Winer comments that whatever else happens in the ongoing, increasing trend towards policing of the public's right to use information and information technology, we are still left with the freedom to *think* for ourselves. He seemed to me to be offering this comment as a bare source of solace against the government's increasing intent to control the prospects of communications technology. Microsoft's favorable treatment of late caused him to wonder what kind of deal Bill Gates must have worked out with the Bush Administration. He wondered what Microsoft might have given the government in return for the highly favorable terms of the settlement that's currently on the table in the court proceedings against the company, for monopoly practices in the operating systems arena. He commented specifically on the current ramifications of Microsoft's increasing position of power in the operating systems market: Now, they have to get people to upgrade to Windows XP -- that's the final step, the one that fully turns over the keys to the Internet to them, because after XP they can upgrade at will, routing through Microsoft-owned servers, altering content, and channeling communication through government servers. After XP they fully own electronic communication media, given the consent decree, assuming it's approved by the court. Now, it has just come to light that Microsoft has been awarded a software patent for a Digital Rights Management operating system. This development shows us exactly where we stand now. Microsoft doesn't have to offer anything to the government; it has only to hold possession of a patent covering the DRM elements of its latest OS, thereby providing an almost absolutely assured trajectory toward establishing the terms by which the public's ability to communicate digital information will be controlled. Please see the message I am posting below, from the CYBERIA email list, which quotes from the patent. The real kicker is right here: The digital rights management operating system also limits the functions the user can perform on the rights-managed data and the trusted application, and can provide a trusted clock used in place of the standard computer clock. The ability to use information freely is now going to be policed at the most intricate level, in the name of exclusive rights and to the detriment of the most fundamental Constitutional principles of our society. Whereas the First Amendment of the U.S. Constitution assures that every American citizen has the full right to freedom of speech, we see here the ultimate legislative and technical trappings by which the public will be demarcated as mere information consumers. Facts and ideas are not contraband and may never be copyrighted or otherwise constrained under the terms of intellectual property, whether they are bound up in an expressive work or not; and the computer is a *logic* device that now sits on nearly every citizen's desktop -- it is *not* a consumer appliance. From both the standpoints of speech and thought, so-called digital rights management is a utterly desolate *dead end.* Whether we speak of the constituent pieces of expressive works, or the nature of the computer itself, so-called digital rights management marks the beginning of a grand rollback of the means by which the promise of our participation in and advancement of civil society have lately been greatly augmented. Rather than facing the simple, plain truth that the power given in the U.S. Constitution for Congress to grant (or deny) to authors and inventors exclusive right to their works, was intended to cover products that do not intrinsically bind up the very means of communication and of our participation in civil society, we instead are experiencing a social condition wherein monopoly interests exploit the fluidity of logical products to evade the very terms of antitrust law and to assure that the public's ordinary rights do not gain purchase against their interests. Antitrust law is all about competition in a particular product, but software is as amorphous in its possibilities as our own vaunted power to think. Thus Microsoft easily maintains it is not in the browser market, competing with Netscape; it is, rather, in the market for innovative operating systems. We are now seeing just how innovative that operating system can really be. If we do not confront the ludicrousness of the idea of holding a patent
Re: [Remops] And when he returns in February? (fwd)
On Wed, 12 Dec 2001, A. Melon wrote: Ninny. Got no taste of online soap?
IP: Antivirus firms deny Magic Lantern backdoor plans (fwd)
-- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Tue, 11 Dec 2001 06:04:54 -0500 From: David Farber [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: IP: Antivirus firms deny Magic Lantern backdoor plans From: Bill Sodeman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Antivirus firms deny Magic Lantern backdoor plans Date: Mon, 10 Dec 2001 23:47:17 -0600 X-Mailer: Microsoft Outlook, Build 10.0.3311 Importance: Normal http://dailynews.yahoo.com/h/nm/20011210/tc/attack_tech_dc.html Monday December 10 8:30 PM ET Antivirus Firms Say They Won't Create FBI Loophole By Elinor Mills Abreu SAN FRANCISCO (Reuters) - Anti-virus software vendors said on Monday they don't want to create a loophole in their security products to let the FBI or other government agencies use a virus to eavesdrop on the computer communications of suspected criminals. Under a project code named Magic Lantern, the U.S. Federal Bureau of Investigation is creating an e-mail-borne virus or Trojan horse that hides itself on the computer and captures all keystrokes made, including passwords that could be used to read encrypted mail, according to a report on MSNBC.com in November. Despite subsequent reports to the contrary, officials at Symantec Corp. and Network Associates Inc. said they had no intention of voluntarily modifying their products to satisfy the FBI. Spokesmen at two other computer security companies, Japan-based Trend Micro Inc. and the U.S. subsidiary of UK-based Sophos PLc., made similar statements. All four anti-virus companies said they had not contacted or been contacted by the U.S. government on the matter. We're in the business of providing a virus-free environment for our users and we're not going to do anything to compromise that security, said Tony Thompson of Network Associates. Symantec's first priority is to protect our customers from malicious and illegal attacks, Symantec Chief Executive John W. Thompson said in a statement. We have no intention of creating or leaving a hole in our software that might compromise that security. If anti-virus vendors were to leave a hole for an FBI-created Trojan horse program, malicious hackers would try to exploit the hole too, experts said. If you leave the weakness for the FBI, you leave it for everybody, said Fred Cohen, an independent security expert and digital forensics professor at the University of New Haven. From the industry perspective, leaving a hole in anti-virus software would erode public confidence and damage the reputation of the vendor, sending customers to competing companies, the vendors said. The government would have to convince all anti-virus vendors to cooperate or the plan wouldn't work, since those not cooperating would have a market advantage and since they all share information, said a Symantec spokeswoman. The thought that you would be able to convince the industry as a whole to do this is kind of naive, she said. All four anti-virus companies said they had not contacted or been contacted by the U.S. government on the matter. The FBI declined to confirm or deny the report about Magic Lantern, when it was first published by MSNBC.com and a spokesman was not available for comment on Monday. PLAN WOULD ALIENATE OTHER COUNTRIES Symantec and Networks Associates, both of whom have investments in China, would not jeopardize their footings in that market, said Rob Rosenberger, editor of www.vmyths.com, a Web site that debunks virus hoaxes. If (the Chinese) thought that the company was a tool of the CIA (news - web sites), China would stop using those products in critical environments, Rosenberger said. It is in the best interest of anti-virus vendors not to heed the call of the FBI. We always try to cooperate with the authorities when it's appropriate. Having said that, our No. 1 goal is to protect our customers, said Barbara Woolf of Trend Micro. I've heard reports that the government is upset this got out and is going back to the drawing board. Appeasing the U.S. government would be difficult for vendors who have parent companies and customers outside the United States, they said. If the laws of the land were to change to permit this kind of activity then we would abide by the law, said David Hughes, president of Sophos' U.S. subsidiary. But how would a vendor provide protection for customers outside of the specific jurisdiction? Hughes asked. If we were to do this for the U.S. government we'd also have to do it for the government of any other nation that would want to do something similar. == Bill Sodeman [EMAIL PROTECTED] / http://bill.sodeman.com 1-512-845-0119 For archives see: http://www.interesting-people.org/archives/interesting-people/
Re: [linux-elitists] Phil Zimmermann on key exchange (fwd)
-- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Mon, 10 Dec 2001 18:24:46 -0800 From: Don Marti [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [linux-elitists] Phil Zimmermann on key exchange begin Seth David Schoen quotation of Fri, Dec 07, 2001 at 11:42:26PM -0800: Reviving a thread from last month: (More on encrypted email infrastructure from Seth: http://vitanuova.loyalty.org/2001-12-07.html) The Board of Directors of EFF met today in San Francisco, and I made a presentation about this, in the presence of Brad Templeton and others. One of the conclusions was that EFF's role in implementing something like this is still not defined clearly enough, and we don't know what we could most usefully do. In order to seriously deploy encrypted email you need to kick the email client support problem and the key management problem at the same time. One possible role for EFF would be as a founding member of an encrypted email industry consortium analogous to W3C. Such an organization would have to be positioned as a way to fight cyberterrorism and protect infrastructure. It would be nice to get Ximian, the KDE project and Qualcomm to join, and use the words Secure Email or Email Security in the organization's name somewhere. You probably aren't going to get any mail client vendor that depends on many Secret Police customers to join. -- Don Marti What do we want? Free Dmitry! When do we want it? Now! http://zgp.org/~dmarti [EMAIL PROTECTED] Free the web, burn all GIFs. KG6INA http://burnallgifs.org/ ___ linux-elitists http://zgp.org/mailman/listinfo/linux-elitists
RE: eCash reported mortally wounded...
On Sun, 9 Dec 2001, Lucky Green wrote: --Lucky, waiting patiently for 2005. Patent expiration date? Which one? -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3
[Remops] A comparison of Frog-Admin, the Script-Kiddie, AnonymousTrolls and other plagues of the privacy community. (fwd)
-- Forwarded message -- Date: Sun, 9 Dec 2001 15:44:07 +0100 (CET) From: Anonymous [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Remops] A comparison of Frog-Admin, the Script-Kiddie, Anonymous Trolls and other plagues of the privacy community. A comparison of Frog-Admin, the Script-Kiddie, Anonymous Trolls and other plagues of the privacy community. ... all one and the same schizophrenic person? Quotes can all be found and confirmed through groups.google.com and lexx.shinn.net Remailer Operators list archive, links have been provided whereever possible. TABLE OF CONTENTS - HISTORY GRAMATICAL/WRITING STYLE SIMILARITIES PREVIOUS QUESTIONABLE/DUBIOUS ACTS BY FROG |-Azerty and Frog Remailers |-Monitoring capabilities |-RProcess |-Thomas Boschloo about the timing of hate spam +-Frog's From: Header MOTIVE SIMILARITIES |-Anonymous Troll about Thomas J. Boschloo and Champerty |-Anonymous Troll about Thomas J. Boschloo |-The Painful Truth about Orange to Orange-Admin |-Anonymous Troll about Katherine's Miranda Remailer |-Anonymous Troll about Katherine |-Anonymous Troll (Freud) to Orange-Admin +-Anonymous Troll (Boschloo is a CLOWN) about Thomas J. Boschloo TERMINOLOGICAL SIMILARITIES +-Further connections between all kinds of old and new trolls +-You are a failure | |-Anonymous Troll about Katherine | |-Anonymous Troll about Champerty | +-The Truth about Orange to Orange-Admin +-Microsoft Windows Software |-Anonymous Troll to I Sent Your Saddle Home +-The Painful Truth about Orange to Orange-Admin MESSAGE COMPARISON/ANALYSIS |-Source Remailers |-Message Headers (To: mail2news gateways) +-Writing Style +-Sporadic use of single-space indentation and missing punctuation GRAMMAR/SPELLING +-The succes(s)ful gotcha |-Frog-Admin +-Trolls LINE BREAKS |-Frog-Admin +-The Painful Truth about Orange THE SCRIPT-KIDDIE DEVICIVNESS/DIVERSION/CONFUSION HISTORY --- Observing alt.privacy.anon-server and the remailer-operators list over the last year I have noticed a larger then usual amount of DoS, disinformation, slanderous, spam-style, and scripted attacks occurring in the privacy community. The fact that makes these issue unusual is that there is one constant variable in these matters: Frog-Admin can be linked to start of all these matters. I have carefully studied and analysed the posting habits, writing style, vocabulary, punctuation use/misuse, uncommon/consistent misspelling, line breaks and other signature items of Frog-Admin, Script-Kiddie, and the remops/APAS troll (who has attacked Katherine, Champerty, Orange-Admin, Boschloo and others). I propose to the privacy community that Frog-Admin, Script-Kiddie, and the troll who has waged war on many other individuals in the community are all the same person. I have gathered enough material and identified so many uncanny and consistent similarities that it is difficult to deny or chalk up to common paranoia. I ask you to draw your own conclusions from the material provided. GRAMATICAL/WRITING STYLE SIMILARITIES - You will notice the following writing style similarities in all the following quotes by different anonymouse people and the Frog-Admin: 1. missing punctuation 2. additional tabs/spaces at the beginning of lines 3. overuse of CAPS 4. use of asterisks (*) to highlight certain words 5. excessive manual line breaks PREVIOUS QUESTIONABLE/DUBIOUS ACTS BY FROG -- Frog-Admin was found to be the admin of both Azerty and Frog remailers. He kept the fact that he was Azerty admin hidden and it was not announced by him for quite some time after both remailers were opened. He utilized this fact to trace abuse through chains which included both Azerty and Frog. Link: http://groups.google.com/groups?selm=2213203924.033%40nyarlatheotep.frog.org Quote: -Apparently, Frog and Azerty got mail-bombed this WE. -It looked like groups of 5* or 10* 400K chunks, -chaining azerty-frog-azerty-frog 10 times Link: http://groups.google.com/groups?selm=1009d5c8f2f2790aeb6efd4b870b6f7a%40remailer.privacy.at Quote: -I caught an abuser (trivial traffic analysis): - -Azerty received 100 * messages 160 K initially -giving 100 * identical messages 60 K on arrival with 14*gif (batman) -each. -In-between, transparent-remix generated a few hundreds messages each -hop - [EMAIL PROTECTED] azerty noisebox frog [EMAIL
IP-FLASH Office XP, Windows XP May Send Sensitive Documents toMicrosoft (fwd)
-- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Fri, 07 Dec 2001 07:59:49 -0500 From: David Farber [EMAIL PROTECTED] To: ip-flash [EMAIL PROTECTED] Subject: IP-FLASH Office XP, Windows XP May Send Sensitive Documents to Microsoft PROBLEM: Microsoft Office XP and Internet Explorer version 5 and later are configured to request to send debugging information to Microsoft in the event of a program crash. The debugging information includes a memory dump which may contain all or part of the document being viewed or edited. This debug message potentially could contain sensitive, private information. PLATFORM: · Microsoft Office XP · Microsoft Internet Explorer 5.0 and later · Windows XP · Microsoft has indicated that this will be a feature of all new Microsoft products DAMAGE: Sensitive or private information could inadvertently be sent to Microsoft. Some simple testing of the feature found document information in one message out of three. SOLUTION: Apply the registry changes listed in this bulletin to disable the automatic sending of debugging information. If you are working with sensitive information and a program asks to send debugging information to Microsoft, you should click Don't Send. http://www.ciac.org/ciac/bulletins/m-005.shtml
IP: DOJ's Already Monitoring Modems (fwd)
-- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Thu, 29 Nov 2001 04:01:35 -0500 From: David Farber [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: IP: DOJ's Already Monitoring Modems From: Monty Solomon [EMAIL PROTECTED] DOJ's Already Monitoring Modems By Declan McCullagh and Ben Polen 4:42 p.m. Nov. 28, 2001 PST WASHINGTON -- The Department of Justice already is using its new anti-terrorism powers to monitor cable modem users without obtaining a judge's permission first. A top Bush administration official lauded the controversial USA Patriot Act at a Senate hearing on Wednesday, saying that the new abilities have let police obtain information in investigations that was previously unavailable. We would not have been able to do (this) under prior law without a specific court order, said Michael Chertoff, assistant attorney general in the Justice Department's criminal division. ... http://www.wired.com/news/conflict/0,2100,48711,00.html For archives see: http://www.interesting-people.org/archives/interesting-people/
IP: Routes of Least Surveillance (fwd)
-- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Wed, 28 Nov 2001 11:06:52 -0500 From: David Farber [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: IP: Routes of Least Surveillance http://www.notbored.org/the-scp.html From: Monty Solomon [EMAIL PROTECTED] Routes of Least Surveillance By Erik Baard 2:00 a.m. Nov. 28, 2001 PST It's not the journey or the destination; it's the getting there unseen that counts. Or so goes the thinking behind a new mapping utility created by civil libertarians to guide New Yorkers through Manhattan along routes with the fewest surveillance cameras. It's like Mapquest for dissidents and paranoiacs, or for those simply creeped out by the feeling of being watched, constantly, by countless mechanical eyes. The service, called iSee, was created by the Institute for Applied Autonomy, a group of technologists, and the New York Surveillance Camera Project, an offshoot of the New York Civil Liberties Union. ... http://www.wired.com/news/privacy/0,1848,48664,00.html For archives see: http://www.interesting-people.org/archives/interesting-people/
Re: Denning's Geo-crypto
On Thu, 22 Nov 2001, Roy M. Silvernail wrote: Using a GPS coordinate set as keying material? Hope it's just Given that a GPS receiver gets ephemeris data, almanach data and pseudorandom code from each currently visible sat it has probably to do with the latter. Consider S/A (which may or may not be switched off now, I haven't checked): if you've got a secret part of the key you can refine your position despite deliberate degradation (selective availability) than the party without the key. additional keying material. Knowing the intended destination of something like a movie in transit to a theater seems pretty easy, and the set of GPS coordinates encompassing your average multiplex would seem to be pretty small compared to the usual keyspaces discussed here.
Re: Denning's Geo-crypto
On Thu, 22 Nov 2001, Eugene Leitl wrote: Given that a GPS receiver gets ephemeris data, almanach data and pseudorandom code from each currently visible sat it has probably to do with the latter. Consider S/A (which may or may not be switched off now, I haven't checked): if you've got a secret part of the key you can refine your position despite deliberate degradation (selective availability) than the party without the key. Forgot the URL: http://www.csr.utexas.edu/texas_pwv/midterm/gabor/gps.html The PRN is a tapped feedback shift register.
Re: Carnivore To Get Magic Lantern
On Wed, 21 Nov 2001 [EMAIL PROTECTED] wrote: 2. Add ID token (e.g., Dallas Semi iButton) support to gpg Doesn't suffice, if you see/encrypt clear on a compromised machine. Air gap or a dedicated hardened crypto machine (embedded with a private eye type of display connected to the main machine via a simple, provably secure protocol). Airgap (MOD sneakernet) is the easiest solution so far. But we've been through this before.
IP: Encryption: How Prevalent Is It? (fwd)
-- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Mon, 12 Nov 2001 09:35:31 -0500 From: David Farber [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: IP: Encryption: How Prevalent Is It? Date: Mon, 12 Nov 2001 09:27:00 -0500 From: Dorothy E. Denning [EMAIL PROTECTED] Organization: Georgetown University Encryption: How Prevalent Is It? Oct. 15, 2001 By Lisa Boomer-Smith snip To learn more about encryption practices, InformationWeek Research fielded a national survey this summer with the President's Export Council Subcommittee on Encryption. Of the 500 sites surveyed, two-thirds report using encryption to protect company data. Of those sites using encryption technologies, 71% are strongly committed to data encryption, while 21% are somewhat committed. snip http://www.informationweek.com/story/IWK20011011S0015 See also: http://www.informationweek.com/857/encryption.htm -- Prof. Dorothy E. Denning Georgetown University http://www.cs.georgetown.edu/~denning For archives see: http://www.interesting-people.org/archives/interesting-people/
IP: Risks of belief in identities: [risks] Risks Digest 21.74 (fwd)
-- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Mon, 12 Nov 2001 08:57:54 -0500 From: David Farber [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: IP: Risks of belief in identities: [risks] Risks Digest 21.74 Date: Sat, 10 Nov 2001 11:54:17 PST From: Peter G. Neumann [EMAIL PROTECTED] Subject: Risks of belief in identities For those of you who might believe that national ID cards might be a good idea, check out the December 2001 *Commun.ACM* Inside Risks column by me and Lauren Weinstein, previewed on my Web site http://www.csl.sri.com/neumann/insiderisks.html in anticipation of a U.S. House hearing next Friday on that subject. It is not just the cards themselves that would entail risks, but even moreso all of the supporting infrastructures, widespread accessibility to networking, monitoring, cross-linked databases, data mining, etc., and particularly the risks of untrustworthy insiders issuing bogus identification cards -- as happened a few years back on a large scale in the Virginia state motor vehicle agency (RISKS-11.41). The latest item on the ease of getting phony or illegal or unchecked identification papers is found an article by Michelle Malkin (Creators Syndicate Inc.), which I saw in the *San Francisco Chronicle* on 10 Nov 2001: Abdulla Noman, employed by the U.S. Department of Commerce, issued bogus visas in Jeddah, Saudi Arabia, in one case in 1998 charging approximately $3,178. The article also notes a variety of sleazy schemes for obtaining visas, in some cases without ever appearing in person and without any background checks, and in other cases for ``investments'' of a hundred and fifty thousand dollars. The article concludes with this sentence: ``Until our embassy officials stop selling American visas blindly to every foreign investor waving cash, homeland security is a pipe dream.'' I'm not sure that conclusion is representative of the full nature of the problem of bogus identification, but the problem is clearly significant. A driver's license or a passport or a visa or a National ID card is not really proof of identity or genuineness or anything else. For archives see: http://www.interesting-people.org/archives/interesting-people/
IP: Wanna make biological weapons and take out cities? $10. (fwd)
-- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Wed, 21 Nov 2001 14:37:50 -0500 From: David Farber [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: IP: Wanna make biological weapons and take out cities? $10. Date: Wed, 21 Nov 2001 10:58:28 -0600 From: [EMAIL PROTECTED] Subject: Wanna make biological weapons and take out cities? $10. To: [EMAIL PROTECTED], [EMAIL PROTECTED] X-Mailer: SPRY Mail Version: 04.00.06.17 Here's a disturbing story from today's New York Times: http://www.nytimes.com/2001/11/21/national/21BOOK.html?todaysheadlines I sure hope that the government is investigating and following each and every person who buys a copy of this book... I wonder if there's a way to force Tobiason to foot the bill for that security? In any case, jerks like this clearly aren't helping to keep our nation secure... if anything, crap like this will make our government MORE repressive (not less). [quote] November 21, 2001 THE HOW-TO BOOK In Utah, a Government Hater Sells a Germ-Warfare Book By PAUL ZIELBAUER with WILLIAM J. BROAD SALT LAKE CITY, Nov. 19 At the Crossroads of the West gun show here last weekend, weapons dealers sold semi- automatic rifles and custom-made pistols, and ammunition wholesalers unloaded bullets by the case. But perhaps the most fearsome weapon for sale in the cavernous, crowded exposition center was a book. Next to the Indian handicraft booth, Timothy W. Tobiason was selling printed and CD copies of his book, Scientific Principles of Improvised Warfare and Home Defense Volume 6-1: Advanced Biological Weapons Design and Manufacture, a germ-warfare cookbook that bioterrorism experts say is accurate enough to be dangerous. Mr. Tobiason, an agricultural-chemicals entrepreneur from Nebraska with a bitter hatred for the government, said he sold about 2,000 copies of his self-published book a year as he moved from gun show to gun show across America. The book, which includes directions for making mail delivered anthrax, suggests that the knowledge necessary to start an anthrax attack like the one that has terrorized the East Coast is readily accessible. snip For archives see: http://www.interesting-people.org/archives/interesting-people/
FYI:Development list (was: Re: [mix-l] Verifying DH/DSS Sigs) (fwd)
-- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Wed, 14 Nov 2001 13:20:37 -0800 (PST) From: Len Sassaman [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Development list (was: Re: [mix-l] Verifying DH/DSS Sigs) Hi folks, For those of you interested in contributing to/knowning more about the development of Mixmaster, there is a list set up on SourceForge for that purpose. http://lists.sourceforge.net/lists/listinfo/mixmaster-devel Thanks, Len On Tue, 13 Nov 2001, QuickSilver wrote: Hi All! I'm having a problem verifying these signatures with mix2.9b12(win). RSA keys verify fine but with DH/DSS I get PGP_SIGBAD returned from my pgp_decrypt call and the sig buffer is completely empty rather than containing sig info. PGP, on the other hand, verifies the same signatures ok. Has anyone else run into this. I think I must be missing something. Thanks, Richard -- R.Christman Benchmark Software [EMAIL PROTECTED] http://quicksilver.skuz.net Yahoo! Groups Sponsor -~-- Universal Inkjet Refill Kit $29.95 Refill any ink cartridge for less! Includes black and color ink. http://us.click.yahoo.com/Vv.L9D/MkNDAA/ySSFAA/kgFolB/TM -~- To Post a message, send it to: [EMAIL PROTECTED] To Unsubscribe, send a blank message to: [EMAIL PROTECTED] Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
[CrackMonkey] overheard on gale (fwd)
-- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Wed, 14 Nov 2001 09:16:14 -0800 From: Nick Moffitt [EMAIL PROTECTED] To: Mama's lil' monkeys love shortnin' bread [EMAIL PROTECTED] Subject: [CrackMonkey] overheard on gale To [EMAIL PROTECTED] Fugu/1.1.7 Hrm. So I'm definitely quitting havenco in the next 6 months. I think I will do an ecash company (I will have cash and dividend income from havenco to finance it) I hope second system effect doesn't apply to startups. HavenCo is semi-successful and fairly reasonable; I'm afraid if I do a new company I will overengineer a lot of it. -- Ryan Lackey [EMAIL PROTECTED] at 11-14 07:35:07 -- INFORMATION GLADLY GIVEN BUT SAFETY REQUIRES AVOIDING UNNECESSARY CONVERSATION 01234567 - The amazing* indent-o-meter! ^ (*: Indent-o-meter may not actually amaze.) ___ CrackMonkey: Non-sequitur arguments and ad-hominem personal attacks http://crackmonkey.org/mailman/listinfo/crackmonkey
RE: Monkeywrenching airport security
On Sat, 17 Nov 2001, David Honig wrote: At 10:57 AM 11/17/01 -0800, Sandy Sandfort wrote: Airport chemical sniffers apparently look for the signature of nitrogen compounds, not explosives, per se. I've often wondered how many weekend Unless they look for nitrogen in bulk of the specimen (PGNAA), a very expensive/low-processivity technique unsuitable for mass luggage screening they're limited to stuff stuck to surfaces (lasers, swabbing/ion motility spectrometer) and volatile sniffers (chemical sensors, canines). Many classes of explosives contain no nitrogen, many of those which contain nitrogen and are free of volatile tracers don't emit much volatiles, if properly packaged even very volatile explosives (say, methyl or ethylnitrate) can be sealed (glass bottles). Generally, the maker and the packager, unless they work very cleanly/are suited should not be the courier, nor the outer containers be present in the contaminated area. In short, detection probability is only high for sloppy/dumb people. gardeners have gotten hassled and delayed because of trace amounts of ammonia-based fertilizers on their person and effects. If you plan to fly, Salts are different from traces of uncombusted nitrocellulose deposited on any surface of a nearby gun being fired. be sure to wash your hands thoroughly before heading out for the airport if you have been shoot, gardening or house cleaning. I've wondered about that too; airport sniffers must have encountered Miracle Gro and angina nitro during the early days, measuring Nitroglycerin is not volatile, is present in large dilution (~0.1%) in small quanitities (pharma bottle). Ditto nitrate salts in a water solution. a false alarm rate. Shooting is scary; you could contaminate your car driving back from the range, then contaminate your travel gear. I think you should be able to get a good positive if you'd fire several rounds of vanilla smokeless with baggage surface being near the muzzle of the gun. Try it sometime, if you're unafraid of winding up in a database. I've found that transporting computer parts (motherboard) in hand luggage can suffice to trigger swabbing (if you're really bored you can discuss detection of Semtex traces with airport security). The explosives expert in one of the older terror trial docs on cryptome says things suggesting that a few washes will remove traces. (And contaminate clothes washed with them.) Just use an overall when you're at the range, and wash it separate. I once checked out the screen on a sniffer, and they list nitrates as a category. I suppose having PETN (another category) detected on your laptop would be harder to explain :-) If you want to fool the security, you should become familiar with the type of detectors used on your luggage. Of course, best solution is using human factors to not have your stuff being screened at all. -- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3
Re: Cypherpunk failures
On Sat, 17 Nov 2001, Declan McCullagh wrote: This is actually partly true -- even Freenet, perhaps the most promising cypherpunkly project with live code right now, barely gets a mention on the list. Mojonation is ailing, too. Barely a trickle of few posts/week on all mojo lists taken together.
[BIOWAR] Chemcial/Biological Satellite Course (fwd)
-- Forwarded message -- Date: Sat, 17 Nov 2001 11:07:53 -0500 From: Patricia Doyle, PhD [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [BIOWAR] Chemcial/Biological Satellite Course Those interested in taking the 3 day satellite seminar presented by USAMRIID and USAMRICD go to biomedtraining.org and register for the FREE 3 day event. 12:30pm-4:30pm Nov. 27, 28 29th. There is no charge to view the broadcast and it is going to be presented at downlink sites around the US, Southern Canada, Puerto Rico, Alaska and Hawaii. Those who wish to view online webcast, also register at that website. CME credit available for the course. A rebroadcast will take place in Dec., I believe around Dec. 9th. I have taken the courses and find the material to be extremely accurate, and timely. Simply log onto biomedtraining.org, register for username and password, then pick the site you choose to view the broadcast and register. After registration, call or email site facilitator for confirmation of registration. Simple as that. Last year we even got free luch, (sandwhichs and soda) and text book. Those who cannot attend the broadcast can still download program materials on the biomedtraining.org site. pdf files available. At this time in history, we do not want to let these learning opportunities go by. Patricia Doyle Patricia A. Doyle, PhD Please visit my Emerging Diseases message board at: http://www.clickitnews.com/emergingdiseases/index.shtml Zhan le Devlesa tai sastimasa Go with God and in Good Health _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Post to: [EMAIL PROTECTED] Unsubscribe to: [EMAIL PROTECTED] List info: www.topica.com/lists/biowar ==^ This email was sent to: [EMAIL PROTECTED] EASY UNSUBSCRIBE click here: http://topica.com/u/?bz8Q0W.a9I0on Or send an email to: [EMAIL PROTECTED] T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^
IP: Beyond Carnivore: FBI Eyes Packet Taps (fwd)
-- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Sun, 21 Oct 2001 06:07:48 -0400 From: David Farber [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: IP: Beyond Carnivore: FBI Eyes Packet Taps From: Monty Solomon [EMAIL PROTECTED] Subject: Beyond Carnivore: FBI Eyes Packet Taps October 18, 2001 Beyond Carnivore: FBI Eyes Packet Taps By Max Smetannikov Expect the FBI to expand its Internet wiretapping program, says a source familiar with the plan. Stewart Baker, a partner with law firm Steptoe Johnson, is a former general counsel to the National Security Agency. He says the FBI has spent the last two years developing a new surveillance architecture that would concentrate Internet traffic in several key locations where all packets, not just e-mail, could be wiretapped. It is now planning to begin implementing this architecture using the powers it has under existing wiretapping laws. http://www.interactiveweek.com/article/0,3658,s%253D605%2526a%253D16678,00.asp For archives see: http://www.interesting-people.org/archives/interesting-people/
Re: Explosives found at Greyhound bus terminal
On Fri, 19 Oct 2001, Greg Newby wrote: For the interested, here's a great recipe for composition 4 explosives: http://www.pointlesswasteoftime.com/tech/c4.html Since some of the chemicals cited in above recipe are not so easily obtainable, so feel free to substitute them by powdered RDX and a plasticizer in a 91:9 ratio. A good plasticizer can be made from polyisobutylene, motor oil, and Di(2-ethylhexyl) sebaceate.
IP: U.S. On Verge of 'Electronic Martial Law' (fwd)
-- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Sun, 21 Oct 2001 12:39:42 -0400 From: David Farber [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: IP: U.S. On Verge of 'Electronic Martial Law' U.S. On Verge of 'Electronic Martial Law'--Researcher Newsbytes (10/15/01); Featherly, Kevin The United States is unduly clamping down on the Internet in order to root out terrorist activities online, argues University of Illinois professor Heidi Brush, who says the federal government would do better to rethink the conceptual framework of U.S. communications instead. She spoke at the recent Internet Research 2.0 gathering for the Association of Internet Researchers. Although offering no concrete fixes to the problem, Professor Brush painted a grim picture of Internet martial law being imposed in a vain attempt to capture distributed terrorist groups. Terrorists' style of Net war, a term coined earlier by experts at the RAND policy think tank, would prove elusive to counter by the lumbering centralized government, she said. http://www.newsbytes.com/news/01/171130.html For archives see: http://www.interesting-people.org/archives/interesting-people/
Re: used lab equiptment
On Thu, 18 Oct 2001 [EMAIL PROTECTED] wrote: A specialized ultrasonic device is not required to produce micron fine aerosol powders. All one needs is a used and cleaned print head In fact not, pressure waves strong enough to aerosol liquid will also cause cavitation, resulting in heating and destruction of material. assembly and its piezo pulse circuitry. Nozzle apertures are typically 25-50 micron and if the material is suspended, in weak Ever tried pushing a bacterial suspension through a printer head (processivity set aside)? It will clog it up in no time. concentration, in a solution which quickly evaporates but doesn't harm the spores it should produce moderate quantities of fine powder quickly. Um, why don't we quit armchair microbiology, and stick to what we can best: produce lots of uninformed speculations? Oh. If smaller sizes are desired a field ring charged to 1000-3000v DC can be placed around and in front of the nozzles. If operated in sync with the nozzle pulses it can cause a the emerging droplets to cascade to nanometer size via the electrospray effect (now becoming common in drug production). See http://www.essex.ac.uk/bs/staff/colbeck/index.htm#appas I think it should be easy enough to look up relevant patents online, assuming one is bored enough.
FYI: Speak Freely for Unix 7.5 Pre-Release Available (fwd)
-- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Thu, 18 Oct 2001 13:52:24 +0200 From: John Walker [EMAIL PROTECTED] To: Speak Freely Mailing List [EMAIL PROTECTED] Subject: Speak Freely for Unix 7.5 Pre-Release Available This announcement pertains only to Speak Freely for Unix. Users of the Windows version need read no further. A pre-release of Speak Freely for Unix (Linux, FreeBSD, Solaris, IRIX, etc.) version 7.5 is now available. This release is intended for early adopters interested in testing one or more of the new capabilities and/or verifying whether problems intended to be resolved in this release actually have been. If you're engaged in modifying Speak Freely or adapting code from it for use in other applications, the code clean up in this version makes it a better starting point for your work. Download Information Speak Freely for Unix 7.5 may be downloaded from: http://www.fourmilab.ch/speakfree/unix/download/7.5/speak_freely-7.5.tar.gz This is a gzipped TAR archive containing complete source code; the format of the distribution is unchanged from earlier releases. The distribution contains a complete development log in the file log.doc. An extract from this document including all changes in 7.5 and several prior versions may be read on-line at: http://www.fourmilab.ch/speakfree/unix/download/7.5/sfunix_log_7.5.html New Features Support has been added for Federal Standard 1016 CELP (Code-Excited Linear Prediction) audio compression, via a new -celp switch in sfmike. This algorithm compresses voice-grade audio to a 4800 bit per second data stream with quality comparable to that of GSM (13000 bits/second) compression. CELP compression (but not decompression) is fantastically computationally intense. While a 50 MHz 486 suffices for GSM, the price of admission for CELP is on the order of a 600 MHz Pentium III or equivalent. Note that for floating-point intense code like this performance depends more on processor architecture than clock rate: a 300 MHz UltraSPARC (v9), which has five floating point units and can issue two floating point instructions at once, runs CELP compression about three times faster than real time notwithstanding its slower clock. Sfecho now permits simulation of transmission errors on poor connections. A new -z option lets you specify a percentage of packets to randomly drop and shuffle. This allows testing error-tolerant algorithms by running sfecho on a local machine, set to emulate a channel with properties like the one the algorithm is intended to cope with. Robust transmission mode may now be used with any compression mode in Speak Freely protocol, not just LPC10. A separate -robustN option on sfmike sets the number of sequence numbered copies of each packet to be sent, which may now be as many as 8. Processing of robust mode packets in sfmike is greatly improved over the bonehead algorithm I originally used. Each packet contains a sequence number which increments modulo 256. Previously, packets were discarded only if they contained precisely the same sequence number as the immediately preceding one. The new code computes the difference between the current packet's sequence number and that of the last one played (taking account of the modulo 256 wrap-around) and discards the packet if its sequence number is less than or equal to that of the last packet, but not more than 16 less. This should discard most packets shuffled by multipath routing, while limiting the maximum loss in the case of intermittent outages which completely lose sync to at most 16 packets. A sample speech file containing four sentences spoken by male and female speakers (originally supplied as a test for the CELP library) is now included as speech.au in the Speak Freely distribution. (The original test file was 8 kHz 16 bit PCM--the version supplied in the distribution has been recoded as 8 kHz mu-law, Speak Freely's native format.) This file allows evaluation of different compression modes and diagnosis of problems due to audio input hardware settings (clipping, insufficient input gain, incorrect sampling rate, or conversion to mu-law, etc.) by comparing live audio against this properly recorded file. Bug Fixes - Transmission of face images now works when the audio stream is encrypted. (Fix by Ivan Popov.) LPC10 audio compression should no longer be vulnerable to compiler optimisation problems on various platforms, nor to potential byte order or alignment problems. The original LPC10 codec was machine-translated from FORTRAN into KR C and contained numerous constructs which invited code generation problems. The code is now fully prototyped ANSI C and should no longer have
Threat Recognition Testing (fwd)
-- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Fri, 5 Oct 2001 04:49:08 -0700 From: J. R. Molloy [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Threat Recognition Testing Brain fingerprinting: What you thought, what I meant David Coursey http://www.zdnet.com/anchordesk/stories/story/0,10738,2816429,00.html The name: Brain Fingerprinting is a particularly unfortunate name that suggests an ability to somehow gather the contents of someone's brain for identification. It is also painfully close to brain washing. For this discussion, I will propose a more accurate, descriptive term: Threat Recognition Testing, or when used in criminal investigations, Evidence Recognition Testing. What the test looks for: Threat Recognition Testing seeks to determine whether the subject being tested recognizes certain items--which may be images of physical items, pictures, or terminology. If the subject being tested recognizes enough specific items, he or she can be assumed to have certain training or experience. In actual testing, the technique was used to find 100 percent of the FBI agents in a test group without falsely selecting civilians as FBI agents. How was this done: The subjects were shown words and images that only an FBI agent would recognize. The non-FBI agents did not recognize these images and words. How the test works: Subjects are hooked up to a device that measures brain activity (the cerebral equivalent of a heart monitor) and shown a series of images. An image or word the person recognizes presents a distinct brainwave pattern when compared with an unrecognized image or word. The person cannot consciously control this response. The test does not care who you are, where you are from, your gender, religious beliefs--anything other than whether you recognize a specific word or image. All of the words and images can be given to the subject in advance without affecting the test result. When good people recognize bad things: It is obvious that a bank robber and an FBI agent who investigates bank robberies would recognize many of the same things. For that reason, additional images can be presented to subjects in order to more precisely understand the context in which an object is recognized. In an interactive testing system, this could be done automatically, with the test adapting itself to probe more deeply into areas of concern. Does the test read someone's mind? The test does not determine what someone is thinking, or even whether they are lying or not. It does, however, determine if a person recognizes specific things. The test does not plant any ideas or images into the subject's mind. Here's an example of how the test might be used: Take one murder suspect, add images only the murderer would know--faces of victims, locations, weapons, etc.--and you should be able to separate the innocent from the potentially guilty pretty quickly. In a terrorist-screening scenario, you'd look for recognition of items related to terrorist training and organizations. Score enough positives and you'd become very interesting to the authorities. This is not a technique for discovering things like whether you cheat on your taxes or spouse (or both). It also won't tell whether you are a Republican, Democrat, or something else, though it could determine whether you attended one of the parties' national conventions (by testing you on what you would have seen there). The strengths: The test is excellent at clearing the innocent and, properly given, can determine, if not always guilt, then at least what knowledge a subject possesses, allowing for further investigation. The testing is computerized, could require no human intervention, and is not racially, ethnically, or culturally biased. Testing could take as little as 10 minutes, but could be expanded to cover more items, thus adding the detail necessary to separate security risks from non-risks. The limitations: This technology has been tested and accepted by courts, though additional testing certainly makes sense. There are also some technical hurdles which today make the technique more suited for longer testing of specific individuals (suspects) than quick testing of the general public (screening). This specifically relates to the devices used to record brain activity. With digital signal processing, it should be possible to improve the signal-to-noise ratio (which shortens the time needed for testing). Actually creating the tests is a non-trivial matter, especially when screening for potential problems rather than investigating an actual crime or incident. --- --- --- --- --- Useless hypotheses, etc.: consciousness, phlogiston, philosophy, vitalism, mind, free will, qualia, analog
Re: [ISN] CRYPTO-GRAM SPECIAL ISSUE, September 30, 2001 (fwd)
-- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Wed, 3 Oct 2001 02:20:55 -0500 (CDT) From: InfoSec News [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [ISN] CRYPTO-GRAM SPECIAL ISSUE, September 30, 2001 Forwarded from: Aj Effin Reznor [EMAIL PROTECTED] Pardon the rant. Since Bruce went down his yellow brick road to the Land Where Full Disclosure Is Bad, I have been wondering about the usefulness of a crypto guy functioning as the head of a security company. InfoSec News was known to say. Watching the television on September 11, my primary reaction was amazement. Thanks for reminding us that you're human... supports and collapse the World Trade Center. It seems probable that they placed advantageous trades on the world's stock markets just before the attack. No one planned for an attack like this. We like to think that human beings don't make plans like this. From what I've gathered since the 11th, this *was* planned for, in a sense. The scenario was deemed unlikely enough that any preparation for such an occurance was considered pointless. It was also a new type of attack. One of the most difficult things about a (This line is important in a minute). Airline Security Regulations Computer security experts have a lot of expertise that can be applied to the real world. First and foremost, we have well-developed senses of what security looks like. We can tell the difference between real security and snake oil. And the new airport security rules, put in place after September 11, look and smell a whole lot like snake oil. We computer security experts. (A) Bruce does crypto, not security. When he made the cutover, and rapidly rose to the rank of expert is unknown to me. (B) It's always been said that no one who calls themself an expert in anything, is. And chances are the ones who don't, are. All the warning signs are there: new and unproven security measures, no real threat analysis, unsubstantiated security claims. The ban on cutting Claims like full disclosure is bad. I'd like to see what studies this ideology is based on. Parked cars now must be 300 feet from airport gates. Why? What security problem does this solve? Why doesn't the same problem imply that passenger drop-off and pick-up should also be that far away? Curbside check-in has been eliminated. What's the threat that this security measure has solved? Why, if the new threat is hijacking, are we suddenly worried about bombs? Pudding, including proof. Since this is a new style of hijacking, then clearly this is all we must concentrate on? I didn't see people taking down firewalls just because Code Red Nimda passed right through and hit web servers. No, new threats need to be responded to without neglecting every previous threat. Bruce seems to think that just because these guys were so clever, that they'd never resort back to a simple car bomb parked next to an airport terminal. No, they'd never go low-tech. Think: Boxcutters. The rule limiting concourse access to ticketed passengers is another one that confuses me. What exactly is the threat here? Hijackers have to be on the planes they're trying to hijack to carry out their attack, so they have to have tickets. And anyone can call Priceline.com and name their own price for concourse access. Unless they were simply planting a bomb in the luggage compartment. You know, like an airport-employed *baggage*handler* would be able to do. Bruce is making far too many assumptions which, instead of bordering on the fanatical are instead bordering on the blind. Increased inspections -- of luggage, airplanes, airports -- seem like a good idea, although it's far from perfect. The biggest problem here is Inspection of what, a hijacker? Until a hijacking occurs, any terrorist is merely a potential hijacker. What are these inspections for that Bruce supports? Bombs? The same ones he thinks are a non-issue now? Positive bag matching -- ensuring that a piece of luggage does not get loaded on the plane unless its owner boards the plane -- is actually a good security measure, but assumes that bombers have self-preservation as a guiding force. It is completely useless against suicide bombers. Now bombs *are* an issue again! This waffling is feeling rather Clinton-esque! The real point of photo ID requirements is to prevent people from reselling tickets. Nonrefundable tickets used to be regularly advertised in the newspaper classifieds. Ads would read something like Round trip, Boston This much I agree with. Biometrics in Airports You have to admit, it sounds like a good idea. Put cameras throughout airports and other public congregation
[ISN] Hijackers' e-mails sifted for clues Computer messages weresentuncoded (fwd)
-- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Wed, 3 Oct 2001 02:18:55 -0500 (CDT) From: InfoSec News [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [ISN] Hijackers' e-mails sifted for clues Computer messages were sentuncoded Forwarded from: Patrice Auffret [EMAIL PROTECTED] http://www.usatoday.com/usatonline/20011001/3496196s.htm Hijackers' e-mails sifted for clues Computer messages were sent uncoded By Kevin Johnson USA TODAY WASHINGTON -- Federal authorities believe that some of the 19 hijackers involved in the Sept. 11 terrorist attacks were using computers in all-night Kinko's stores and cybercafes in South Florida to coordinate their activities in the weeks before the assaults. Investigators have amassed what they described as a ''substantial'' amount of e-mail traffic among the hijackers. Some of the messages were exchanged in a mix of English and Arabic. None of the communications, authorities said Sunday, involved the use of encryption or other code to disguise the contents of the messages. At least two laptop computers seized in the United States were being examined closely by investigators. They hope to determine whether the machines contained information that could help identify associates of the hijackers in this country or provide leads about future terrorist attacks, a senior law enforcement official said. The disclosure appeared to be further evidence that the hijackers felt free to conduct their business in the open without much fear they would be discovered. Late last month, law enforcement officials said they believed that the hijackers or their associates did extensive scouting missions on various airline routes before settling on flights originating in Boston, Newark, N.J., and Washington. Investigators said they believe that the hijackers selected the four flights they commandeered Sept. 11 because passenger loads generally were light and the fuel tanks on the jets, all on transcontinental routes, were full. Official interest in the hijackers' methods of communication comes as the largest criminal investigation in U.S. history continues to widen. The attacks left nearly 6,000 people dead or missing. - ISN is currently hosted by Attrition.org To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn' in the BODY of the mail.
IP: Newsweek: FBI had one hijacker before Sept 11th and Justice DeptBumbled (fwd)
-- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3
-- Forwarded message --
Date: Wed, 03 Oct 2001 12:59:34 -0400
From: David Farber [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: IP: Newsweek: FBI had one hijacker before Sept 11th and Justice
Dept Bumbled
Date: Wed, 03 Oct 2001 09:44:40 -0700
From: Robert J. Berger [EMAIL PROTECTED]
{The FBI and the Justice Dept had tools before Sept 11 and didn't use
them. They don't need more ways to errode our civil liberties, they need
to be competent}
** Access Denied **
FBI agents in Minneapolis weren't given approval to search terrorist
suspect's hard drive by the Justice Department. If 'two and two' were put
together could hijackings have been stopped, asks one investigator. A Web
exclusive by Michael Isikoff and Daniel Klaidman
http://www.msnbc.com/modules/exports/ct_email.asp?/news/636610.asp
Oct. 1 Top Justice Department and FBI officials turned down a request
by Minneapolis FBI agents early last month for a special
counterintelligence surveillance warrant on a suspected Islamic terrorist
who officials now believe may have been part of the Sept. 11 plot to
attack the World Trade Center and Pentagon, NEWSWEEK has learned.
snip.
--
For archives see: http://www.interesting-people.org/
STILL OFF TOPIC: Re: America needs therapy
On Mon, 1 Oct 2001, Steve Schear wrote: At 01:25 PM 10/1/2001 -0400, James B. DiGriz wrote: Declan McCullagh wrote: A far more productive application of corporate welfare would be if that money were spent on engineering research and development of geosynchronous solar power microwave relays, fusion and advanced fission reactors, GEO is lousy: it's too far away, and it's packed already. Newer concepts assume LEO with active microwave focus tracking of the rectenna ground array with phased array antennas integrated into the solar array. You have to have sufficient amounts of hardware in the sky for continuous line of sight presence. permanent manned statons on the Moon, Mars, asteroids, etc. The planet and Luna is closest, and it's near enough for relativistic lag being low enough to allow teleoperation. Sending monkeys elsewhere would seem a later stage. its politics would likely be a lot cleaner. Just one beneficial side effect. Research in geosynchronous power satellites is still being funded. One program, started in Japan but which is now also funded by NASA, uses 5.7 GHz transmission to a ground based RECifying anTENNAs. Another project intends to use IR lasers. My understanding is these projects are receiving serious funding and prototypes should fly soon. Problem is high LEO launch costs. It would seem easier to build automated and teleoperate fabbing and (linear motor) launching facilities on Luna, and circularize orbit mostly by aerobraking. -- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3
Re: SF development (fwd)
-- Forwarded message -- Date: Mon, 01 Oct 2001 16:30:17 -0400 From: Kirk Reiser [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: SF development I don't know what happened to Brian however as far as I know John Walker is still lurking. Development is anything but halted. Ron Bessem has a mixing version of the windows speak freely and Jonnas and I have a unix/linux version in cvs. Changes have not been happening quickly recently but that is because we are both busy on other projects. You are of course welcome to get involved and help with the development. There's plenty of room for everyone. cvs -d:pserver:[EMAIL PROTECTED]:/usr/src/CVS login password: please cvs -d:pserver:[EMAIL PROTECTED]:/usr/src/CVS co speak_freely (unix/linux) or win_sf for windows) Kirk * * * To unsubscribe from this mailing list, send E-mail containing the word unsubscribe in the message body (*not* as the Subject) to [EMAIL PROTECTED]
Re: America needs therapy
On Mon, 1 Oct 2001, Harmon Seaver wrote: Not true at all. Biodiesel is being marketed in the US today at competitive prices, and obviously, like anything else, economies of scale would bring down that price. Ethanol is another one. Brazil run Biodiesel and bioethanol are horribly inefficient as far as conversion of solar energy and agricultural area is concerned. Large scale agriculture is not exactly environmentally neutral. They're extreme niche or gimmick fuels at best. Synfuel and synthetic methanol as well as hydrogen via fuel reforming from fossils and biomass/renewables is another thing entirely, and entirely worthwhile. Both synthetic methanol and fuel reforming allows slow migration to fuel cells, without pissing off the fossil fuel people. a large portion of it's vehicles on ethanol. -- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3
OFF TOPIC: Re: America needs therapy
This is about as off-topic as the mold issue. You've been warned. On Mon, 1 Oct 2001, Harmon Seaver wrote: Biodiesel and bioethanol are horribly inefficient as far as conversion of solar energy and agricultural area is concerned. Large scale agriculture is not exactly environmentally neutral. They're extreme niche or gimmick fuels at best. Where do you get that from? Are you saying that farmers aren't growing canola oil at a profit? Farmers are also growing corn and that corn is turned into ethanol at a profit. No. I'm saying if you use bioethanol, biodiesel or oil made from agricultural products you're milking a negligable fraction of the solar constant (1.4 kW/m^2 flux hereabouts), even solar constant at the bottom of this gravity well (varies greatly). Plus, you kill soil, reduce biodiversity, contaminate ground water, reduce ground water level plus cause salination in susceptible areas, burn energy for machines, fertilizer Co and create waste. There are also less tangible but nevertheless real factors such as high material fluxes, associated pollution, perpetuation of Carnot cycle machines and agromafia. What we need is sufficient control of molecular self-replication that we can use photons directly for photosynthesis or water photolysis. Before we'll get that, we'll have to settle for conventional thin-film and polymer photovoltaics, electrolysis and photoelectrolysis/photosynthesis. I would think that CuInSe thin film would do very nicely today if facade-integrated, before we get polymer. http://journeytoforever.org/ethanol.html Ethanol is a highly efficient fuel. A study by Energy density of ethanol is about half of gasoline. You *can* use it in a fuel cell or a fuel reformer, but methanol is easier. Methanol - synthesis gas conversion is really clean. the Institute of Local Self-Reliance in the US found that using the best farming and production methods, the amount of energy contained in a gallon of ethanol is more than twice the energy used to grow the corn and convert it to ethanol. So, assuming these people haven't been pulling data straight from their ass, you have to burn half of the ethanol you would get from a square meter of a field in order to do it. Not counting the presence of said field, the agricultural infrastructure and the agrohol plant. The US Department of Agriculture says each BTU (British Thermal Unit, an energy measure) used to produce a BTU of gasoline could be used to produce 8 BTUs of ethanol. Now this says something else than journeyforever folks said. 8:1 is something else than 2:1. The non-profit American Coalition for Ethanol says ethanol production is extremely energy efficient, with a positive Energy efficient as compared to what exactly? Nuke, fossil, photovoltaics, wind? And, of course, energy is only a very small part of the picture. energy balance of 125%, compared to 85% for gasoline, making ethanol production by far the most efficient method of producing liquid transportation fuels. Now, it's only 125%. Very strange numbers, these. If you are refering to the paper done by Pimental, that study was seriously flawed (so much so that one might think it was paid for by big oil) and thoroughly debunked. See: http://journeytoforever.org/ethanol_energy.html I do not refer to the study of Pimenthal, just seat of the pants ecology and 8th class highschool level physics. I don't have time to google for this stuff, but I'm sure you'll find enough references as to why bioethanol and biodiesel are hardly a silver bullet. -- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3
IP: Do read -- EFF statement on opposition to MATA/ATA (fwd)
-- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Sun, 23 Sep 2001 06:25:50 -0400 From: David Farber [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: IP: Do read -- EFF statement on opposition to MATA/ATA EFF members have asked why we have objected to some of the proposed changes to wiretapping and other laws made in the aftermath of the recent terrorist attacks on the U.S. We do not raise these objections lightly, not are they light objections. We fully support legitimate government efforts to bring the perpetrators of these attacks to justice. Yet as a watchdog for civil liberties, we are skeptical of claims that the only way we can increase our security is by giving up our freedoms. And a close look at the specific measures proposed shows several areas that should concern all Americans. First, these bills are not being carefully reviewed, or even reviewed at all, by our lawmakers. SA 1562 was introduced late at night and voted on within a half hour, with several senators complaining that they had not been given the chance to read it. Similarly, both MATA and its later incarnation, ATA, are long and complex bills, making changes throughout our legal structure. Yet the Attorney General has asked for them to be voted into law within a week. This complete dismissal of the normal processes for legislation should alarm anyone who believes in democratic government. Second, these changes are permanent. EFF shares the desire to move quickly now in order to better track the perpetrators of this shocking attack. But none of the legislative changes that have been proposed so far is temporary -- these are broad ranging, permanent reductions in civil liberties and privacy of all Americans. History has shown that such laws, passed in haste during a time of crisis, linger and cause difficulties long after the crisis has passed. Third, these proposed laws include provisions that appear to have nothing to do with fighting terrorism, such as allowing wiretaps based upon allegations of defacing a web site. If it is the case that low-level computer defacement is a problem that relates to terrorism, we encourage law enforcement to explain the connection. Instead, it seems that several of the most worrisome provisions of the proposed laws are part of a general law enforcement wish list rather than a specific response to terrorism. Finally, changes in surveillance authority are suggested without any showing that the current requirements for FISA, Title III and pen/trap surveillance posed a barrier to the investigation of the attacks. We have been told that FISA warrants were issued and served on major ISPs within hours of the terrorist attacks last week. There have been no reports that the minimal processes required for these warrants have hampered the investigations. The EFF does not categorically oppose all changes in our laws or regulations in response to the attack. But responses that are unrelated to increasing our security or that change parts of the laws that are not a barrier to preventing of terrorism are not only bad policy, they run the risk of lulling us into believing that we are more safe than we actually are. The EFF does not claim to be experts in anti-terrorism measures. We are experts in civil liberties and privacy, however, and believe that any lessening of those rights must be carefully debated and adequately justified. The U.S. legal system has been based upon the basic precept that American citizens should not be subject to surveillance unless there has been a showing that he or she may have committed a serious offense. Maybe we now wish abandon that precept. Maybe we now wish to live in a world where who we e-mail and where we travel on the Internet is routinely monitored by centralized government authorities. We at the EFF do not believe so. But at a minimum, such changes must be subjected to informed public debate. On September 11, President Bush said that freedom itself had been attacked. In our response to that horrible act, the understandable desire to prevent future attacks should not lead us to do further, permanent damage that same freedom. For archives see: http://www.interesting-people.org/
Re: [linux-elitists] Cryptome up for mirroring (fwd)
-- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO : N48 10'07'' E011 33'53'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Sun, 16 Sep 2001 08:54:12 -0400 From: Aaron Sherman [EMAIL PROTECTED] To: Eugene Leitl [EMAIL PROTECTED] Cc: Linux Elitists List [EMAIL PROTECTED] Subject: Re: [linux-elitists] Cryptome up for mirroring On Sat, Sep 15, 2001 at 11:01:30PM +0200, Eugene Leitl wrote: All blocks and limitations on downloads here have been removed. We request that bots and spiders be configured and monitored to avoid repetiveness, looping, recycling and checking previous downloads. Bandwidth trashing programs will be seen as attacks and blocked to assure access by others. I'm also putting up a lot of the software that's currently listed on freshmeat (gnupg and it's associated library packages, pgp2.6, some email crypto packages, Perl and python interfaces to crypto, and a more) up on Gnutella. I will be allowing downloads at a restricted bandwidth, but hopefully these packages will be picked up and mirrored across the gnutella network. For folks interested in getting involved in the effort to assure crypto access, please check out my comments on pps.sourceforge.net -- Aaron Sherman [EMAIL PROTECTED] finger [EMAIL PROTECTED] for GPG info. Fingerprint: www.ajs.com/~ajs6DC1 F67A B9FB 2FBA D04C 619E FC35 5713 2676 CEAF I've committed many sins. Have I displeased you, you feckless thug? -President Bartlet, ``The West Wing'' ___ linux-elitists http://zgp.org/mailman/listinfo/linux-elitists
RE: SYMBOL
On Sun, 16 Sep 2001, Sandy Sandfort wrote: As were buildings above 5 stories in ancient Rome. Technology moves on. The question is not, Can 250-story buildings be made safe? The only question is How can they be made safe? The question is: why should we bother? Tall buildings have intrinsically bad volume to crossection ratio, by definition. Both the static and the infrastructure is vulnerable, so the efforts would be far better spent by decentralizing the society. Monkeys want to see monkeys, fine. We have video projectors and AR avatars for that, and last time I looked most of the fiber was idle.
IP: [ I take it back djf ] U.S. Intelligence Gathering Reviewed(fwd)
-- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO : N48 10'07'' E011 33'53'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Thu, 13 Sep 2001 08:25:22 -0400 From: David Farber [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: IP: [ I take it back djf ] U.S. Intelligence Gathering Reviewed U.S. Intelligence Gathering Reviewed By THE ASSOCIATED PRESS Filed at 7:11 a.m. ET NEW YORK (AP) -- A current emphasis on technology over human intelligence-gathering, a funding shortage and an information overload may help explain U.S. intelligence agencies' failure to forestall the worst terror attack on American soil. ``Our raw intelligence has gotten weaker, partly because we're not hiring, we're not paying and we're not analyzing what we're collecting,'' said Anthony Cordesman, an anti-terrorism expert with the Washington-based Center for Strategic and International Studies. His comments echoed those of former Secretary of State James A. Baker III, who told CNN that ``it would be well ... to consider beefing up some of our intelligence capabilities, particularly in the areas of human intelligence.'' That's easier said than done, said Gideon Rose, managing editor of Foreign Affairs magazine. ``It's incredibly difficult to find the right people who can infiltrate these groups,'' Rose said. ``As far as making other changes, it means going up against Washington's bureaucratic inertia.'' During the Cold War, the United States began pouring billions into satellite imagery, communications interception and reconnaissance equipment. The tools were also useful in monitoring the moves of organizations such as the PLO and the IRA -- which had traditional, low-tech structures that were relatively easy to follow. But the extraordinary costs meant cutbacks in personnel at the CIA and the National Security Agency, the nation's international eavesdropping arm. As the Cold War came to a close, the number of threatening groups increased tenfold just as the digital revolution hit, making global communications suddenly very cheap and secure. Meanwhile, the numbers of people working in U.S. intelligence remained constant. These days, terrorists can download sophisticated encryption software on the Internet for free, making it increasingly difficult to tap into their communications. One recent report said Osama bin Laden, a suspect in Tuesday's attacks, has used complex digital masking technology called steganography to send photos over the Internet bearing hidden messages. The head of NSA, Gen. Mike Hayden, acknowledged in an interview with CBS' ``60 Minutes II'' earlier this year that his agency is ``behind the curve in keeping up with the global telecommunications revolution,'' adding that bin Laden ``has better technology'' than the agency. Former national security adviser Sandy Berger said Wednesday that the terrorists responsible for Tuesday's carnage displayed ``a level of sophistication that is beyond what any intelligence outfit thought was possible.'' Yet, many believe the perpetrators used low-tech methods to elude Western intelligence. Wayne Madsen, a former NSA intelligence officer, said he believes the terrorists shunned e-mail and mobile phones, using couriers and safe houses instead. He said it was likely the terrorists in each of Tuesday's four hijacked planes didn't know the others existed. Terrorist ``cells are kept small and very independent so intelligence agencies can't establish any sort of network,'' Madsen said. Others say the big problem is not the technological shortcomings but the inability to get inside tightly-knit organizations such as bin Laden's. ``It's not easy to knock on bin Laden's cave and say we'd like to join,'' said Frank Cilluffo, a senior analyst at the Center for Strategic and International Studies. ``These are hard targets for Americans to infiltrate and we need to recruit the kind of people who have the language and the cultural understanding to gain access to these organizations.'' Eugene Carroll, a Navy admiral and a defense expert, agreed. ``These people can only be countered by superb intelligence. The U.S. doesn't have it,'' he said. Experts say intelligence-gathering, to be effective, must involve close coordination between eavesdropping and spying. In practical terms, this means cooperation between the NSA and CIA. Madsen said there is reason to believe the NSA received some good intelligence showing bin Laden's involvement in Tuesday's attacks but that it wasn't recognized as such. ``There's an information overload out there and not surprisingly it becomes very hard to process, prioritize it and share it,'' said Ian Lesser at the Rand Corporation think tank. Others said that some of the best intelligence people had been lost to the dot.com boom while promising junior
Coordination, maximizing terror, hypotheses (fwd)
-- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO : N48 10'07'' E011 33'53'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Wed, 12 Sep 2001 10:49:13 -0500 From: Jeff Bone [EMAIL PROTECTED] To: Robert S. Thau [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Coordination, maximizing terror, hypotheses * The timing of the WTC attacks is extraordinary, and points not only to a high degree of coordination but also to a keen sensibility in planning the mission. Consider: if both planes had hit the buildings simultaneously, there would've been very little footage of the second attack. Too little time between the attacks and there would've been less coverage and no real-time horror; too much time and the alert status might've been such that the second collision could be prevented. * The targeting of the second attack may be a subtle pointer to state involvement. I understand that the part of the Pentagon that was hit houses the nerve center for the Army's worldwide logistics command. It appears that this part of the building was intentionally targeted, as the plane apparently performed an overshoot-and-return maneuver in order to line up with the south side of the building, whereas it could've gone into the opposite side with no such maneuver. A small, highly-mobile group of perps wouldn't be concerned about damaging the Army's logistical capability, as any retaliation would like be air-based or, if ground-based, a smaller strike squad with separate / minimal logistical concerns. Crippling Army logistics might have been a strategic consideration designed to minimize the ability to mount an immediate, large-scale, ground-based response with traditional forces. Further speculation: this may point away from Afghanistan / Taliban involvement and more towards Iraq or Iran, for the reasons noted earlier re: the difficulty of mounting a ground-based invasion of Afghanistan. * Our own forces may have shot down the plane over Pennsylvania. Dick Armey was giving an interview last night, and after being asked leading questions by Wolf Blitzer he started making comments about being given a classified briefing with information specifically about that plane. The interview was then censored, with sound edited out for about 30 seconds. I think this could well be an open secret that the media has been let in on but gagged about in order to minimize public backlash / confusion. Other indications also exist, in the news that's coming out about where and when fighters were scrambled. This is clearly speculative, but a possibiliity. http://xent.com/mailman/listinfo/fork
FC: FBI pushes Carnivore on network providers after attacks (fwd)
-- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO : N48 10'07'' E011 33'53'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Wed, 12 Sep 2001 10:17:03 -0400 From: Declan McCullagh [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: FC: FBI pushes Carnivore on network providers after attacks http://www.wired.com/news/politics/0,1283,46747,00.html Anti-Attack Feds Push Carnivore By Declan McCullagh ([EMAIL PROTECTED]) 2:00 a.m. Sep. 12, 2001 PDT WASHINGTON -- Federal police are reportedly increasing Internet surveillance after Tuesday's deadly attacks on the World Trade Center and the Pentagon. Just hours after three airplanes smashed into the buildings in what some U.S. legislators have dubbed a second Pearl Harbor, FBI agents began to visit Web-based, e-mail firms and network providers, according to engineers at those companies who spoke on condition of anonymity. An administrator at one major network service provider said that FBI agents showed up at his workplace on Tuesday with a couple of Carnivores, requesting permission to place them in our core, along with offers to actually pay for circuits and costs. [...] Microsoft's Hotmail service has also been the target of increased federal attention, according to an engineer who works there. Hotmail officials have been receiving calls from the San Francisco FBI office since mid-(Tuesday) morning and are cooperating with their expedited requests for information about a few specific accounts, the person said. Most of the account names start with the word 'Allah' and contain messages in Arabic. [...] - POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. Declan McCullagh's photographs are at http://www.mccullagh.org/ To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ -
[Remops] cracker, redneck down for awhile (fwd)
-- Forwarded message -- Date: 11 Sep 2001 12:43:19 -0400 From: Andy Dustman [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: Remailer Operators [EMAIL PROTECTED] Subject: [Remops] cracker, redneck down for awhile SMTP is off at gacracker.org until things settle down. anon.efga.org will stay up. -- Andy Dustman PGP: 0x930B8AB6 @ .net http://dustman.net/andy I'll give spammers one bite of the apple, but they'll have to guess which bite has the razor blade in it.
[Remops] Re: Opinions on Operations due to bombings. (fwd)
-- Forwarded message -- Date: Tue, 11 Sep 2001 09:23:44 -0700 (PDT) From: Len Sassaman [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [Remops] Re: Opinions on Operations due to bombings. I'm not concerned that the remailer network is, was, or will be used by the actual terrorists. What concerns me is the assholes who will inevitably send bogus threats, tips, and other noise to various news groups, federal offices, and officials. I don't want to get caught in the middle of this. I'm sorry. I'm currently unemployed and don't have the resources to defend myself. At this point in time, a free-speech argument will not gain much sympathy with the feds, judges, and general public. And investigators don't need more noise to sort through. They'll have enough as it is. I'd like to see remailers continue operating. But this needs to settle. I may put mine into middle, mix only mode if I feel up to it.. On Tue, 11 Sep 2001, J.Francois wrote: I no longer run an anon remailer but I still operate a public proxy. By now everyone is aware of the bombings here in the USA. So, do we suspend anon communications channels during the crises or do we stay operational. Opinions? -- Jean Francois - JLF Sends... Once at a social gathering, Gladstone said to Disraeli, I predict, Sir, that you will die either by hanging or of some vile disease. Disraeli replied, That all depends, Sir, upon whether I embrace your principles or your mistress. -- Len Sassaman Security Architect| I must play their game, of Technology Consultant | not seeing I see the game. | http://sion.quickie.net |--R .D. Laing ___ Remops mailing list [EMAIL PROTECTED] http://lexx.shinn.net/mailman/listinfo/remops
IP: LITTLE BROTHER MAY BE WATCHING YOU (WITH X10 VIDEOCAMS): fromnewsscan daily (fwd)
-- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO : N48 10'07'' E011 33'53'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Mon, 10 Sep 2001 12:56:41 -0400 From: David Farber [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: IP: LITTLE BROTHER MAY BE WATCHING YOU (WITH X10 VIDEOCAMS): from newsscan daily A company called X10 Wireless Technology is marketing its tiny color video cameras for their use in keeping an eye on your kids or even engaging in voyeuristic activity. One ad for the $79.99 device displays a bare-backed woman and the headline Quit Spying on People! (we never told you to do that). The technology uses radio frequencies for communication among devices within a 100-foot radius, and represents a development that one attorney says is outstripping everything we once contemplated about privacy. X10 devices have been found planted secretly in such places as college shower rooms, attorneys' offices, and corporate meeting rooms. (San Jose Mercury News 10 Sep 2001) http://www.siliconvalley.com/docs/news/svfront/027254.htm For archives see: http://www.interesting-people.org/
[RRE]Your Face Is Not a Bar Code (fwd)
-- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO : N48 10'07'' E011 33'53'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 -- Forwarded message -- Date: Fri, 7 Sep 2001 15:53:48 -0700 From: Phil Agre [EMAIL PROTECTED] To: Red Rock Eater News Service [EMAIL PROTECTED] Subject: [RRE]Your Face Is Not a Bar Code =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This message was forwarded through the Red Rock Eater News Service (RRE). You are welcome to send the message along to others but please do not use the redirect option. For information about RRE, including instructions for (un)subscribing, see http://dlis.gseis.ucla.edu/people/pagre/rre.html =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Your Face Is Not a Bar Code: Arguments Against Automatic Face Recognition in Public Places Phil Agre http://dlis.gseis.ucla.edu/pagre/ Version of 7 September 2001. 2600 words. Copyright 2001 by Phil Agre. You are welcome to forward this article in electronic form to anyone for any noncommercial reason. Please do not post it on any Web sites; instead, link to it here: http://dlis.gseis.ucla.edu/people/pagre/bar-code.html Given a digital image of a person's face, face recognition software matches it against a database of other images. If any of the stored images matches closely enough, the system reports the sighting to its owner. Research on automatic face recognition has been around for decades, but accelerated in the 1990s. Now it is becoming practical, and face recognition systems are being deployed on a large scale. Some applications of automatic face recognition systems are relatively unobjectionable. Many facilities have good reasons to authenticate everyone who walks in the door, for example to regulate access to weapons, money, criminal evidence, nuclear materials, or biohazards. When a citizen has been arrested for probable cause, it is reasonable for the police to use automatic face recognition to match a mug shot of the individual against a database of mug shots of people who have been arrested previously. These uses of the technology should be publicly justified, and audits should ensure that the technology is being used only for proper purposes. Face recognition systems in public places, however, are a matter for serious concern. The issue recently came to broad public attention when it emerged that fans attending the Super Bowl had unknowingly been matched against a database of alleged criminals, and when the city of Tampa deployed a face-recognition system in the nightlife district of Ybor City. But current and proposed uses of face recognition are much more widespread, as the resources at the end of this article demonstrate in detail. The time to consider the acceptability of face recognition in public places is now, before the practice becomes entrenched and people start getting hurt. Nor is the problem limited to the scattered cases that have been reported thus far. As the underlying information and communication technologies (digital cameras, image databases, processing power, and data communications) become radically cheaper over the next two decades, face recognition will become dramatically cheaper as well, even without assuming major advances in technologies such as image processing that are specific to recognizing faces. Legal constraints on the practice in the United States are minimal. (In Europe the data protection laws will apply, providing at least some basic rights of notice and correction.) Databases of identified facial images already exist in large numbers (driver's license and employee ID records, for example), and new facial-image databases will not be hard to construct, with or without the knowledge or consent of the people whose faces are captured. (The images need to be captured under controlled conditions, but most citizens enter controlled, video-monitored spaces such as shops and offices on a regular basis.) It is nearly certain, therefore, that automatic face recognition will grow explosively and become pervasive unless action is taken now. I believe that automatic face recognition in public places, including commercial spaces such as shopping malls that are open to the public, should be outlawed. The dangers outweigh the benefits. The necessary laws will not be passed, however, without overwhelming pressure of public opinion and organizing. To that end, this article presents the arguments against automatic face recognition in public places, followed by responses to the most common arguments in favor. Arguments against automatic face recognition in public places * The potential for abuse is astronomical. Pervasive automatic face recognition could be used to track individuals wherever they go. Systems operated by different
Re: secure IRC/messaging successor
On Fri, 31 Aug 2001, Rich Salz wrote: Gale seems to have a better security story, but Jabber certainly has the momentum and large force behind it. How does SILC http://www.silcnet.org/ fit the bill? -- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO : N48 10'07'' E011 33'53'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3
Re: Borders UK and privacy
On Wed, 29 Aug 2001, Declan McCullagh wrote: Maybe, but it seems like offense just got a boost. Passive biodefenses don't work against an active offense. If sniffers start landing on your skin and taking a microscopic sample, then they won't be trivial to defend against. Biology can't help leaking bits, it's riddled with multiple fingerprints. The only way to make sure is to rent a random telepresence box, the control flow being routed through realtime traffic remixers. By the time you have litte gadgets buzzing around who're after your DNA or volatile MHC fragments we'll surely have these. -- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO : N48 10'07'' E011 33'53'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3
Re: Borders UK and privacy
On Thu, 30 Aug 2001, Duncan Frissell wrote: How about a tailored virus that modifies your DNA on a rotating basis in non significant fashion so that you're constantly new. I wonder Unless you go for full sequencing, you would have to jumble restriction sites. if that would be theoretically possible? Fun times. Theoretically, yes. It would kill you in no time, though. Also, quantitative transfection in an adult is a lot to ask for. Killer vector indeed. -- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO : N48 10'07'' E011 33'53'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3
secure IRC/messaging successor
Gale http://www.gale.org/ seems a well thought out infrastructure. Is the consensus this is it, or have I missed any alternatives? TIA, -- Eugen* Leitl a href=http://www.lrz.de/~ui22204/;leitl/a __ ICBMTO : N48 10'07'' E011 33'53'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3
'PARASITIC GRID' COULD UNDERMINE WIRELESS REVENUES (fwd)
an idiot wrote: Would seem it's high time trying to get Mojo and Freenet to do onion routing, preparing for the wireless wave. Here's some work in progress on XML-RPC interface to Mojo (identical to Freenet). doh, forgot the URL: http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/~checkout~/mojonation/evil/hackerdocs/LJ_article.html?content-type=text/html
'PARASITIC GRID' COULD UNDERMINE WIRELESS REVENUES
Would seem it's high time trying to get Mojo and Freenet to do onion routing, preparing for the wireless wave. Here's some work in progress on XML-RPC interface to Mojo (identical to Freenet). Date: Tue, 28 Aug 2001 14:24:15 +0200 To: Eugene Leitl [EMAIL PROTECTED] Subject: Fwd: NewsScan Daily, 27 August 2001 (Above The Fold) 'PARASITIC GRID' COULD UNDERMINE WIRELESS REVENUES An underground movement is afoot to deploy free wireless access zones in urban areas, building on the increasing popularity of wi-fi or 802.11b technology -- a standard for wireless Ethernet that works on an unlicensed portion of the spectrum. The movement, dubbed the parasitic grid by some, is already thriving in New York, Seattle, San Francisco, Portland, British Columbia and London. The concept is based on community-minded volunteers, who offer other Internet users within a certain range -- say 300 feet -- a free ride on their wireless connections. The trend is not going unnoticed by the large wireless carriers in these cities. We are aware of the free services springing up and are considering 802.11b wireless access as well, not in place of currently scheduled rollouts but as an adjunct, says an ATT Wireless spokesman. Meanwhile, so-called aggregators have developed software that resides in the mobile device that can find any available network and connect the user to it, creating, in effect, metropolitan-wide free networks that may ultimately compete with fee-based wireless services. It would even be able to say, 'Here is a list of the networks found' and indicate which are free and which charge a fee, says an official at a company that provides 802.11b services at hotels and airports. (InfoWorld 24 Aug 2001) http://www.infoworld.com/articles/hn/xml/01/08/24/010824hnfreewireless.xml [...]
Re: Jim Bell sentenced to 10 years in prison
On Tue, 28 Aug 2001, Eric Cordian wrote: The larger question is what are we going to do about it? Somehow Cypherpunks Write Code doesn't quite rise to the level of an appropriate response to these pigfuckers. The most appropriate response would seem to implement http://zolatimes.com/v2.26/jimbell.htm with the judge being the first name on the list. Getting digicash to work would be a real starter, anynymous donation submission infrastructure another step. Of course, cypherpunks are either too lazy, or to chicken for that. Eugene -- both
