MPAA's drive for state laws hits bump in Massachusetts
--- begin forwarded text Status: U Date: Wed, 2 Apr 2003 23:30:12 -0500 To: Clippable [EMAIL PROTECTED] From: R. A. Hettinga [EMAIL PROTECTED] Subject: MPAA's drive for state laws hits bump in Massachusetts Last paragraph says it all, I think... Cheers, RAH --- http://www.idg.net/ic_1280658_9675_1-5124.html MPAA's drive for state laws hits bump in Massachusetts Paul Roberts , April 02, 2003, 15:50 Software engineers, academics and industry representatives gathered at the Massachusetts State House on Wednesday to voice their opposition to an effort by the Motion Picture Association of America (MPAA) to rewrite provisions of state telecommunication laws. The hearing, to discuss a bill backed by the MPAA, is evidence of growing grassroots and industry opposition to the MPAA's state-level legislative initiative, which has already amended laws in five states. The proposed legislation, Massachusetts House Bill 2743, would change elements of the Massachusetts General Laws covering telecommunications fraud, broadening the scope of activities that qualify as criminal offenses under the law and proposing stiff penalties and fines for law breakers. The Massachusetts legislation uses language provided by the MPAA, according to Angela McConney, legal counsel for the Massachusetts House Committee on Criminal Justice. That language is almost identical to the language found in similar bills that are pending in a number of states including Texas, Tennessee, Colorado, and Florida. The bills are part of an effort by the MPAA to strengthen telecommunications theft laws in the states, according to Vans Stevenson, senior vice president of state legislative affairs at the MPAA. This legislation is designed to update existing telecommunications statutes on the books in (Massachusetts) and most states that were passed twenty-some years ago, Stevenson said. While updating legal language to account for the explosion in technology in communications services and technology, the state level laws will also make it easier for the MPAA and others to pursue cases against criminals, he said. Wronged parties would not have to rely on the Justice Department and the protections offered under the 1998 Digital Millennium Copyright Act (DMCA) to pursue cases, Stevenson said. However, the broad wording of the bill is rubbing many in the information technology and telecommunications industries the wrong way, according to Sarah Deutsch, vice president and associate general counsel at Verizon Communications Inc. Initially perceived by the telecommunications industry as a communications theft bill, the MPAA-sponsored legislation at first received little attention, Deutsch said. However, industry organizations are increasingly alarmed about some of the broad implications of the MPAA-sponsored bills. Among other things, the MPAA legislation broadens the definition of the term communications service to include both the content transmitted -- for example, downloaded song files -- and the medium over which they were transmitted. This is really a theft-of-copyright bill and a piracy bill, Deutsch said. Those kinds of copyright protections were already hammered out by the federal government, copyright owners and other stakeholders in the DMCA, which includes protections for Internet service providers such as Verizon, according to Deutsch. The MPAA laws are effectively end runs around the DMCA that include no immunity for ISPs, she said. Grassroots opposition to the MPAA-sponsored legislation is also growing, due in part to the efforts of Edward Felten, a professor of computer science at Princeton University. Through his Web site, Felten and others have kept up a steady drum beat of commentary on the perceived dangers of the MPAA-sponsored state legislation. (See http://www.freedom-to-tinker.com .) Felten alleged that, as written, House Bill 2743 and others like it would outlaw commonly used security tools such as firewalls and virtual private network (VPN) software by declaring the encryption, decryption or concealment of the place of origin of any communication to be illegal. Those arguments are disputed by the MPAA's Stevenson, who noted that language that outlaws the concealment of the place of origin of communication has long been on the books in Massachusetts. Nevertheless, the arguments have raised the eyebrows of some within the information technology (IT) community in recent days, spawning at least one news story on the possible implications of the MPAA's state-level initiative. The increased attention to the MPAA's efforts was evident on Wednesday, when representatives from the MPAA, the electronics industry, software engineers and academics crowded a hearing room in the Massachusetts State House to voice their opinions on House Bill 2743. Speaking before the Joint Committee on Criminal Justice, Amy Isbell, vice president of state legislative affairs at the MPAA, began by acknowledging opposition to the wording
RE: Run a remailer, go to jail?
At 4:35 PM -0500 on 4/1/03, Trei, Peter wrote: If you (or anyone) goes, I'm sure we'd all appreciate some notes on what transpired. I understand 17 different bills are being considered at this hearing, so don't blink or you may miss it. Cool. What a great day that would be. I could see swinging by the phew! State House /phew! watching the gavel come down after a classic Billy Bulger Hack-Bill-Title-Recitation-And-Approval that would make the old FedEx commercial guys blush (amazing breath control they teach at Suffolk University Law School...), going to Hahvid Squayah for burgers at Bartleys, and then attending the Million Pound March to support the war (Fat Middle-Aged White Guys taunting Scrawny Pimple-Faced Liberals, gotta love it..) at 1:30. Hell, if I could tear myself away from the net, I may even do it... In the meantime, expect the Hacks in the House to pass their up-coming pay-raise when the Battle of Baghdad starts in earnest... Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
GPS phones confiscated from reporters in Iraq
http://www.newscientist.com/news/print.jsp?id=ns3567 New Scientist GPS phones confiscated from reporters in Iraq 15:26 31 March 03 Will Knight Satellite phones with built-in Global Positioning System (GPS) capabilities have been confiscated from journalists travelling with US troops inside Iraq, due to fears that they could inadvertently reveal their positions. Reporters embedded with the troops have been asked to hand over satellite telephones operated by Thuraya Satellite Telecommunications, a communications company based in Abu Dhabi. The restriction is limited to units near the war's front-line and is expected to be temporary, a spokesman for US central command in Qatar told New Scientist . A spokeswoman for the US Department of Defense added that reporters with unaffected satellite phones would be asked to share them and that military communications equipment would be made available when possible. Replacement phones could also be sent to the front line. Richard Langley, a GPS expert at the University of New Brunswick, Canada, says US military commanders may be concerned that positioning information embedded in signals sent by the Thuraya phones could be intercepted and used by Iraqi forces to locate and attack US troops. It's not impossible, although it would be rather difficult, Langley told New Scientist . The signals are line-of-sight [from handset to satellite] so very little would leak out and be interceptable on the ground. Ground station intercept It would be easier to intercept the signal as it arrives from the satellite at the network operator's ground station, he says. But even in this case, any interceptor would still have to crack the encryption protecting the signal. An alternative concern is that the US military are worried that computers used to store call information are vulnerable to cyber attack. Perhaps the concern was that there would be a log of these positions kept on a computer somewhere, Langley says. Positional information captured by any means would only be useful for as long as the caller remained in the same place, he notes: Anyone wanting to use the information would have to work quickly. Thuraya telephones can connect to GSM mobile phone networks when they are available, and a satellite network when in more remote areas. The phones can also be used as a GPS receiver, determining its position by communicating with satellites in the GPS constellation. If the GPS functionality is switched on, the caller's co-ordinates are automatically embedded in the voice signal sent to the communications satellites. -- R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Network Associates Plans Another Restatement of Results
http://online.wsj.com/article_print/0,,SB104868663390882600,00.html The Wall Street Journal March 26, 2003 4:46 p.m. EST Network Associates Plans Another Restatement of Results By MARK BOSLET and RIVA RICHMOND DOW JONES NEWSWIRES Network Associates Inc. said Wednesday it would again restate financial results for 1998, 1999 and 2000 and disclosed that the Department of Justice had opened an investigation into the company. It will be the second time Network Associates has had to restate results for those years. The Santa Clara, Calif., software company said the latest restatement would probably lead to a significant or material change to financial results for the period, which precedes the resignation of its former management team headed by Chief Executive William Larson. Network Associates' current chief executive, George Samenuk, said on a conference call Wednesday that the company learned of the Justice Department investigation during the first quarter. We will not speculate on where it is headed or on what the potential outcome might be, Mr. Samenuk said. However, legal experts said the Justice Department likely wouldn't become involved unless there was a criminal aspect to the investigation, which up to now had been confined to an accounting probe by the Securities and Exchange Commission. While the Justice Department can indict corporations, history shows it tends to look upon them as victims of unscrupulous executives, said John Coffee, a legal expert at Columbia University Law School. They're most likely to indict the person who has the evil motive, he said. And that tends to be the managers who are dumping their stock to benefit from practices that inflated financial results. The restatement is the result of new information that came up during the government investigations, Network Associates said. We had lots of discussions with the government in recent weeks, said General Counsel Kent Roberts. He declined to elaborate on their content. The restatement that Network Associates announced Wednesday stems from a decision to change its revenue recognition policy made in 2001, the new results will reflect that policy, which recognizes sales when products reached users rather than when they were shipped to a distributor or reseller. The company suggested the restatement would take at least a couple weeks to complete and that it would delay its quarterly SEC filing for its 2002 financial report. The news sent Network Associates' shares modestly lower Wednesday, falling 53 cents, or 3.5%, to $14.85 on the New York Stock Exchange. In June, Network Associates restated 1998, 1999 and 2000 results after an internal probe of the company's accounting revealed inaccuracies, which it traced to an unidentified member of the finance team who was no longer with the company. The bad accounting had the effect of overstating revenue and understating operating costs. None of Network Associates' current financial executives worked for the company during the years in question. The company's announcement marks the third time in four years it has had to restate financial results. It restated its financials in 1999 to reflect the cost of numerous acquisitions, which it accounted for as in-process research-and-development costs. -- R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Face-Recognition Technology Improves
http://www.nytimes.com/2003/03/14/technology/14FACE.html?th=pagewanted=printposition=top The New York Times March 14, 2003 Face-Recognition Technology Improves By BARNABY J. FEDER Facial recognition technology has improved substantially since 2000, according to results released yesterday of a benchmark test by four federal government agencies involving systems from 10 companies. The data, which is the latest in a series of biannual tests overseen by the National Institute of Standards and Technology, is expected to encourage government security officers to deploy facial recognition systems in combination with fingerprinting and other biometric systems for applications like verifying that people are who they claim to be and identifying unknown people by comparing them with a database of images. But the report also highlighted continuing shortcomings, like the poor performance of recognition systems in outdoors settings in which even the best systems made correct matches to the database of images just 50 percent of the time. And it cited outcomes that it said needed more research, like the tendency of the systems to identify men better than women and older subjects better than young ones. The report was strictly a technical evaluation and did not discuss any of the privacy or civil rights concerns that have stirred opposition to the technology. Because the results of the different companies are public, the testing is also expected to become a marketing tool for those who did best, including Identix, Cognitec Systems and Eyematic Interfaces. It is expected to be especially helpful to Cognitec, a tiny German company that is not widely known in the United States, and Eyematic, a San Francisco-based company best known for capturing data from traits like facial structures, expressions and gait to create animated entertainment. ``Face recognition had been just a subdiscipline for us,'' said Hartmut Neven, chief technical officer and a founder of Eyematic. He said that domestic security needs had created a marketing opportunity that Eyematic was gearing up to chase. The results were not as positive for Viisage Technology, which had been among the leaders in 2000. Viisage said that the results, that it identified just 64 percent of the test subjects from a database of 37,437 individuals, were at odds with the strong performance it had been having with big customers, like the State of Illinois. While the government test is the largest for such technology, the number of images in the database was far below the 13 million that Viisage deals with for the Illinois Department of Motor Vehicles, where the company says it has picked thousand of individuals seeking multiple licenses under different names. ``We suspect there must have been human or software errors in how our system was interfaced with the test,'' said James Ebzery, senior vice president for sales and marketing for Viisage. While Viisage scrambles to explain its views to customers and chase down any potential problems in the test, it is taking comfort in the tendency of big companies and government agencies to perform their own testing on their own data before selecting Viisage or one of its rivals. The government's benchmarking was performed last summer but the results were not fully tabulated and analyzed until recently. The report singled out a finding that in ``reasonable controlled indoor lighting,'' the best facial recognition systems can correctly verify that a person in a photograph or video image is the same person whose picture is stored in a database 90 percent of the time. In addition, only one subject in 100 is falsely linked to an image in the data base in the top systems. The report also noted that performance has been enhanced by improving technology to rotate images taken at an angle so that the facial recognition software can be applied to a representation of a frontal view. The data examined whether facial recognition systems could help with the so-called watch list challenge, which involves determining if the person photographed is on a list of individuals who are wanted for some reason and then identifying who they are. Cognitec, the leading performer on that test, gained a 77 percent rating but its success rate fell to 56 percent when the watch list grew to 3,000. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Recent IOTP and ECML publiccations
--- begin forwarded text Status: RO Date: Fri, 14 Mar 2003 13:56:25 -0700 From: [EMAIL PROTECTED] Subject: Recent IOTP and ECML publiccations To: [EMAIL PROTECTED], [EMAIL PROTECTED] 3506 I Requirements and Design for Voucher Trading System (VTS), Eastlake D., Fujimura K., 2003 (15pp) (.txt=30945) (was draft-ietf-trade-drt-requirements-04.txt) 3505 I Electronic Commerce Modeling Language (ECML): Version 2 Requirements, Eastlake D., 2003 (8pp) (.txt=13915) (was draft-ietf-trade-ecml2-req-05.txt) 3504 I Internet Open Trading Protocol (IOTP) Version 1, Errata, Eastlake D., 2003 (6pp) (.txt=8655) (See Also 2801, 2802, 2803) (was draft-ietf-trade-iotp-v1-errata-01.txt) reference URL at rfcindex: http://www.garlic.com/~lynn/rfcidx11.htm#3504 http://www.garlic.com/~lynn/rfcidx11.htm#3505 http://www.garlic.com/~lynn/rfcide11.htm#3506 -- Internet trivia, 20th anv: http://www.garlic.com/~lynn/rfcietff.htm --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Recognizing the Dance on the Dotted Line
. But at least in theory, he said, dynamic handwriting analysis might appeal more to merchants than systems that use iris scans or fingerprints because it requires no additional hardware at cash registers in stores that already digitally capture signatures. Mr. Mader said retailers would have to be convinced that the systems would not mistakenly reject legitimate cardholders. Whether related to credit or identity, such mistakes could mean lost sales and damaged customer relations. Unlike fingerprints, signatures and how they are written can vary. A shopper holding a cranky child will not sign the same way he or she might while at a desk. Similarly, people's signature patterns gradually change over time. Communication Intelligence tries to limit a customer's ability to vary his signature as much as possible, Mr. DiGregorio said. False rejections, he suggested, could be avoided simply by having clerks ask for another piece of identification. At WonderNet, variations are welcomed as a way to increase security by building a more nuanced profile of a customer's handwriting dynamics, Mr. Waisel said. Revelers, however, might be advised to carry plenty of cash if handwriting verification becomes the norm. All three companies agree that there is a situation that no system will be able to handle. If you're really drunk and having trouble signing, Mr. Zimmerman said, I've got to reject that. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[IP] Inter-University Competition in Information Assurance
--- begin forwarded text Status: RO User-Agent: Microsoft-Entourage/10.1.1.2418 Date: Tue, 11 Mar 2003 02:27:40 -0500 Subject: [IP] Inter-University Competition in Information Assurance From: Dave Farber [EMAIL PROTECTED] To: ip [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] From: tim finin [EMAIL PROTECTED] Subject: Inter-University Competition in Information Assurance To: [EMAIL PROTECTED] Date: Mon, 10 Mar 2003 21:30:44 -0500 Organization: UMBC http://umbc.edu/ Dave -- IPers in the Baltimore-Washington area might be interested in this talk. Tim -- 2003 CAPITAL-AREA SEMINAR ON INFORMATION ASSURANCE UMBC Center for Information Security and Assurance University of Maryland, Baltimore County An Inter-University Competition in Information Assurance: The Cyber Defense Exercises Lt. Colonel Dan Ragsdale U.S. Military Academy, West Point, NY Friday 14 March 2003 Lunch 11:30, Skylight Lounge, UMBC Commons Talk 1:00pm, Lecture Hall V, Engineering and Computer Science During the spring of 2001 and 2002, student teams at the five United States Service Academies participated in a Cyber Defense Exercise (CDX). Prior to each exercise an identical network of servers and workstations was set up at each school. During the first phase, teams of cadets and midshipmen at each site installed and configured an assortment of required services. The goal for each team during this phase was to configure the required service and the underlying operating systems in the most secure manner possible. In the second phase, an NSA-led penetration team attacked each site. This team Red Team, conducted detailed reconnaissance and voluminous attacks over a five-day period. They maintained accurate records of any and all successful penetrations. A White Team from CERT at Carnegie Mellon University refereed the exercise; they served as observers and controllers and, using an agreed upon scoring system, determined which school won. Personal observation and interviews with students and faculty show that the CDX is an extraordinary educational experience. This talk will address in detail some of the benefits and challenges of conducting such an exercise. Lt. Colonel Dan Ragsdale is director of the Information Technology and Operations Center (ITOC) at the US Military Academy (USMA) at West Point, NY. He has over twenty-one years of military and information technology experience, including seven years in the area of Information Assurance (IA). This past summer, Lt. Colonel Ragsdale participated in Operation Enduring Freedom in Afghanistan, where he served as the Chief of Assessment for the Combine and Joint Task Force (CJTF-80). In addition, he has been a frequent speaker and panelist at national IA conferences, and he has published numerous articles on IA topics. He earned a PhD from Texas AM. His current research interests include information assurance, network security, intrusion detection, and artificial intelligence Host: Dr. Alan T. Sherman, [EMAIL PROTECTED], Director, UMBC CISA. http://cisa.umbc.edu/. Directions: Take Exit 47B off I-95, and follow signs to UMBC. Park in visitor's lot. -- - You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Harnessing Atoms to Create Superfast Computers
computing might be possible. (Also mentioned is the independent work by a less famous but just as visionary physicist, Paul Benioff, formerly of the Argonne National Laboratory.) But what makes this book a delight and a rare gem of science writing is the science itself, and Mr. Johnson's engagement with that science. He promises that he is not going to cheat by implying omniscience with his subject), and he does not. The result is fascinating and tremendously engaging. After all this, you may be wondering whether I now understand quantum computing. Well, there are some who argue that quantum physics is so foreign to human experience that no one can truly understand it, only manipulate its mathematical rules. Mr. Johnson does not use mathematics and he skips many details. (We are operating here on a need-to-know basis, he states.) But I found that with him at my side, I could reach that delicate mental state that feels like understanding. Now this state, like a quantum superposition, may collapse to ignorance when I try to explain it to someone, but in the meantime, I feel less guilty. Ian Foster is a senior scientist at Argonne National Laboratory and a professor of computer science at the University of Chicago. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Changes may follow Yale hoax e-mail
http://www.yaledailynews.com/articlefunctions/Printerfriendly.asp?AID=22111 yaledailynews.com - Changes may follow hoax e-mail Published Wednesday, March 5, 2003 Changes may follow hoax e-mail BY JESSAMYN BLAU Staff Reporter The Feb. 17 hoax e-mail that caused some students to miss classes and angered the administration could now lead to changes in Information Technology Services policy. The e-mail -- allegedly sent by Yale Provost Susan Hockfield -- informed undergraduates that classes had been cancelled because of inclement weather. Approximately one and a half hours later, University Secretary Linda Lorimer sent out an e-mail informing students that the first e-mail was a hoax. In order to prevent a similar situation in the future, ITS Director Philip Long said ITS is considering adding a link in all official e-mails to a protected Yale Web site that would display copies of the original message, creating a back-up security measure. Long said the hoax situation has been investigated, but that he could not comment on any recent developments that could lead to disciplinary action. While ITS is currently contemplating ways to reduce the impact of potential hoaxes, Long said there is no real way to prevent someone from sending such an e-mail. Anyone can dump an e-mail into a system, Long said. That doesn't make it an honest e-mail. But Long said because University officials send out so many e-mails, it is not clear whether all of them would have to be logged in a protected Yale Web site. Alexander Clark '04, founder of YaleStation.org, said using a Web site might not be entirely convenient. That certainly is one option, except that students might not go to the trouble of clicking on the URL, Clark said. Clark also said posting e-mails on the Internet could potentially make the e-mail accessible to unintended recipients. Instead of using a Web site, Clark said the use of digital certificates could be a more useful way of making official e-mails look more official. When you receive a certificate -- which is very difficult to forge -- an e-mail client is going to tell you whether it is a valid certificate, Clark said. In the hoax e-mail, the address in the Reply-to field was [EMAIL PROTECTED] Long said he has spoken with Zihal, a draper in the School of Drama's costume shop, and determined that she is an innocent victim. Long said the e-mail was a violation of a number of ITS policies because it impersonated Hockfield, victimized Zihal and caused annoyance and inconvenience to members of the Yale community. I think that most people are not looking for cheap thrills at the expense of the community, Long said. Bottom line, this is a question of trust. It might have more consequences than the person who casually initiated it had intended. Long said there is a law in Connecticut about the use of electronic communication for deceptive purposes, but said he is not sure whether this particular abuse could be prosecuted. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Delta Air Lines Boycott Underway (note revised URL:www.boycottdelta.ORG)
--- begin forwarded text Status: RO To: [EMAIL PROTECTED] From: Bill Scannell [EMAIL PROTECTED] Date: Mon, 03 Mar 2003 03:32:58 -0600 Subject: Delta Air Lines Boycott Underway (note revised URL: www.boycottdelta.ORG) In response to Delta Air Line's utter lack of concern with the privacy of their customers demonstrated by their participation in a test of the CAPPS II system, a Delta disinvestment campaign has been launched at: http://www.boycottdelta.org . In the event that the name servers have not yet propagated, the site can be reached at: http://216.240.45.67 The idea of citizens having to undergo a background investigation that includes personal banking information and a credit check simply to travel in his or her own country is invasive and un-American. The CAPPS II system goes far beyond what any thinking citizen of this country should consider reasonable. If enough people refuse to fly Delta, then it is likely that other airlines will refuse to implement this sadly misguided and anti-democratic system. The boycott will remain in full effect until Delta Air Lines publicly withdraws from any involvement with the testing of CAPPS II. Press Contact: Bill Scannell ([EMAIL PROTECTED]) --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Report of plans by U.S. to spy on U.N. states questioned
http://dynamic.washtimes.com/twt-print.cfm?ArticleID=20030303-14680312 The Washington Times www.washingtontimes.com Report of plans by U.S. to spy on U.N. states questioned Published March 3, 2003 From combined dispatches LONDON - A British Sunday newspaper reported yesterday that the United States is waging a secret campaign to eavesdrop on U.N. Security Council delegations in New York in its battle to win votes in favor of war against Iraq. The London Observer said it had obtained a memo describing what it called a dirty tricks surveillance operation that involves interception of the home and office telephone calls and the e-mail of U.N. delegates. However, the authenticity of the memorandum was called into question and it was not clear from the text published by the newspaper that secret surveillance, interception of telephone calls and e-mail, or other extraordinary measures were suggested. The Observer story was widely reported throughout the Middle East and Europe and could complicate U.S. and British efforts to win a new resolution in the Security Council. The Observer said the memo was written by a top official at the National Security Agency (NSA), the U.S. agency that intercepts communications around the world, and circulated by e-mail to senior agents in the organization and to a friendly foreign intelligence agency. The newspaper said the memo was directed at senior NSA officials and advises them that the agency is mounting a surge aimed at gleaning information not only on how delegations on the Security Council will vote on any second resolution on Iraq, but also policies, negotiating positions, alliances and dependencies - the whole gamut of information that could give US policymakers an edge in obtaining results favourable to U.S. goals or to head off surprises. The Observer identifies Frank Koza as chief of staff in the Regional Targets section of the NSA. Citing sources in Washington that it did not identify, the newspaper said the NSA initiative was backed by National Security Adviser Condoleezza Rice and had sparked divisions within the Bush administration. The newspaper said that it had shown the memo to three former intelligence operatives, whom it also did not identify, who judged its language and content as authentic. The newspaper also said it had confirmed that a man named Frank Koza does work for the NSA at a senior post in the Regional Targets division of the organization. The memo's authenticity was questioned by Internet reporter Matt Drudge, who cited several misspellings - including the name of the memo's author - on the document as published by the Observer, and an incorrect version of the agency's top secret stamp. Mr. Drudge, in an article posted on his Web site (www.drudgereport.com), noted that the memo used British spellings such as favourable, emphasise and recognise instead of the American use of the letter z in the spellings, and that the spelling of the author of the memo was changed from Frank Koza to Frank Kozu on the Observer Web site (www.observer.co.uk) The Observer posted a footnote late Sunday after receiving many queries from the United States, saying it changed the spellings for the convenience of its British audience. The newspaper attributed other errors to typographical mistakes. A later version of the Observer Web site spelled the author's name correctly as Frank Koza, but printed it all in upper case, followed by three question marks. The memo describes orders to staff at the NSA to step up surveillance particularly directed at ... U.N. Security Council members to provide up-to-the-minute intelligence on their voting intentions. The memo, dated Jan. 31, makes clear that the targets of the heightened surveillance effort are the delegations from the so-called middle six delegations at the U.N. headquarters in New York, according to the British weekly. The six are Angola, Cameroon, Chile, Mexico, Guinea and Pakistan. The United States, Britain and Spain have sponsored a new U.N. resolution declaring Iraq in noncompliance with earlier U.N. demands that it disarm, which would in effect authorize the use of force. Nine votes are required to adopt the resolution to avoid a veto by one of the five permanent members: the United States, Britain, China, France and Russia. The United States and Britain are lobbying for support while France and Russia are lobbying to defeat the resolution without having to use their vetoes. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire
[Lucrative-L] extensive cryptanalysis of Lucre
--- begin forwarded text Status: RO From: Patrick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Lucrative-L] extensive cryptanalysis of Lucre Date: Sun, 2 Mar 2003 11:28:13 -0600 Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] I'm looking for cryptanalysis resources for Lucre. If you know of any publications or unpublished papers, please share. Patrick The Lucrative Project: http://lucrative.thirdhost.com .. To subscribe or unsubscribe from this discussion list, write to [EMAIL PROTECTED] with just the word unsubscribe in the message body (or, of course, subscribe) --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
UK Judge says CCTV surveillance is useless waste of money
http://news.telegraph.co.uk/core/Content/displayPrintable.jhtml?xml=/news/2003/02/27/njuj27.xmlsite=5 Judge calls radio phone-in to say CCTV is useless waste of money By Paul Stokes (Filed: 27/02/2003) A judge telephoned a radio phone-in programme from his chambers to say that film from CCTV cameras was often completely useless as evidence. Listeners to a BBC Radio Cleveland debate on security systems were told by Judge Peter Fox, QC, that the images produced by such cameras were almost invariably poor and a waste of money. The judge was driving to work in Middlesbrough when he heard the item inviting people to express their views about the extension of a local security system. When he arrived at Teesside Crown Court, where he is the senior judge, he got straight on the telephone to relate his own experiences. He told the radio show host Matthew Davies: I preside over some very serious cases - murder, rape and robbery. The footage from CCTV is increasingly being used but it is extremely rare indeed for it to be of any use. He appealed to those behind the technology to ensure that the images produced were clear enough to be useful, showing the features of the person or the type of clothing that the people are wearing who are committing these crimes. He welcomed an extension of CCTV, saying it had enormous potential to determine whether or not a person had committed a crime, but he appealed for quality rather than quantity. Judge Fox said: Whether it is street CCTV or shops or service stations the footage is almost always so poor as to be useless. Valuable resources are being wasted by police and lawyers. Cases are costing enormous sums of money poring over the footage which turns out to be completely useless. He added: You can imagine that juries look at this footage and think 'Well, what on earth are we going to make of it?' Judge Fox telephoned the programme during a debate on a £160,000, six-camera CCTV extension in Eston, on the north-east coast of Teesside, by Redcar and Cleveland borough council. The authority has spent more than £3 million on its CCTV system over the past decade. Dave McLuckie, the council's lead member for community safety who also sits on Cleveland Police Authority, said: The cameras are a major deterrent to crime occurring in the first place and have reduced offending by up to 60 per cent in some areas. I would warn any criminals out there that Judge Fox is gravely mistaken. We have had many successful prosecutions using the images collected, including a major credit card scam and drug offences. We continually replace our cameras with the latest digital technology and the images are now full colour and of a very high resolution. The judge's comments came as John Denham, the Home Office minister, launched what was described as the most technically advanced digital system in the UK. It has been installed in Sheffield at a cost of £3.35 million and the images produced are claimed to be so clear that they can be used in evidence. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
QUALCOMM Offers Free Access to Encryption Software
http://finance.lycos.com/home/news/print_story.asp?story=31856391 Lycos Finance QUALCOMM Offers Free Access to Encryption Software 27 Feb 2003, 07:31am ET - - - - - /FROM PR NEWSWIRE LOS ANGELES 213-626-5500/ [STK] QCOM [IN] CPR STW HTS MLM TLS CSE HRD [SU] PDT TO BUSINESS AND TECHNOLOGY EDITORS: QUALCOMM Offers Free Access to Encryption Software SAN DIEGO, Feb. 27 /PRNewswire-FirstCall/ -- In an initiative designed to benefit the telecommunications industry and the general public, QUALCOMM Incorporated ( NASDAQ:QCOM ), pioneer and world leader of Code Division Multiple Access (CDMA) digital wireless technology, today announced that it will allow free use of its SOBER and Turing encryption algorithms for any purpose. In the past, QUALCOMM provided the encryption software only to its licensed manufacturers or for non-commercial use. Turing and the SOBER family are high-speed, highly secure stream ciphers and are thought to be immune to any practical cryptanalytic attacks. Stream ciphers can be much more efficient for encryption than the more common block ciphers, such as the Advanced Encryption Standard. Stream ciphers can mean lower cost of hardware implementation or, at times, the choice to use a software implementation instead of building any specialized hardware. Encryption technology protects our wireless networks and enables operators to ensure all cell phone calls are secure, however the value of the technology is limited unless it is used, said Greg Rose, vice president of technology for QUALCOMM. By making the encryption software and complementary patents available, QUALCOMM has opened up a key piece of security technology to the industry and other interested individuals. QUALCOMM was recently granted a new patent, U.S. Patent 6,510,228, that covers the SOBER cipher and its descendants, including its new encryption algorithm Turing. The new algorithm, the Turing cipher, is named after Alan Turing (1912-54), a respected mathematician and cryptographer who contributed greatly to England's code breaking efforts during World War II, as well as the foundations of computer science. The Turing cipher is significantly faster than the recently adopted Advanced Encryption Standard algorithm (Rijndael), and can offer advanced protection for CDMA networks, the Internet and electronic commerce. The SOBER family of encryption algorithms was first released in 1997 and can be used for a variety of CDMA applications, as well as other uses, such as high-speed routers. Source code for the ciphers is available from QUALCOMM Australia's Web site at www.qualcomm.com.au . QUALCOMM Incorporated ( www.qualcomm.com ) is a leader in developing and delivering innovative digital wireless communications products and services based on the Company's CDMA digital technology. Headquartered in San Diego, Calif., QUALCOMM is included in the SP 500 Index and traded on The Nasdaq Stock Market(R) under the ticker symbol QCOM. Except for the historical information contained herein, this news release contains forward-looking statements that are subject to risks and uncertainties, including the Company's ability to successfully design and have manufactured significant quantities of CDMA components on a timely and profitable basis, the extent and speed to which CDMA is deployed, change in economic conditions of the various markets the Company serves, as well as the other risks detailed from time to time in the Company's SEC reports, including the report on Form 10-K for the year ended September 30, 2002, and most recent Form 10-Q. QUALCOMM is a registered trademark of QUALCOMM Incorporated. All other trademarks are the property of their respective owners. For further information, please contact: Christine Trimble, Corporate Public Relations, +1-858-651-3628, or fax, +1-858-651-5873, [EMAIL PROTECTED], or Julie Cunningham, Investor Relations, +1-858-658-4224, or fax, +1-858-651-9303, [EMAIL PROTECTED], both of QUALCOMM Incorporated. SOURCE QUALCOMM Incorporated -0- 02/27/2003 /CONTACT: Christine Trimble, Corporate Public Relations, +1-858-651-3628, or fax, +1-858-651-5873, [EMAIL PROTECTED], or Julie Cunningham, Investor Relations, +1-858-658-4224, or fax, +1-858-651-9303, [EMAIL PROTECTED], both of QUALCOMM Incorporated/ /Web site: http://www.qualcomm.com.au / /Web site: http://www.qualcomm.com / -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL
Lucrative List
--- begin forwarded text Status: RO From: Patrick [EMAIL PROTECTED] To: 'Digital Bearer Settlement List' [EMAIL PROTECTED] Subject: Lucrative List Date: Tue, 25 Feb 2003 11:04:21 -0600 Sender: [EMAIL PROTECTED] The Lucrative project now has a discussion mailing list. The scope of the list is: all things Lucrative. To sign up for the list, I ask only that you have 'more than a passing interest' in Lucrative. To subscribe or unsubscribe from this discussion list, write to [EMAIL PROTECTED] with just the word unsubscribe in the message body (or, of course, subscribe) Regards, Patrick --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Lucrative Update: V5
--- begin forwarded text Status: RO From: Patrick [EMAIL PROTECTED] To: 'Digital Bearer Settlement List' [EMAIL PROTECTED] Subject: Lucrative Update: V5 Date: Mon, 24 Feb 2003 14:27:34 -0600 Sender: [EMAIL PROTECTED] Lucrative release 5 is out today. This release brings Lucrative significantly closer to a deployable platform. Highlights of this release include: 1) Server Series start and stop dates added. Lucrative server administrators can now specify a time window during which the server will issue a given Series. Series also have expiration dates after which the server will no longer honor a Series, even if the coins presented are otherwise valid. 2) Client Purse can connect to arbitrary servers Previous releases had a tightly coupled Lucrative server and Purse. This is no longer the case: users should be able to share DBIs and test each others' servers. 3) Client Purse can import and export DBIs Using the Purse, you can now export and import ASCII-armored DBIs which can include one or more coins. 4) Lots of refactoring code I went through and refactored a lot of code, looking for the simplest solutions that could possibly work. Most of the refactoring was in the Fibi package (org.lucrative.fibi). It should be easier for Java programmers to follow the code flow. 5) Smoother Installation A dependency testing tool was added (org.lucrative.client.DependsTest) Although incomplete, this tool should aid installation by detecting required packages and issuing warnings and recommendations. Installation notes and requirements have been corrected and streamlined. 6) Administration Tools expanded The SeriesMaker tool has been updated and a new command line tool for adjusting balances has been added. I have a development blog at http://lucrative.thirdhost.com/ which is a good place to check before attempting an install. Drop me a note at [EMAIL PROTECTED] if you have trouble (PGP key on website). Forward From Here Prepackaged interface modules for GoldMoney, E-gold, and others will be up on the lucrative website soon. These are web applications that allow users to transfer assets from traditional, book-entry systems into the Lucrative DBI system, and out again. An example is online at http://lucrative.thirdhost.com/goldmoney/use.php. Release 6 will feature a more useful and streamlined Purse interface, a statistics interface similar to e-gold's examiner tool, and improved administration tools. A road map for the future of Lucrative is coming. It will include estimated dates for 1) Live demonstration Lucrative servers 2) A PDA (Palm, Pocket PC) client that can 'beam' DBIs for use in live transactions at shops, etc. 3) Smart Purse, which encrypts DBI stores and can access online third party coin storage (to protect against disk crashes/loss of data). Etc. If Lucrative is interesting to you, please consider helping in any way you can: Feedback Installation reports Suggestions Comments Criticism Feature requests Source code patches Donations Are all very much welcomed. And criticism is more useful to me than praise. My sincere thanks to everyone who has participated so far by installing, testing, providing feedback, spreading the word, and donating. Regards, Patrick --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[mnet-devel] [Fwd: Re: Lucrative update]
--- begin forwarded text Status: RO From: icepick [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Organization: Subject: [mnet-devel] [Fwd: Re: Lucrative update] Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: 18 Feb 2003 21:07:13 -0500 -Forwarded Message- From: Myers W. Carpenter [EMAIL PROTECTED] To: Digital Bearer Settlement List [EMAIL PROTECTED] Subject: Re: Lucrative update Date: 18 Feb 2003 21:06:08 -0500 You suck! :) Why? Because you stole my idea. I working on something just like this, and then I would be getting whuffle, but oh no... then you had to go and take a perfectly good idea that everyone else was ignoring and do something with it. http://cryptomonkey.net/cvs/freedbs/ The name is a twist on Ryan Lackey's never released OpenDBS. My code is in Python. It's not as far along as yours. There are some bugs in coin creation (the coins are smaller than they should be) that I haven't had the time until now to track down. My plans were to use XMLRPC for communications, whereas you've used SOAP. wxPython for the GUI. I was hoping to get the Python OpenSSL wrappers good enough to make use of (the math was a little sluggish in pure python). What do you think of getting the two code bases to interop? I'm fine with SOAP, although I've never used it before. I'm interested in why you picked it over XMLRPC. Also I may use some of this within Mnet, should we get permission from the patent holder to make use of the Mojo Nation concept. myers / icepick --- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge ___ mnet-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/mnet-devel --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Peppercoin gets some press
, even those annoying cellphone ringtones. Many of these goodies will be items that are presently given away, because there's no efficient way to charge for them. With Peppercoin, companies will be able to make us pay. And at the microprices made possible by his software, Rivest figures millions of us will be happy to let him throw our money away. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Lucrative update
--- begin forwarded text Status: RO From: Patrick [EMAIL PROTECTED] To: 'Digital Bearer Settlement List' [EMAIL PROTECTED] Subject: Lucrative update Date: Tue, 18 Feb 2003 13:05:40 -0600 Sender: [EMAIL PROTECTED] Lucrative release 4 is out. I know many people are used to seeing releases numbered like 0.01, 0.02, 2.0.3.0.14.657 etc. but release numbering systems are essentially arbitrary in nature so don't get excited as Lucrative goes toward version 50+. This release is a fairly minor one, but included some changes such as the client name that I wanted to get out as soon as possible. There is also a new development weblog at http://lucrative.thirdhost.com/weblog/. I went through an install with someone over IRC last night and made a blog entry summarizing the install notes. I recommend reading the notes before attempting an install. I am glad to help with an install, drop me a note at [EMAIL PROTECTED] if you have trouble. Some documentation on the various entities in the Lucrative system is now available on the website, http://lucrative.thirdhost.com/documentation.php but more is needed and coming. If Lucrative is interesting to you, please consider helping in any way you can: Feedback Installation reports Suggestions Comments Criticism Feature requests Source code patches Donations Are all very much welcomed. And criticism is more useful to me than praise. My sincere thanks to everyone who has participated so far by installing, testing, providing feedback, spreading the word, and donating. And finally I just received word from SourceForge that the project registration for Lucrative has been approved. Regards, Patrick -BEGIN PGP PUBLIC KEY BLOCK- Version: PGPfreeware 6.5.3 for non-commercial use http://www.pgp.com mQGiBD5ECKcRBADUvjXHwLtxIyS4AyjBs/dFtN6rdeP18Fhzh1hD5fJwkFevqY9Z I1ASROTh6eXYF7pU5sEvbcPshHyTB41ZtTqZvQvpwWN0fUzOuutuI0mtC5UPp9Rz j47SdWLdEXNHjwnHDCYSyqtqZu8GujGRQybR0eP3NIh/NwbSDUKdgz7IjwCg//Jo UtjP3zUFobm/0UYA+CJ5krED/091x9Js0gwNwvjbzM8DqO+r8qNz0kXI13FkrPRk QNd37lxt6m2m8HZD1WYM2wKwtMzHSwJcWzaDZ/tNc+ppYjzpw0EQCh9FqjGs8Vau guF6PA1M8lJTCcLKaL4e7ynic+PAw5Xa/tdOYgFCG+eLMU5RLvzRCYoOLIjgMJLJ yG98BACAMlDmFVYgC/UKvzZmHfZ5CtCKd8sPfCXrYLu5NeFRE0LR6D6zjzmhi1xX okfreR5o3T/y78VBM98js+m2/+7Z0AElqydeW/RnV1zqwDGjDr9z2MgARf3yLAbs n3BU8Fz61RwvHy6cRkT+2dR2f69QQUSpkupvLwZIGX/iwm4uKLQdUGF0cmljayA8 cGF0cmlja0BsZmNnYXRlLmNvbT6JAE4EEBECAA4FAj5ECKcECwMCAQIZAQAKCRBb mvb9yuOVfaA2AKDAu5tDj9F2KI8cJMrKKkQRAcUyxACg6/bei7lUJH+E5igJqGRx SjKrRA65BA0EPkQIpxAQAPkYoH5aBmF6Q5CV3AVsh4bsYezNRR8O2OCjecbJ3HoL rOQ/40aUtjBKU9d8AhZIgLUV5SmZqZ8HdNP/46HFliBOmGW42A3uEF2rthccUdhQ yiJXQym+lehWKzh4XAvb+ExN1eOqRsz7zhfoKp0UYeOEqU/Rg4Soebbvj6dDRgjG zB13VyQ4SuLE8OiOE2eXTpITYfbb6yUOF/32mPfIfHmwch04dfv2wXPEgxEmK0Ng w+Po1gr9oSgmC66prrNlD6IAUwGgfNaroxIe+g8qzh90hE/K8xfzpEDp19J3tkIt AjbBJstoXp18mAkKjX4t7eRdefXUkk+bGI78KqdLfDL2Qle3CH8IF3KiutapQvMF 6PlTETlPtvFuuUs4INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ +PVZX9x2Uk89PY3bzpnhV5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarT W56NoKVyOtQa8L9GAFgr5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY72 88kjwEPwpVsYjY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy 1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XrPdYX AAICD/wKwtF7Y4NKBe8PQ6jDbjWziiTv9Ac/EnRTJDQEoqgLa2LyE+6Ahw/VPGvp mfxkD2MKxC9E7kYVmasn6sHnSpvAv3e7O1Bqbo/qLzzCcJQ5VCurZ+elRM1GZ4Oc fM19FPKutb0/JFEv0nrqS4BGkF7WFBbu5dKYl/GIO7Co1mAerFIb719dOwMPVEIz OT08u8uB9jyR8gEElf+CVuNfOUkrUGg4HS4SbmTTrCSz3/8n5PkquSuAyjCB/dwM ZsZwA0/TTR8sDYlmlf9xPj5PGpGnV9OUwfig6eE0eWtRFeasmz0uiX+yp45ABtNh 6EXP/PFaBgXi9omXXjeeFYfpDvmfA6izvTIQfXTV6V9ZWrBfXarM+GQ+6guXWVbd 9fXvmCr982LkzuKQrK1OpRXBMUapXL+tOy/LYzz91InqKKhgPNGa12fvotZ4LzlM iqoM+Hpz5L9B5We1Ph0lD6RBVXDCqd+P8extnY/7AaDy7tC0UghaAaUuEZXJQPIc oQ3QGbpjM0nGe/VZN5EZhljau0NNENFaU56cOpvOhcO04gLGNNc2NS+rIpTMsaHh o1CG90c5zZZJuUbyx0mIHriNQXDgEwunSZPQorKK9KSppyyjeuOyi5F/mBBPXeyT weLhLqLvAr9se/+Z3aQvMADJi8zUZtGggLTw+N9R5XSwtSh2R4kARgQYEQIABgUC PkQIpwAKCRBbmvb9yuOVfWayAKC+mBhHdn1XZ5uH0RocAyJ32hx2kgCePyhB+IqM TjWLDLarQxcPYhbkFi4= =nx1M -END PGP PUBLIC KEY BLOCK- --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Snake Oil That Will Not Die
--- begin forwarded text From: Eric Cordian [EMAIL PROTECTED] Old-Subject: Snake Oil That Will Not Die To: [EMAIL PROTECTED] Date: Tue, 11 Feb 2003 06:56:51 -0800 (PST) Subject: Snake Oil That Will Not Die Sender: [EMAIL PROTECTED] Status: R Oh look, it's a brand new fluff piece on Meganet and their Virtual Matrix Encryption, deconstructed years ago in various forums, including this one. http://www.inet-one.com/cypherpunks/dir.1998.01.01-1998.01.07/msg00047.html Why on earth is the Department of Labor giving them money? Meganet now claims that all other encryption methods have been compromised - except for theirs, of course. Titter. http://www.israel21c.org/bin/en.jsp?enPage=BlankPageenDisplay=viewenDispWhat=objectenDispWho=Articles%5El306enZone=TechnologyenVersion=0; - Company develops unbreakable data encryption code By Nicky Blackburn February 09, 2003 Meganet has won a $4 million tender to supply the U.S. Department of Labor with information encryption and digital signatures for its 18,000 employees. Meganet, an Israeli-U.S. data security company, has developed an encryption technology that appears to be unbreakable, enabling governments and corporations, to keep their data safely out of the hands of competitors, thieves and saboteurs. Among the clients that believe in their ability to protect sensitive information is the U.S. government ... Meganet Corporation's founder, Saul Backal, claims that its solution can put an end to these problems. Meganet offers a patented non-linear data mapping technology, called VME (Virtual Matrix Encryption), that creates exceptionally random cipher text and combines it with a one million-bit key, which is unheard of in today's data security markets. Competing solutions offer a maximum of 256 bits. There is nothing stronger in existence, says 38-year-old Backal, a dual Israeli-U.S. citizen who was a tank commander in the IDF in the Lebanon war. All other encryption methods have been compromised in the last five to six years. ... -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division Do What Thou Wilt Shall Be The Whole Of The Law --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Zimmermann creates a non-free command-line OpenPGP product
by brain to come up with another name as inspired as Pretty Good Privacy, but just couldn't. So we had to make do with the perfectly servicable name of FileCrypt®. I think that at a technical level it's just as much like PGP as the current NAI E-Business Server product, and is as compatible with the OpenPGP standard as PGP. And keeping with the true PGP tradition, the source code will be available for peer review. We are offering an inexpensive version of FileCrypt for interactive users who simply prefer a command line product, and another version priced for corporate servers that run it non-interactively. If you want a nice GUI version of PGP, I suggest you get PGP Corporation's product, PGP. You can get it from me on my web site at www.philzimmermann.com/sales.shtml . Why should the business community opt for the OpenPGP standard? For years this standard dominated the world of email encryption. But during the last year of NAI's stewardship of PGP, the user community held back, deferring deployment decisions to see what would happen with PGP, creating a backlog of pent-up demand. Now, since PGP's rescue, OpenPGP has surged ahead of all other protocols for email and file encryption. Even the US military, previously committed to a different email encryption protocol with an inflexible PKI, now seems to be showing a renewed interest in embracing PGP. The handwriting on the wall is clear, OpenPGP is now unstoppable. Philip Zimmermann http://www.veridis.com/openpgp/en/index.asp --- -- pplf - French OpenPGP page[EMAIL PROTECTED] OpenPGP en francais PGP: 8263 8399 2074 5277 a6d3 http://www.openpgp.fr.st 622d 1b66 ea3d caa0 8c94 ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users /x-flowed --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Random Scanning Worms and Sapphire/Slammer's PRNG...
is that the increment is always even. Their second mistake was to misuse the OR instruction, instead of XOR , to clear a key register -- leaving the register's previous contents intact. As a result, the increment is accidentally XORed with the contents of a pointer contained in SqlSort's Import Address Table (IAT). Depending on the version of the SqlSort DLL this salt value will differ, although two common values, which we have directly observed, are 0x77f8313c and 0x77e89b18 . EEye also reports seeing 0x77ea094c [2]. These mistakes significantly reduce the quality of the generator's distribution. Since bis even and the salt is always 32-bit aligned, the least-significant two bits are always zero. Interpreted as a big-endian IP address this ensures that the 25th and 26th bits in the scan address (the upper octet) will stay constant in any execution of the worm. Similar weaknesses extend to the 24th bit of the address depending on the value of the uncleared register. Moreover, with the incorrectly chosen increment, any particular worm instance will cycle through a list of addresses significantly smaller than the actual Internet address space. Thus there are many worm instances which will never probe our monitored addresses, because none of these addresses are contained in the cycle which the worm scans. This, combined with the size of our monitored address space [ 6], prevents us from directly measuring the number of infected hosts during the first minutes of the worm's spread. It happens that Sapphire will include or not include entire /16 blocks of addresses in a cycle. We were able to assemble lists of the address blocks in each cycle for each value of the salt (the cycle structure is salt dependent). Fortunately the probability of choosing a particular cycle is directly proportional to the size of the cycle if the initial seed is selected uniformly at random. When considered over many randomly seeded worms, all Internet addresses are equally likely to be probed. Thus we can accurately estimate the scanning rate of the worm during the progress of the infection by monitoring relatively small address ranges. Since the probing will cover all Internet addresses, we can also estimate the percentage of the Internet infected. If not for the initial seed, these flaws would prevent the worm from reaching large portions of the Internet address space, no matter how many hosts were infected. For the same reason, these flaws could also bias our measurements, since even though our data comes from several different networks, there is a small chance that these particular networks were disproportionately more or less likely to be scanned. However, the worm uses an operating system service, GetTickCount , to seed their generator with the number of milliseconds since boot time, which should provide sufficient randomization to ensure that across many instances of the worm, at least one host will probe each address at some point in time. We feel confident that the risk of bias in our measurements is similarly minimized. An interesting feature of this PRNG is that it makes it difficult for the Internet community to assemble a list of the compromised Internet addresses. With earlier worms, it was sufficient to just collect a list of all addresses that probed into a large network. With Sapphire, one would need to monitor networks in every cycle of the random number generator for each salt value to have confidence of good coverage. Measurements of Sapphire's Spread and Operator Response [The remainder snipped for, heh, bandwidth... :-) --RAH] -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
CrimethInc. Agent Subversion Kit 72a.v2 (This Phone Is Tapped)
http://www.buyolympia.com/crimethinc/sid=316686336/misc.html CrimethInc. Cyberian Market CrimethInc. Agent Subversion Kit 72a.v2 /miscellany/ 1 pack is $5.50 2-4/$4.50 each 5-10/$4 each One pack of 25 postcard-stickers (4 stickers to each card. so one pack = 100 stickers) CrimethInc. Agent Subversion Kit 72a.v2 (This Phone Is Tapped) The first in what will be a continuing series, this tidy little unit contains everything one needs to get one's subversive-action groove on-gloss sticker front with four stickers, and a printed back with application instructions, among other things. Made to be deployed on payphones across the world, the stickers fit precisely on the back handle of the telephone receiver. Order a pack to put a hundred stickers up yourself, reveling in petty vandalism that will educate and motivate others, or take the cards and give them away at shows, protests, or english class for others to have the experience. Each card is a little thought-bomb waiting to bet set off by whoever holds it in their hands-and the collateral damage is everyone who sees the sticker on the phone. Click on the picture to the left for a larger view, or download these PDFs [ front back ] and print them yourself. [We know these prices might seem expensive and possibly even excessive-in fact, we cringed when typing them-but we assure you that we are charging almost exactly cost for these.] One single card-sticker is automatically included for free in every paid order. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
OASIS LegalXML Lawful Intercept XML Technical Committee (LI-XML)
http://xml.coverpages.org/LawfulInterceptTC.html OASIS LegalXML Lawful Intercept XML Technical Committee (LI-XML) OASIS Members to Create Framework for Global Sharing of Criminal and Terrorist Evidence XML Specification Will Deliver Reliable Authentication and Auditing to Safeguard Privacy and Increase Effectiveness of Lawful Intercepts Boston, MA, USA. January 23, 2003. The OASIS standards consortium today announced the formation of a new technical committee to develop a universal global framework for supporting rapid discovery and sharing of suspected criminal and terrorist evidence by law enforcement agencies. The OASIS LegalXML Lawful Intercept XML (LI-XML) Technical Committee was formed to meet critical needs emerging from several national and intergovernmental mandates around the world, including the recently passed United States Homeland Security Information Sharing Act of 2002, the new Lawful Intercept additional protocol of the European Convention on Mutual Assistance in Criminal Matters, and e-Government mandates in Europe and the United States. As the ability for criminals and terrorists to access technology increases, the challenge for law enforcement to detect, comply with legal process, and implement evidence discovery tools also grows, noted Anthony M. Rutkowski of VeriSign, chair of the OASIS LegalXML LI-XML Technical Committee. Government agencies as well as providers of electronic communication services worldwide will benefit from uniform XML schema that facilitates fully electronic receipt, authentication, and implementation of lawful process. Rutkowski added that the enhanced precision, authentication, and audit features provided by LI-XML will result in greater public trust in the traditionally sensitive area of legal discovery. As part of the OASIS LegalXML Member Section, the LI-XML specification will be designed to support an end-to-end legal process where law enforcement, justice, and security agencies are the principal beneficiaries. LI-XML Technical Committee members plan to work closely with related OASIS efforts including the LegalXML Electronic Court Filing and OASIS e-Government Technical Committees. LI-XML is the latest in a growing number of OASIS Technical Committees that address the needs of the public sector, noted Karl Best, vice president of OASIS. We are encouraged to see government agencies and representatives from around the globe joining OASIS to advance this effort, along with our e-Government, Tax XML and other LegalXML initiatives. Participation in the OASIS LegalXML LI-XML Technical Committee remains open to all organizations and individuals. OASIS will host an open mail list for public comment, and completed work will be freely available to the public without licensing or other fees. Information on joining OASIS can be found on http://www.oasis-open.org/join . About OASIS OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, XML conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 300 companies as well as individual members in 100 countries around the world. For more information: Carol Geyer Director of Communications OASIS Email: [EMAIL PROTECTED] Voice: +1.978.667.5115 x209 Prepared by Robin Cover for The XML Cover Pages archive. See details in the 2003-01-23 news story: OASIS LegalXML Member Section Forms Lawful Intercept XML Technical Committee. Document URL: http://xml.coverpages.org/LawfulInterceptTC.html -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
QUALCOMM Qsec-800 Secure CDMA phone
--- begin forwarded text Date: Wed, 29 Jan 2003 17:57:00 -0500 To: undisclosed-recipient:; From: Monty Solomon [EMAIL PROTECTED] Subject: QUALCOMM Qsec-800 Secure CDMA phone Status: R QUALCOMM's CDMA Technology Enhances Security Measures at Super Bowl XXXVII - Regional Homeland Security Agencies and Technology Partners Teamed Up To Provide Security Assistance for the Super Bowl - SAN DIEGO, Jan. 29 /PRNewswire-FirstCall/ -- QUALCOMM Incorporated (NASDAQ:QCOM), pioneer and world leader of Code Division Multiple Access (CDMA) digital wireless technology, joined forces with regional homeland security agencies and technology partners to augment existing security measures for Super Bowl XXXVII. QUALCOMM, in partnership with the San Diego Regional Network on Homeland Security (RNHS) and other technology companies, assisted the San Diego Police Department (SDPD) with security preparations for Super Bowl XXXVII by providing technology and products based on CDMA technology. QUALCOMM provided wireless phones capable of carrying government- classified information over commercial cellular networks to federal law enforcement agencies and federal task force entities. These phones, referred to as the Qsec-800(R), are National Security Agency certified cellular phones developed through a U.S. Government contract with QUALCOMM. The phones represent a first step in securing the nation's cellular communications using the extensive CDMA network that is commercially available. In addition to the secure wireless handsets, QUALCOMM had worked out an architecture that allowed the SDPD to access data, such as real time video as supplied by cameras, using digital technology from cVideo, at QUALCOMM Stadium, over commercial CDMA2000 1X networks. QUALCOMM's expertise in security ensured these data capabilities met the high standards set by the United States Department of Justice and local law enforcement. ... http://finance.lycos.com/home/news/story.asp?story=31220472 --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Europe Said to Agree on Microsoft Privacy Issues
http://www.nytimes.com/2003/01/30/business/worldbusiness/30SOFT.html?ei=5062en=fa850440cebec7cfex=1044507600partner=GOOGLEpagewanted=printposition=top The New York Times January 30, 2003 Europe Said to Agree on Microsoft Privacy Issues By THE NEW YORK TIMES y The New York Times BRUSSELS, Jan. 29 - Data-protection officials from the 15 member nations of the European Union will ask Microsoft to make additional changes to Passport, its online customer authentication system, people close to the officials' deliberations on the matter say. The officials concluded a two-day conference here today with an agreement on how to respond to offers by Microsoft to bring Passport into compliance with the union's strict data privacy laws. But they decided not to make it public until later this week to permit time for it to be translated from English into French. A Microsoft spokesman said the company could not comment until the final language of the decision was available. One person who attended the meeting said Microsoft had offered to make substantial changes to Passport. He said that a central problem the officials had identified with Passport was the way it permits Microsoft to share personal details it gathers about consumers with other companies that participate in Microsoft's e-commerce platform. Copyright 2003 The New York Times Company |Permissions |Privacy Policy -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
EU Privacy Authorities Seek Changes in Microsoft 'Passport'
http://online.wsj.com/article_print/0,,SB1043436716535021744,00.html The New York Times January 27, 2003 EU Privacy Authorities Seek Changes in Microsoft 'Passport' By BRANDON MITCHENER Staff Reporter of THE WALL STREET JOURNAL BRUSSELS -- European privacy authorities this week will outline changes it wants Microsoft Corp. to make to its Passport online authentication system to settle a yearlong investigation of its privacy policies, according to people familiar with the situation. The recommendations, some of which Microsoft is said to have advanced itself in the course of discussions with European authorities, would also target Microsoft's rivals in the so-called Liberty Alliance, which includes Sun Microsystems Inc. and several other multinational companies. The proposed changes would go beyond those to which Microsoft consented last year following a complaint by a nonprofit group to the U.S. Federal Trade Commission that the company was making improper use of people's data. Passport allows users who have registered with the service to enter data such as an e-mail address and a password just once and use that digital passport to enter other Web sites without re-entering the same data or creating a new password. Microsoft has insisted that Passport complies with European data-protection rules, but European privacy authorities last year said the system raised legal issues, including the value and quality of the consent given by users and the security risks associated with the transfer of their data to Passport's partners. European data-protection commissioners are expected to discuss the recommendations Wednesday. A spokesman for the chairman of the working group declined to comment on its deliberations, as did a spokeswoman for Microsoft. People familiar with the privacy authorities' thinking say the changes they plan to request give users more information about the system and more control over how their data are used. Microsoft has accepted to make major changes, said one person familiar with the group's thinking. The group is scheduled to meet the day before Microsoft Chairman Bill Gates addresses a conference on Microsoft's Internet strategy in Brussels. The EU privacy probe is unrelated to an antitrust investigation by the European Commission, which has accused Microsoft of abusing its dominant position in the market for operating systems for desktop computers to muscle its way into related product markets. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
JILT: New Rules for Anonymous Electronic Transactions? AnExploration of the Private Law Implications of Digital Anonymity
' ('State without Country') V 98 (The Hague 1998); the ministerial paper 'Internationalisering en recht in de informatiemaatschappij' ('Internationalisation and law in the information society') TK '99-'00, 25880, no. 10 http://www.minjust.nl/c_actual/rapport/irinfomy.pdf and the comparative study accompanying the ministerial paper into the views of various foreign governments on internationalisation and law: Koops, B J, Prins, J E J and Hijmans, H (2000), 'Internationalisation and ICT Law' (The Hague/Boston: Kluwer Law International). See also: http://www.minjust.nl/c_actual/rapport/overcrbi.pdf . 24 . See the three proposed Directives, published on 12 July 2000, in which the importance of a high level of consumer protection is expressly put forward as a reason for introducing the new rules: Proposal for a Directive of the European Parliament and of the Council concerning the processing of personal data and the protection of privacy in the electronic communications sector, COM(2000) 385; Proposal for a Directive of the European Parliament and of the Council on universal service and users' rights relating tot electronic communications networks and services, COM(2000) 392; Proposal for a Directive of the European Parliament and of the Council on a common regulatory framework for electronic communications networks and services, COM(2000) 393. 25 . Grijpink, J H A M (1999), 'Werken met keteninformatisering' ('Working with chain computerisation'), Section III Privacy and Anonymity pp. 133 ff. (The Hague: Sdu Uitgevers). |ELJ |JILT |THIS ISSUE |SEARCH |COMMENTS | -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Sixth Annual Digital Money Forum
--- begin forwarded text Status: RO To: Bob Hettinga [EMAIL PROTECTED] From: David G.W. Birch [EMAIL PROTECTED] Date: Thu, 23 Jan 2003 11:48:04 + Subject: Sixth Annual Digital Money Forum Hi Bob, Can you pass this on in the usual places... Many thanks... . the sixth annual Consult Hyperion forum . .. D I G I T A L ... M O N E Y No other conference in our industry compares Jack Selby, VP Intl. Business Development, Paypal sponsored by Vodafone supported by NCipher and American Express London April 2nd/3rd, 2003 ...The Event Now in its sixth year, the annual Digital Money Forum will be two days of interactive discussion and debate from the centre of the digital money world. The Forum is not about technology or marketing: it is about the whole subject of the digitisation of money and the implications of that process for individuals, businesses and governments. A central theme of the sixth forum will be the resurgence of interest in new technologies for cash replacement: peer-to-peer electronic payment, contactless smart cards, mobile phones as mobile wallets and so on. Both speakers and delegates will be leaders in the field, looking at the evolution of retail electronic payments from the consumer, regulatory, bank, merchant, legal, sociological and other perspectives. With experts in financial systems, interactive TV, mobile commerce, mass transit, retail and related subjects gathered together, the Forum will continue to be the place to be for anyone who wants to understand Digital Money. Last year, the audience came from Europe, North America and the Far East to discuss topics ranging from the plans of banks and payment schemes and new European regulation to commodity and community currencies. This year, the subjects already on the agenda include the success of mass transit operators in replacing cash at points of sale to mobile payment schemes and from the digitisation of local exchange trading systems to electronic cash in developing countries. .The Programme.. Keynote speakers: Riel Miller from the OECD on the future of money Economist, author, journalist and BBC broadcaster Diane Coyle Presentations by: Simon Lelieveldt from the Dutch Electronic Money Association Andrew Smith from the London Transport Prestige scheme Michael Linton of Open Money covering LETS Roy Cosway, Cornish Key Card, setting out local govt. requirements. Toni Merschen, head of Chip Mobile Payments at MasterCard Gerry Looby of Cardbase reporting on the Nigerian national e-purse Edgar Kampers describing the Dutch Green Money scheme in Utrecht Dominic Peachey of the Financial Service Authority on regulation Jim Wadsworth of Vodafone, talking about their m-pay scheme and others There are also expert panels including Sandra Alzetta of Visa International on m-payments Jof Walters of Egg sharing experiences in bank P2P Cyprien Goddard of iPin on microbilling Please note that due to the continued success of the Forum, we have again decided to limit the number of places in order to preserve the much-valued interactive nature of the event. Further information can be found at the Forum web site http://www.digitalmoneyforum.com/ Thanks to the generosity of our sponsors, the Forum will again cost only 595 pounds Sterling per person excluding VAT. The fee includes the forum, documentation, meals, cocktails and drinks around the champagne tables. This is a not-for-profit event and any surplus generated is distributed, as in previous years, to a variety of mainly local charities. Recent beneficiaries of our events have including the Fountain Centre for Palliative Cancer Care and the Surrey Centre for the Visually Impaired. For further information or to reserve a place please contact Gloria Benson [EMAIL PROTECTED] Telephone +44 1483 301793Fax +44 1483 561657 --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Fwd: HiveCache - P2P Backups
--- begin forwarded text Status: RO Date: Tue, 21 Jan 2003 14:36:40 -0800 To: [EMAIL PROTECTED] From: Fearghas McKay [EMAIL PROTECTED] Subject: Fwd: HiveCache - P2P Backups Reply-To: Usual People List [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] --- begin forwarded text From: Peter Gradwell [EMAIL PROTECTED] (by way of Fearghas McKay [EMAIL PROTECTED]) To: [EMAIL PROTECTED] Subject: HiveCache - P2P Backups Date: Tue, 21 Jan 2003 14:04:35 -0800 Hello Apologies for the intrusion. As well has running an ISP, I have an interest in Grid Computing systems and micro accounting architectures. As part of the interest, I would like to deploy a product called HiveCache (www.hivecache.com) to my customer base, and others interested. HiveCache is a p2p backup system where by you define an amount of disk space available on your machine (which is connected via broadband of course!) and vice versa, your files get split up, encrypted and then stored on everyone elses' disk space. HiveCache does all sorts of clever things, like making sure enough copies are kept in various places, files are split encrypted, allowing you to retrieve them, etc. Ultimately, I would like to faciliate a system where by we act as a clearing house so that users can buy sell disk space resources. In order to get going however, I would like to take part in the HiveCache pilot. To do this, I require 25-50 willing volunteers. You will need: - an always on broadband connection - a few gig of spare disk space - a little enthusiasm and a willingness to return comments If that sounds like you, then please could you drop an email to [EMAIL PROTECTED] stating your - name, - email, - type of internet connection and - what operating system you're running on. Any questions, let me know. many thanks peter -- peter gradwell. gradwell dot com Ltd. http://www.gradwell.com/ engineering hosting services for email, web and usenet --- end forwarded text --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[ISN] REVIEW: Internet Cryptography, Richard E. Smith
--- begin forwarded text Status: RO Date: Wed, 22 Jan 2003 05:49:54 -0600 (CST) From: InfoSec News [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [ISN] REVIEW: Internet Cryptography, Richard E. Smith Sender: [EMAIL PROTECTED] Reply-To: InfoSec News [EMAIL PROTECTED] Forwarded from: Rob, grandpa of Ryan, Trevor, Devon Hannah [EMAIL PROTECTED] BKINTCRP.RVW 20021215 Internet Cryptography, Richard E. Smith, 1997, 0-201-92480-3, U$29.95/C$44.95 %A Richard E. Smith [EMAIL PROTECTED] %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8 %D 1997 %G 0-201-92480-3 %I Addison-Wesley Publishing Co. %O U$29.95/C$44.95 416-447-5101 fax: 416-443-0948 [EMAIL PROTECTED] %O http://www.amazon.com/exec/obidos/ASIN/0201924803/robsladesinterne %P 356 p. %T Internet Cryptography According to the preface, this book is aimed at non-specialists who need to know just enough about cryptography to make informed technical decisions. As an example, Smith suggests systems administrators and managers who, while not formally charged with security, still have to use cryptographic techniques to secure their networks or transmissions. Chapter one is an introduction, contrasting what we want; secure communications; with the environment we have to work in; a wide open Internet. The text also looks at the balance that must be maintained between convenience and requirements. Encryption basics, in chapter two, presents the concepts of symmetric cryptography, use, and choice. There is a clear explanation of the ideas without overwhelming technical details. (It is interesting to note how quickly the cryptographic technology changes: SKIPJACK and ITAR were still important when the book was written, and are now basically irrelevant.) Some random thoughts on network implementation of encryption are given in chapter three. Managing secret keys, in chapter four, provides good conceptual coverage of generation and management, although the discussion of the problems of key escrow is weak. Because of the requirements for technical details when discussing protocols, chapter five, on IPSec, is different from other material in the book. It also includes a brief mention of other protocols. Chapter six discusses the use of IPSec in virtual private networks, while seven examines IPSec in terms of remote access. Chapter eight looks at IPSec in relation to firewalls, but it is difficult to see how this would be used in an actual application. Chapter nine reviews public key encryption and SSL (Secure Sockets Layer). The basic concepts of asymmetric cryptography are presented well, but may be unconvincing due to the lack of mathematical support and details. While there is an introduction to the related idea of digital signatures, SSL is really only barely mentioned. World Wide Web transaction security, in chapter ten, provides practical examples of the technologies discussed. The same is true of email, in chapter eleven, but digital signatures get a bit more explanation. Chapter twelve builds on the signature concept to introduce PKI (Public Key Infrastructure) notions. The fundamentals are written clearly and well, and are quite suitable for managers and users. Despite the lack of detail, the text may even be suitable for some security professionals who need a rough background without needing to work with the technology itself. The work is easy to read, although the idiosyncratic structure may be confusing, and the value of some chapters questionable. copyright Robert M. Slade, 2002 BKINTCRP.RVW 20021215 -- == [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/ Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458): February 10, 2003 February 14, 2003 St. Louis, MO March 31, 2003 April 4, 2003 Indianapolis, IN - ISN is currently hosted by Attrition.org To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn' in the BODY of the mail. --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
PATRIOT/FISA: New Powers Fuel Legal Assault On Suspected TerrorSupporters
fall under Fourth Amendment, which bars unreasonable searches and allows warrants only upon probable cause. In response, Congress enacts Title III, setting rules for judicial oversight of wiretaps in criminal cases. National-security investigations aren't covered. * 1978: Foreign Intelligence Surveillance Act adopted. Creates secret court to approve wiretaps of foreign agents when information sought involves national security. If tapping Americans, surveillance can't be based solely on suspect's political views. * 1979-2001: Justice Department, supervised by FISA court, limits contacts between prosecutors and counterintelligence agents so that FISA isn't used to evade Title III. * October 2001: Congress adopts USA Patriot Act, eliminating requirement that foreign intelligence be sole purpose of FISA wiretaps. * March 2002: Attorney General Ashcroft proposes lowering wall between prosecutions and counterintelligence operations. * November 2002: FISA appeals court sides with Justice Department, grants prosecutors extensive access to FISA material. --- The principal defendant in the Dallas case is Mousa Abu Marzouk, a top Hamas leader whom the U.S. officially designated a terrorist in 1995. He and six relatives are accused of money laundering, illegally shipping computer parts to Syria and Libya and hiding his unlawful investment in a Texas Internet company. Until he was deported to Jordan in 1997, Mr. Marzouk was the U.S.-based head of Hamas's political arm, and the government for years conducted FISA-authorized surveillance of him. Eavesdropping agents, for example, once heard him declare that a Texas-based foundation he was affiliated with was the Palestinian resistance's primary fund-raising entity in the United States, according to a confidential FBI report. Such evidence now is available in trying Mr. Marzouk's co-defendants -- five are in custody -- and Mr. Marzouk himself if he is ever brought back from Syria, where he now openly defends anti-Israeli suicide bombings as a Hamas spokesman. In Chicago, Mr. Fitzgerald, the U.S. attorney, quickly employed the Patriot Act's FISA revisions in an investigation of Enaam Arnaout, a Muslim activist indicted last year for allegedly using his nonprofit Benevolence International Foundation to funnel money to al Qaeda. Under FISA, Mr. Arnaout's house was searched and he was secretly recorded in 2001 and 2002 discussing the foundation's activities with a Saudi Arabian who is believed to be a top al Qaeda financier. Additional FISA material on Mr. Arnaout from years ago is now also available for use at his trial next month. He has pleaded not guilty. In the investigation of the suspended University of South Florida professor, prosecutors have been looking into Mr. Arian for years because he has publicly advocated the Palestinian jihad against Israel, praised Palestinian suicide bombers and openly raised funds for groups linked to them. Federal investigators suspect that Mr. Arian and associates of Palestinian Islamic Jihad and like-minded groups engaged in money laundering, immigration fraud and other crimes in support of terrorists. In a 1995 affidavit, an Immigration and Naturalization Service agent said telephone records showed contacts between Mr. Arian and Siraj el-Din, a convicted conspirator in the 1993 bombing of the World Trade Center in New York. And a 1996 search of Mr. Arian's residence by federal agents uncovered documents that allegedly detail an espionage plan against the U.S. military, federal records show. Current and former investigators say Mr. Arian hasn't been charged in part because some evidence of contacts with suspected terror financiers was obtained through FISA. Now prosecutors are reviewing the evidence to see if charges are justified, lawyers familiar with the case say. Mr. Arian, a permanent U.S. resident, long has denied any connection to terrorism. His attorney, Robert McKee, says he knows of no criminal action pending against his client and that his top priority is helping the professor hold on to his $67,500-a-year post. The state university suspended Mr. Arian with pay after he appeared on a television talk show after Sept. 11, 2001, and was confronted with accusations that he supported terrorism. Backed by Florida Gov. Jeb Bush, administrators have taken steps to fire him, a complicated process for a tenured professor. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[Announce] Libgcrypt 1.1.12 released
--- begin forwarded text Status: RO To: [EMAIL PROTECTED] From: Werner Koch [EMAIL PROTECTED] Organisation: g10 Code GmbH User-Agent: Gnus/5.090008 (Oort Gnus v0.08) Emacs/20.7 (i386-debian-linux-gnu) Subject: [Announce] Libgcrypt 1.1.12 released Sender: [EMAIL PROTECTED] Date: Mon, 20 Jan 2003 12:18:57 +0100 Hello! I am pleased to announce a new Beta version of Libgcrypt, GNU's implementation of basic crypto functions. Libgcrypt is a general purpose cryptographic library based on the code from GnuPG. It provides functions for all cryptograhic building blocks: symmetric ciphers (AES, DES, Blowfish, CAST5, Twofish, Arcfour), hash algorithms (MD4, MD5, RIPE-MD160, SHA-1, TIGER-192), MACs (HMAC for all hash algorithms), public key algorithms (RSA, ElGamal, DSA), large integer functions, random numbers and a lot of supporting functions. Libgcrypt is available under the GNU Lesser General Public License (LGPL). See also http://www.gnu.org/directory/security/libgcrypt.html Libgcrypt can be downloaded from ftp.gnupg.org or one of the mirrors as listed at http://www.gnupg.org/download/mirrors.html . ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/libgcrypt-1.1.12.tar.gz (724k) ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/libgcrypt-1.1.12.tar.gz.sig or as a diff against version 1.1.11: ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/libgcrypt-1.1.11-1.1.12.diff.gz (83k) Please check the signature, the key is available by finger:[EMAIL PROTECTED] . Aside of bug fixes here are some real news: * gcry_pk_sign, gcry_pk_verify and gcry_pk_encrypt can now handle an optional pkcs1 flags parameter in the S-expression. A similar flag may be passed to gcry_pk_decrypt but it is only syntactically implemented. * New convenience macro gcry_md_get_asnoid. * There is now some real stuff in the manual. We are now heading for a stable (non-Beta) 1.2 release within the next few months. Salam-Shalom, Werner p.s. If you want to help with further development by donating money please visit https://order.kagi.com/?P3G . ___ Gnupg-announce mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-announce --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Counterpane Internet Security Secures $20 Million In Series DFunding
http://www.counterpane.com/pr-seriesd.html COUNTERPANE INTERNET SECURITY SECURES $20 MILLION IN SERIES D FUNDING Comcast Interactive Capital Meritech join with existing investors to accelerate Counterpane's growth CUPERTINO, Calif., January 14, 2003 - Counterpane Internet Security, Inc., developer and acknowledged leader of Managed Security Monitoring (MSM) services, today announced the closing of its Series D round of financing. Led by Comcast Interactive Capital and Meritech Capital Partners, the round also included existing investors Accel Partners, Bessemer Venture Partners, Dell Ventures, Morgan Stanley Venture Partners, and Symphony Technology Group. Counterpane achieved a record quarter for new bookings in Q4, 2002 and the company will use these funds to accelerate the growth of the business through continued investments in sales, marketing service delivery. Counterpane's services are delivering tremendous value to their customers, said Samuel H. Schwartz, Senior Managing Director of Comcast Interactive Capital. In an environment requiring awareness of and responsiveness to increasingly complex IT security events, Counterpane provides enterprises with up-to-date expertise and professional monitoring to protect their networks. Counterpane's growth and strong relationships with its customers, channel partners, and industry analysts convinced us that Counterpane represents an excellent investment opportunity. William J. Harding, Managing Member of Morgan Stanley Venture Partners added, In a very difficult climate for technology spending, Counterpane continues to prove that managed security monitoring is a key priority for business leaders concerned about protecting their corporate information. We were fortunate to find our round of funding oversubscribed, stated Tom Rowley, President and CEO of Counterpane Internet Security, Inc. With the added support of premier investors such as Comcast Interactive Capital and Meritech, this funding will enable us to expand our leadership position and capitalize on opportunities afforded by our strong balance sheet. Samuel Schwartz has joined Counterpane's Board of Directors. About Comcast Interactive Capital Comcast Interactive Capital (CIC) is a venture capital fund focused on broadband, enterprise and interactive technologies. CIC is affiliated with Comcast Corporation, a diversified global leader in cable, broadband services, telecommunications, electronic commerce, and entertainment. CIC's primary goal is to generate superior financial returns from private equity investments in early-stage technology companies. To achieve this goal, CIC works to foster the success of its portfolio companies by bringing to bear the unique resources, experience, and insight of both CIC and the Comcast family of companies. Additional information is available at www.civentures.com. About Morgan Stanley Venture Partners Morgan Stanley Venture Partners is the venture capital affiliate of Morgan Stanley Private Equity, a unit of Morgan Stanley (NYSE: MWD), the global financial services firm. Morgan Stanley Venture Partners manages a group of private equity funds that invest in high growth companies, concentrating on the information technology and health care industries. Since its inception in 1986, Morgan Stanley Venture Partners has managed over $1 billion of capital commitments and has invested in over 140 emerging growth companies. For more information about Morgan Stanley Venture Partners please visit www.msvp.com. About Counterpane Counterpane Internet Security, Inc., is the innovator and acknowledged leader in providing Managed Security Monitoring (MSM) services. MSM combines people and technology to safeguard businesses. Working from a network of technically sophisticated Secure Operations Centers (SOCs) and using progressive analysis tools, Counterpane has built the most advanced analysis, correlation, detection, and diagnosis technology, comprising a Sentry monitoring probe on the customer's network and the Socrates knowledge base inside the SOCs. Using this technology, Counterpane's expert Security Analysts are able to detect security incidents-both external intrusions and insider attacks-in real time, and tailor immediate, effective responses for its customers. The company is funded by Accel Partners, Amerindo Investment Advisors, Inc., Comcast Interactive Capital, LP, Bessemer Venture Partners, Dell Ventures, LP, Meritech Capital Partners, LP, Morgan Stanley Venture Partners and Symphony Technology Group. Headquarters are located at 19050 Pruneridge Avenue, Cupertino, California, USA. Phone: 408.777.3600, Fax: 408.777.3601, Website: www.counterpane.com . ### Counterpane is a trademark of Counterpane Internet Security, Inc. All other companies, brand names or products are trademarks or registered trademarks of their respective companies. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting
Net security firm Counterpane pulls in $20M
of growth over 30%. He cited its so-called channel sales strategy, or working with partners to resell services, as contributing to its growth. That strategy has cut the company's sales cycle from six months to less than 90 days, he said. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Even 'Sanitized' Hard Drives Can Hold Sensitive Information
http://online.wsj.com/article_print/0,,SB1042664144798925144,00.html January 15, 2003 4:47 p.m. EST Even 'Sanitized' Hard Drives Can Hold Sensitive Information Associated Press CAMBRIDGE, Mass. -- So, you think you've cleaned all your personal files from that old hard drive you're selling? A pair of graduate students at the Massachusetts Institute of Technology suggest you think again. Over two years, Simson Garfinkel and Abhi Shelat assembled a collection of 158 used hard drives, shelling out between $5 and $30 for each at secondhand computer stores and on eBay Inc. Of the 129 drives that functioned, 69 still had recoverable files on them and 49 contained significant personal information -- medical correspondence, love letters, pornography and credit-card numbers. One even had a year's worth of transactions with account numbers from an ATM in Illinois. On that drive, they hadn't even formatted it, Mr. Garfinkel said. They just pulled it out and sold it. About 150,000 hard drives were retired last year, the research firm Gartner Dataquest estimates. Many ended up in trash heaps, but many others find their way to secondary markets. Over the years, stories have occasionally surfaced about personal information turning up on used hard drives that have raised concerns about personal privacy and identity-theft risks. Last spring, the state of Pennsylvania sold to local resellers computers that contained information about state employees. In 1997, a Nevada woman purchased a used computer and discovered it contained prescription records for 2,000 customers of an Arizona pharmacy. The MIT students, who report their findings in an article to be published Friday in the journal IEEE Security Privacy, say they believe they are the first to take a more comprehensive -- although not exactly scientific -- look at the problem. On common operating systems like Unix variants and Microsoft Corp.'s Windows family, simply deleting a file, or even following that up by emptying the trash folder, doesn't necessarily make the information irretrievable. Those commands generally delete a file's name from the directory, so it won't show up when the files are listed. But the information itself can live on until it is overwritten by new files. Even formatting a drive may not do it. Fifty-one of the 129 working drives the authors acquired had been formatted, but 19 of them still contained recoverable data. The only sure way to erase a hard drive is to squeeze it: writing over the old information with new data -- all zeros, for instance -- at least once but preferably several times. A one-line command will do that for Unix users, and for others, inexpensive software from companies including AccessData works well. But few people go to the trouble. Mr. Garfinkel said users shouldn't be forced to choose between wiping their hard drives clean or taking a sledgehammer to them. There are ways of designing an operating system to make that problem go away, he said. Indeed, future operating systems may make it easier. But many users like believing that, in a pinch, an expert could recover their deleted files. The resilience of hard-drive data is also a powerful weapon for law enforcement. As it turned out, most of the hard drives the authors acquired came from businesses that apparently have a higher but misplaced confidence in their ability to sanitize old drives. Individual users are more likely simply to toss their old drives into the closet, or try the sledgehammer method. Homeowners seem to understand there's not a lot to be gained by selling your 20-gig hard drive on eBay, Mr. Garfinkel said. That jibes with the experience of Tom Aleman, who heads the analytic and forensic technology group at Deloitte Touche and often encounters companies that get burned by failing to fully sanitize, say, the laptop of an employee leaving the company for a job with a competitor. People will think they have deleted the file, they can't find the file themselves and that the file is gone -- when, in fact, forensically you may be able to retrieve it, he said. Mr. Garfinkel has learned his lesson. As an undergrad at MIT in the 1980s, he failed to sanitize his own hard drive before returning a computer to his father, who was able to read his personal journal. The privacy concerns worry him, especially since the U.S. Supreme Court has held that the right to privacy doesn't apply to discarded items. But what really strikes him is how many people he found bidding for old drives on eBay. He shudders to think what they want with them. If I were a government interested in doing economic espionage against the United States, I would allocate a million dollars a year to buy these hard drives and analyze them, he said. In fact, it wouldn't even take that -- just somebody willing to hold their nose and walk around the municipal dump. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http
[p2p-hackers] Anonymity tutorial at MIT, Wed Jan 15, 7-10pm (fwd)
--- begin forwarded text Status: RO Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Date: Wed, 8 Jan 2003 23:38:14 +0100 (CET) From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [p2p-hackers] Anonymity tutorial at MIT, Wed Jan 15, 7-10pm (fwd) -- -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://eugen.leitl.org 83E5CA02: EDE4 7193 0833 A96B 07A7 1A88 AA58 0E89 83E5 CA02 http://moleculardevices.org http://nanomachines.net -- Forwarded message -- Date: Tue, 7 Jan 2003 22:58:53 -0500 From: Roger Dingledine [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [p2p-hackers] Anonymity tutorial at MIT, Wed Jan 15, 7-10pm [Please forward anywhere you think might be interested. And if you're a p2p-hacker in Boston, come and meet some of the others.] I'm doing a tutorial on anonymity designs, as part of the MIT I/S series of talks this January. It will be along the lines of my Blackhat and Defcon talks from August, but going into more detail. We'll likely have some form of refreshments. The room is plenty big, so feel free to show up, and bring plenty of questions. I'll adapt the material based on audience clue and interests. Please forward this to other relevant/interested lists. Why is anonymity so hard? Roger Dingledine Wednesday, Jan 15, 7-10pm MIT Room 54-100 (http://whereis.mit.edu/bin/map?locate=bldg_54) Open to the public With reasonable anonymity designs that are decades old, it seems clear that we should have a reliable, secure, and ubiquitous anonymity network by now. But apart from the purely technical challenges, there are social barriers as well. The complexity of distributing trust, problems funding the infrastructure or getting volunteers to run it, and challenge of making users comfortable all conspire to make deploying a strong anonymity system very difficult. I'll start with a crash course on anonymity designs, and compare ease of deployment based on the above issues. I will focus on Mixminion, a new message-based anonymous remailer protocol and Onion Routing, a low-latency stream-based anonymous communication system. I'll also spend some time talking about the link padding / dummy traffic problem. Throughout, I'll share some intuition about how to break these systems and how to fix them. ___ p2p-hackers mailing list [EMAIL PROTECTED] http://zgp.org/mailman/listinfo/p2p-hackers --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Pretty Good Update for E-Mail Privacy
http://www.washingtonpost.com/ac2/wp-dyn/A8488-2003Jan3?language=printer washingtonpost.com Pretty Good Update for E-Mail Privacy By Kevin Savetz Special to The Washington Post Sunday, January 5, 2003; Page H06 Internet users send millions of e-mail messages every day, oblivious to their lack of confidentiality. For years, a powerful and free encryption program called PGP, or Pretty Good Privacy, allowed users to keep their e-mail and other data private. But Network Associates, which bought PGP in late 1997, failed to sell upgraded versions to businesses and let the program drift into limbo from mid-2001 on, without any significant updates. Last summer, however, a new company, PGP Corp., bought the program from Network Associates, and in December it shipped a new version. PGP 8 (www.pgp.com) runs on Windows 98 or newer Microsoft operating systems, as well as Mac OS X 10.2. Older versions of the software are available for other operating systems at www.pgpi.org. This program uses public key cryptography, in which every user has two keys, one public and one private. You encrypt an outgoing message with the recipient's public key, available to anybody who asks. The scrambled message can be decrypted only by the recipient's private key, which stays on that person's hard drive, protected by a password. You don't need mathematics knowledge to use the program, but you will need to read the manual. While PGP 8 manages to insulate users from many complex concepts of cryptography, you do need to grapple with such things as key rings, trust meters and fingerprints. PGP offers several versions of PGP 8, starting with PGP Freeware. The free download -- for noncommercial use only -- covers the basics of creating keys, sharing the public one on an online key server for other users' convenience, encrypting and decrypting data, and signing messages, which lets a recipient verify that messages actually came from you and were not altered on the way. PGP Freeware is more than enough for encrypting occasional messages and keeping snoops from reading your unfinished great American novel. It includes a tool search for other people's public keys at key servers. But it doesn't tie into e-mail programs, forcing a copy-and-paste procedure each time you want to encrypt or decrypt a message. The $39 PGP Personal edition adds PGP Mail, which embeds PGP functions into the Outlook and Outlook Express e-mail programs on Windows, and Apple Mail and Microsoft Entourage on the Mac. With that feature, encrypting and decrypting e-mail was easy, even huge messages with MP3 files attached. PGP Personal also includes PGPdisk, which creates an encrypted, password-protected area on your disk drive. That makes PGP useful for far more than sending messages. You could use it to create an encrypted folder for financial statements, for instance. The company also offers Desktop and Enterprise versions that support office-wide mail systems. But what if PGP Corp. pulls the same trick as Network Associates did and orphans the program? Users anxious about that might want to consider an open-source, PGP-compatible program called Gnu Privacy Guard (www.gnupg.org). It is available for Windows, Linux, Mac OS X and several other operating systems and is free for personal and commercial use. Since nobody owns it, nobody can take it off the market. GPG, however, needs another layer of software to become accessible. Despite its excellent documentation, its text-only, command-line interface would be a roadblock for people uncomfortable with DOS- or Unix-style command prompts. Windows Privacy Tray (www.winpt.org) adds shortcuts to the Windows system tray to generate keys, and to sign and encrypt messages without fussing with a text interface. Macintosh users can add GPG DropThing (available with other front-end software at macgpg.sourceforge.net); its interface is sparse but will let you encrypt and decrypt data without resorting to a command line. These free programs make the process roughly as easy as it is with PGP 8 -- that is, pretty simple once you learn your way around. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Cryptome Log Subpoenaed
://cryptome.org/cryptome-log.htm --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [picoIPO] Re: Micropayments, redux
--- begin forwarded text Status: RO Subject: Re: [picoIPO] Re: Micropayments, redux Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] To: [EMAIL PROTECTED] (Andrew Odlyzko) From: Charles Evans [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Date: Wed, 18 Dec 2002 12:56:27 -0500 This message is coming by way of the picoIPO list. Apologies for any confusion caused by intercommunication among para-debates. On Wednesday, Dec 18, 2002, at 08:01 US/Eastern, Andrew Odlyzko wrote: Dear Colleagues, Just a few general comments on the flurry of messages from yesterday. I certainly do see micropayments playing some role in the economy in the future. I agree that we do have the technology to implement them easily. However, I still think that they will play only a marginal role... The second sentence of the abstract reads, The main concern of this paper is with pricing of goods that are likely to be consumed in large quantities by individuals. The current debate, with regard to micropayments and microfinance, is like comparing apples and orangutans. For mass-market goods, the argument in favor of subscription is compelling, especially in the West/North. I would not rent time on MS Word or OS X, even if it were less expensive than buying licenses. However, in the Third World, where money is very scarce, a la carte is still very common. In Ukraine, where typical incomes are USD 200-300 per MONTH, computers are too expensive for most. Internet cafés are quite common, and charge about USD 1 per hour. A flat USD 20 per month dial-up subscription is prohibitively expensive, when you add in the per-minute telephone charges and the cost of the computer, monitor, and modem. snip The basic reason for this prediction is that even in the absence of the many behavioral economics factors, producers benefit from bundling (as in selling an entire newspaper instead of individual articles) by taking advantage of uneven preferences among consumers for the individual items... For large Western/Northern software and entertainment producers, yes. However, in the Third World -- the other 5.5 billion -- the economies of scale are different. For the price of a full license of MS Office, a family can live for a month or two. Building a viable business model out of this observation, and implementing it are separate matters. This is a theoretical discussion of subscription versus a la carte. There are markets where a la carte is preferable over subscription. snip Not everything can be shoehorned into the flat-rate subscription model, so I do expect that micropayments will eventually play a role in the economy, but I don't expect that role to be large. There is large and there is large. But your point is correct. We economists do not like corner solutions, and one-size-fits-all solutions generally neither fit nor solve. CE ___ picoIPO mailing list [EMAIL PROTECTED] http://lists.picoipo.com/mailman/listinfo/picoipo --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
DEA data thief sentenced to 27 months
http://theregister.co.uk/content/55/28621.html DEA data thief sentenced to 27 months By Kevin Poulsen, SecurityFocus Online Posted: 18/12/2002 at 10:38 GMT A 14-year veteran of the U.S. Drug Enforcement Administration (DEA) who fled to Mexico to avoid federal computer crime charges was sentenced in a federal court in Los Angeles on Monday to 27 months in prison for selling information on private citizens he plundered from sensitive law enforcement databases. Emilio Calatayud, 36, admitted in a plea agreement last August to raiding a variety of systems to investigate claimants in over 100 workers compensation cases being handled by Triple Check Investigative Services for unnamed insurance carriers. Triple Check paid the former agent at least $22,500 for the data over a six year period ending in 1999, according to court records. The purloined data came from three law enforcement computers to which Calatayud had otherwise lawful access: the FBI's National Crime Information Center (NCIC), which maintains nationwide records on arrest histories, convictions and warrants; the California Law Enforcement Telecommunications System (CLETS), a state network that gives agents access to California motor vehicle records, rap sheets and fingerprints; and a DEA system called the Narcotics and Dangerous Drug Information System (NADDIS), described by a Justice Department Web page as a database of over 3,500,000 individuals, businesses, vessels and selected airfields. Some privacy advocates have cited the Calatayud case to highlight the risks posed by the growing number of law enforcement databases housing information on individuals, and made widely accessible with minimal security. The prosecution was briefly derailed last February, when Calatayud skipped out on a $100,000 property bond on what was to have been his first day of trial. He fled to Mexico, where four months later he was picked up in Guadalajara by Mexican federal police acting on information developed by the United States Marshal's Service. Officials haven't revealed how Calatayud was tracked down, but as part of the plea deal they agreed not to prosecute the former fed for kiting checks through his Bank of America account while a fugitive. Prosecutors also dropped wire fraud and computer fraud charges in the agreement. Calatayud plead guilty to bribery, tax evasion and failing to appear in court. In addition to the jail time, federal judge William J. Rea ordered Calatayud to pay a $5,000 fine. ©SecurityFocus.com -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Obituary - Gary Howland - 197? - 2002
in their bid to control the worldwide flow of information over our Internet. When the Clinton administration capitulated in early 2000, it was because of Gary Howland and other fellow spirits - the authors of Crypto++, SSLeay, and all of the Cryptix programmers to follow in his footsteps. Their committment to always keep the art of cryptography an accessible, open tool for the people survives Gary. We will always publish free crypto as long as we remain free programmers, and a free people. Like so many of the dotcom dreams to come, our trading adventure ran out of cash, and we took pause. We split, we both went back to contracting, and we paid off our debts. He and Inka lived for a while on the island of Anguilla. There, the Financial Cryptography conference had employed him in '97 and '98 to teach the art of payment systems at boot camp. Gary worked with Vince Cate's SAXAS for a while, and when I caught up with him over a Grolsch in an Amsterdam bar, we laughed as he told me how he had spent most of the time trying to inject SOX ideas into SAXAS. We had great visions of Anguilla being the financial cryptography centre of the universe; at one stage, there were over 10 people working there on various projects, but, like many things, the dream faded as the field failed to take off, and frustration with the local bureaucracy scared too many people away. Gary died last week of a heroin overdose in a friend's London appartment. He'd been on it for a long time, but was well used to keeping the secret. I only learnt of his affliction well after we had split up. I often wondered whether I'd change my mind about drugs when someone close was killed. Maybe I'd go rabid and insist on all those bastards being killed or incarcerated without trial, as seemed to be the response of others. Maybe I'd sign on for a term of service with the War on Drugs. (These days, it would be Homeland Defence, licensed to hack.) On reflection, I can only say that Gary's death underscores futility of the War on Drugs. The developments in Europe, Australia, and now some states in the US, as country after country seeks to decriminalise drugs, remain our only hope of a civilised response to the health problem that is addiction. If Gary had lived in a society that hadn't forced the dirty secret on him, he might have got the support and community that would have helped him. I don't know that I could have done anything there, but maybe someone else could have. Financial cryptographers don't die, they just cease to be atomic. Wherever he is, Gary would have laughed to know that his work will be the subject of scrutiny by the TLAs, once again. This time, from the other side; in the same week that Gary died, we filed all forms imaginable - four boxes-worth carried by hand in through the doors of the SEC headquarters in Washington, D.C. - to start a new financial system in the USA. Using Gary's SOX, of course. -- iang --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Plug (was Re: Micropayments, redux)
At 12:55 AM -0500 on 12/17/02, John R. Levine wrote: Micropayments have two problems. The minor one is that technically we have no idea how to implement them. The major one is that users hate the idea. Oddly enough, and speaking of the Financial Cryptography conference :-), Nicko's running a panel this year: http://ifca.ai/fc03/index.php?page=schedule ... Monday, 27-Jan-2003 ... 14:00 - 15:30 Panel: Does anyone really need MicroPayments? Moderator: Nicko van Someren (nCipher) Participants: Bob Hettinga (IBUC), Andrew Odlyzko (University of Minnesota) and Ron Rivest (MIT, PepperCoin) Many cryptographers have tried to develop special technology for transferring tiny amounts of value; the theory being that the computational and/or administrative costs of other payment schemes render them unsuitable for small value transactions. In this panel we will discuss two major questions: firstly are the existing systems really not useful for small values and secondly might other models such as flat rate or subscription systems be more suitable anyway, and be possible without the need for small payments? By the way, statistical process control is nothing new, and probabilistic settlement is one of the first things they teach you in elementary economics classes to explain the use of statistics -- railroads billing each other statistically for boxcar hauling by sampling bills of lading,= as the canonical example. Cheers, RAH Who, having just seen who else Nicko's put the panel, can't wait to see Andrew and Ron discuss, um, things in light of the the list traffic this morning... -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Big Brother and Another Overblown Privacy Scare
describes how the use of watchout lists and access to quite modest forms of data could have thwarted the September 11 attacks. For starters, running the names of all airline ticket purchasers through the government's watch list of suspected terrorists would have flagged two of the 19 hijackers-to-be in August 2001. Checking their addresses could have led to three more, including Mohamed Atta. His phone records could have led to another five. An 11th had used the same frequent flier number as one of first two. Checks on recent flight-school attendees, expired visas, and other data might have led to the rest. Future terrorists using false names, the Markle report notes, can still be identified ... with a biometric algorithm derived from a photograph of the face or fingerprints, which can go into a government database when ... someone applies for a visa, or is arrested, or receives a driver's license, for instance. Such data, together with intelligence about suspected terrorists and their networks of contacts and support, could be used to screen people seeking access to dangerous pathogens, extremely hazardous materials, or critical electronic networks. Should we bar this sort of thing because it would subject some innocent people to unwelcome scrutiny? Or because some rogue officials might be willing to risk exposure and disgrace by leaking or threatening to leak information about pornographic video rentals, extramarital adventures, or the like to harass or blackmail political dissidents? Should we eschew fishing expeditions through Ryder truck rental records and fertilizer purchases? Not if we want to prevent terrorist mass murders. And I, for one, am a lot less worried about the government snooping through my credit card bills and psychiatric records than about being anthraxed in the subway or killed by a nuclear explosion in my downtown Washington office. We should, of course, minimize the risks of abuse, error, and invasion of privacy. The Markle task force compiles page after page of suggestions, including tools that create audit trails of parties who carry out searches, that anonymize and minimize information to the greatest extent possible, and that prevent ... dissemination of irrelevant information to unauthorized persons or entities. The important question is whether the risks to privacy posed by any particular data-mining proposal outweigh the hope that it might save lives. The answer, in every case, will depend on careful cost-benefit analysis. For now, rather than running screaming from the room or lobbying Congress to shut down DARPA's work on this potentially life-saving technology-as The New York Times idiotically demanded-we should remedy the government's current inability even to make sense of the prodigious amounts of information it already has, in the words of Philip Zelikow, executive director of the Markle task force. Far from emulating Big Brother, the government has so far failed even to pull together widely available, not-very-private data that could be useful in screening airline passengers, transporters of extremely hazardous materials, and so on. Indeed, a Senate Appropriations subcommittee recently killed a $20 million program to research such modest forms of data analysis, says Zelikow, who is also the director of the University of Virginia's Miller Center of Public Affairs and a member of President Bush's Foreign Intelligence Advisory Board. The Markle report expresses skepticism about the effectiveness of the more exotic-and scarier-approach of endless mining of vast new government data warehouses to find intricate correlations, especially those based on psychological profiles. By generating large numbers of false positives, Zelikow says, that approach could lead to intrusions on innocent people, ill will, lawsuits, and a political backlash against even the most effective and least intrusive forms of data-mining. Those who are serious about saving lives understand the need for safeguards to allay concerns about privacy. And the greatest danger to American privacy, Zelikow says, would arise after another major terrorist attack. Those who pose privacy and security as warring goals may thus end up getting neither. The emerging center on these issues will be made up of people in both parties who see privacy and security as complementary goals that have to be achieved together and in balance. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
e-CryptIt Engine 7.0 for REALbasic
--- begin forwarded text Status: RO Date: Mon, 16 Dec 2002 04:35:24 -0800 To: MacDev-1 (Moderated) [EMAIL PROTECTED] From: MacDev-1 Moderator [EMAIL PROTECTED] Subject: e-CryptIt Engine 7.0 for REALbasic Sender: [EMAIL PROTECTED] This message comes to you from MacDev-1(tm) -- the Mac(tm) OS Developer News and Info server. See below for more info on this list (including sub/unsub details). __ e-CryptIt Engine 7.0 is out New in 7.0: * Added a BlowfishECB class (This replaces the old functions). * Added a BlowfishCBC class which adds a CBC chained Blowfish encryption to the plugin. * Added a TwofishECB class which adds a ECB unchained Twofish encryption to the plugin. * Added a TwofishCBC class which adds a CBC chained Twofish encryption to the plugin. * Added a IEncryptionAlgorithm Interface which BlowfishECB BlowfishCBC, TwofishECB and TwofishCBC implement. * Removed the old function based BlowFish ECB encryption and all the ByRef string referencing relating to it. * Added new example projects for the new algorithms. * The ZStream class is now implemented with native MacOS calls rather that MSL calls making it 35% smaller on Carbon and 50% smaller on PPC. * Fixed a bug with the ZStream that made it crash when used on OS 8.6. * Fixed a minor memory leak in the ZStream constructor. * The ZStream now Implements the IStreamWriter and IStreamReader Interface. * The ZStream now can take IStreamReader and IStreamWriter as a constructor parameter, which add the ability to do in memory compression and decompression. Björn Eiríksson[EMAIL PROTECTED] Einhugur Software [EMAIL PROTECTED] www.einhugur.com __ Please visit our sponsors: RadGad(sm): The Place for Useful Gifts Gadgets.(sm) http://www.radgad.com/, mailto:[EMAIL PROTECTED], or 877-5-RADGAD MacTech(r) Magazine: The journal of Macintosh technology and development http://www.mactech.com, mailto:[EMAIL PROTECTED], or 805-494-9797 DevDepot(sm): Your Source for RAM, Technical Developer Products http://www.devdepot.com, mailto:[EMAIL PROTECTED] or call 877-DEPOT-NOW To submit a posting to MacDev-1, mailto:[EMAIL PROTECTED]. To subscribe to MacDev-1, send mail to [EMAIL PROTECTED] with the SUBJECT line reading SUBSCRIBE MACDEV-1. To unsubscribe, the SUBJECT line should read UNSUBSCRIBE MACDEV-1. MacTech, Developer Depot, RadGad, and Xplain Corporation are not responsible for any errors, omissions, or other inaccuracies in this message. News may be propagated freely, but please attribute your source as MacTech Magazine, http://www.mactech.com. -- --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Micropayments, redux
As I've said here before... At 6:51 PM +0530 on 12/16/02, Udhay Shankar N wrote: Peppercoin is ...Ron Rivest's random-settlement lottery payment protocol. Essentially, you write 10 checks for $100.00, and redeem one of them, yielding an expected payment of a tenth of a penny. You need very strong is-a-person digital signature credentialling, just like checks. It's quite compatible with PayPal, etc., and so I expect that that's part of their exit strategy. If they could get plugged into the ACH/ATM network, it might work there as well, so you could also sell it to banks, if they're buying. Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Micropayments, redux
At 6:23 PM -0600 on 12/16/02, Matt Crawford wrote: These quibbles may be of interest only to mathematicians and insurers. ...and thus underwriters of the financial instruments in question? :-). Cheers, RAH That's why they call it *financial* crypto, boys and girls... ...Though the accountants *do* have this thing called 'materiality'... ...Right, and that's also why some people say that finance is accounting with real math. Okay, mathematical economics... :-) -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[mnet-devel] reconsidering fundamental Mnet architecture
-mail. I always liked that idea, and when I initially launched the Mnet project and named it a universal filestore, my goal was to focus the project on implementing that simple abstraction (universal public data store, private keys). Nowadays I'm less keen on that abstraction, since the global part of it will eventually require some step 3 answer, and I'm doubting that layering step 3 on top of step 2 is the right approach, compared to the approach of revisiting step 1 and building a unified and elegant emergent network from step 1 up. There are also technical problems with the abstraction which I'll save for a later day. Now, a lot (all?) of my fellow Mnet Hackers are very keen on micropayments, and even if I were to actively oppose the micropayment notion, they would go ahead and implement it and give it another go. So that's one future of Mnet (or a branch of Mnet): another try at Mojo Nation's architecture wherein step 3 (integrated automatic ubiquitous micropayments) is layered on top and provides attack resistance and resource management for step 2 (universal data store and transport). Another future of Mnet, which is almost certainly going to happen in the near future, is just deploying a good implementation of step 2 without any step 3. This would be more or less on par with other emergent networks in current theory and practice, and will form an excellent base for more experiments. A third future of Mnet (or a branch thereof), is to break the universal filestore abstraction and return to step 1, building a friendnet-Mnet in which any two computers are allowed to have a relationship if and only if their human users already have a similar human relationship. Intriguingly, all three of these possible future Mnets can in principle interoperate with one another... --- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ ___ mnet-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/mnet-devel --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Peppercoin
Peppercoin is Rivest's lottery-settlement system for micropayments. You effectively write 10,000 checks for a hundred dollars, and only redeem one of them at random. Like checks themselves, you need iron-clad is-a-person credentials to make it work. As such, it's ideal for banks and PayPal, to whom they should sell themselves once they prove their stuff works in the market. Like central banks, national stock exchanges, and PayPal :-), you need a hierarchical, category-killer economies-of-scale market plan to make it prevail, c.f. J. Pierpont Morgan's line about ruinous competition when he was Morganizing 19th-century American railroads. I also, and sincerely, wish them luck. Like James Brown, Ron is the hardest working man in cryptography, financial or otherwise. Of course, for micropayments themselves, I only like stochastic methods for process control. For instance, random samples for double-spending in a streaming cash application. Cheers, RAH --- begin forwarded text Status: RO Date: Mon, 9 Dec 2002 14:42:49 -0500 To: e-gold Discussion [EMAIL PROTECTED] From: James M. Ray [EMAIL PROTECTED] Subject: [e-gold-list] Peppercoin http://www.peppercoin.com/ I'm not sure about their payment-system, but I absolutely-approve of a few of the models, and the brains behind this company seem impressive as well! (Like others that have passed) IMO unless they can also attractively process MACRO-payments they'll croak. From the description of their system (combined with what-little I know of banks...) it sounds like they are trying to fundamentally change the banking system -- at least WRT their product. (I wish them luck!) JMR PS Florida Moron-tax (lotto) is now up to $80 million! WooHoo!! Office pool won 5 bucks, which will be plowed into next drawing so I don't have to do math. Also, could anyone operating or associated-with any gaming sites that take e-gold please contact me privately? Thanks. --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses. --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[Boing Boing Blog] Kismac: WEP cracking for OS X
--- begin forwarded text Status: RO To: [EMAIL PROTECTED] From: Cory Doctorow [EMAIL PROTECTED] Mailing-List: list [EMAIL PROTECTED]; contact [EMAIL PROTECTED] Date: Wed, 04 Dec 2002 05:09:54 -0800 Subject: [Boing Boing Blog] Kismac: WEP cracking for OS X Reply-To: [EMAIL PROTECTED] ADVERTISEMENT http://rd.yahoo.com/M=234081.2711418.4084139.1925585/D=egroupweb/S=1705015594:HM/A=1327985/R=0/*http://ad.doubleclick.net/clk;4870024;7586687;x?http://www.ameriquestmortgage.com/welcome.html?ad=Yahoo01 http://groups.yahoo.com/ http://groups.yahoo.com/mygroupsMy Groups | http://groups.yahoo.com/group/boingboing-mailblogboingboing-mailblog Main Page Finally, an OSX/Airport-compatible app that cracks WEP, the craptacular security in 802.11b wireless communication. Download and install, grab some packets and watch as the WEP password is sucked out of the bitstream. http://www.binaervarianz.de/projekte/programmieren/kismac/Link http://www.quicktopic.com/boing/H/X6ypK9cigWs4sDiscuss (via http://slashdot.org//.) -- Posted by Cory Doctorow to http://boingboing.net/Boing Boing Blog at 12/4/2002 5:09:51 AM Powered by http://pro2.blogger.comBlogger Pro To unsubscribe from this group, send an email to: [EMAIL PROTECTED] Your use of Yahoo! Groups is subject to the http://docs.yahoo.com/info/terms/Yahoo! Terms of Service. --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[ISN] PGP Opens Up Encryption Source Code
--- begin forwarded text Status: RO Date: Thu, 5 Dec 2002 01:00:19 -0600 (CST) From: InfoSec News [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [ISN] PGP Opens Up Encryption Source Code Sender: [EMAIL PROTECTED] Reply-To: InfoSec News [EMAIL PROTECTED] http://www.eweek.com/article2/0,3959,746602,00.asp By Dennis Fisher December 4, 2002 Newly formed PGP Corp. took a big step Monday toward endearing itself to cryptography enthusiasts and privacy advocates by releasing the source code for its flagship line of encryption products. The code for the entire PGP 8.0 line - which was also introduced Monday - is available on the company's Web site for free download. This move is a resurrection of the policy of openness and freedom that led to the creation of the original Pretty Good Privacy software more than 10 years ago and was a hallmark of the now-defunct PGP Inc. Users can download and review the code for free but cannot reuse or modify it. The publication of cryptographic algorithms and source code for encryption products has long been a common way for cryptographers and developers to test the strength and security of their products. But as more and more of the original freeware and shareware encryption products moved into the corporate realm, the practice has gradually fallen out of favor. When PGP Corp. announced its formation earlier this year, company officials made a point of saying that they would release the PGP source code. The company purchased the PGP product line from Network Associates Inc., which had bought the original PGP Inc. business from Phil Zimmermann, the product's creator. NAI's refusal to release the PGP source code was one of the reasons that Zimmermann eventually left NAI. PGP is the only security software company sufficiently committed to product integrity and security to publish its intellectual property in the form of source code for peer review, said Phil Dunkelberger, president and CEO of PGP, based in Palo Alto, Calif. We believe that releasing the source code for security-related software should be a standard industry practice and a requirement of any serious security vendor. The PGP 8.0 line includes both Windows and Macintosh versions of the PGP Desktop, PGP Enterprise and PGP Personal as well as a new version of PGP Freeware. The Macintosh products include support for OS X, and the Windows line now supports XP and XP Office. - ISN is currently hosted by Attrition.org To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn' in the BODY of the mail. --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
PGPfreeware 8.0: Not so good news for crypto newcomers
will be an obstacle to the spreading of cryptography -- and to PGP software sales as well. Furthermore, having PGP priced too high will probably lead newcomers to turn to a lot of snake oil encryption softwares and personal security suites that already encumber the shelves of computer software shops and are much cheaper than PGP. So there is a risk that uninformed users will turn away from PGP, and purchase cheaper snake oil instead. Last thing : PGPfreeware 8.0 is a good piece of software, much better that PGPfreeware 7.0.3 was. It is compact, quick and smart, and it worked really fine when we tested it under Windows 98. Unfortunately, the choice that was done of free features vs. paying features is wrong. And this is highly regrettable. pplf Michel Bouissou. -- ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
DBCs now issued by DMT
I suppose that if it's not blinded, or at least functionally anonymous, like you'd get with statistically-tested streaming cash, it's not *that* bearer, but, hey, that's just *my* opinion, right? :-). I would assume that anything that has accounts with client names on them is probably not bearer, either, though Mark Twain did something quite like that. Which, not coincidentally, brings us back to the loading problem. Most of us who think about these things have gotten to the point that Doug Barnes got to with his Mondex talk at the FC97 rump-session: that is, you need a popular internet payment system to collateralize/load whatever bearer certificate you issue, and the faster that settles, the better. We're getting there, maybe even faster than we think. Cheers, RAH --- begin forwarded text Status: RO Date: Tue, 03 Dec 2002 13:55:54 -0800 To: [EMAIL PROTECTED] From: Steve Schear [EMAIL PROTECTED] Subject: DBCs now issued by DMT Sender: [EMAIL PROTECTED] Digital Monetary Trust now supports Digital Bearer Certificates. https://196.40.46.24/dmtext/jog/dmt_bearercert.htm Although the DBC are not blinded, DMT claims it maintains no client data on its accounts so there is a modicum of anonymity in transactions. steve A State must pay attention to virtue, because the law is a covenant or a guarantee of men's just claims, but it is not designed to make the citizens virtuous and just -- Aristotle --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: DBCs now issued by DMT
At 4:06 PM -0800 on 12/3/02, Somebody wrote: I forgot to ask: who the hell is DMT? Nobody I ever heard of... How are they marketing this stuff - on a website with only an IP address... :-). or, who have they gotten to use it thus far? Nobody I ever heard of... However, that old volcano's giving off some tasty beta-waves, dontcha think? Cheers, RAH [Sounds like a low C to me...] -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: DBCs now issued by DMT
--- begin forwarded text Status: RO Date: Tue, 3 Dec 2002 16:06:12 -0800 Subject: Re: DBCs now issued by DMT From: Tim May [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] On Tuesday, December 3, 2002, at 01:55 PM, Steve Schear wrote: Digital Monetary Trust now supports Digital Bearer Certificates. https://196.40.46.24/dmtext/jog/dmt_bearercert.htm Although the DBC are not blinded, DMT claims it maintains no client data on its accounts so there is a modicum of anonymity in transactions. Well, on the Modified May Anonymity Scale, where would take a billion years to crack is good, and where will require subverting 20 servers and cracking each's mapping is OK, this rates a takes a phone call, which makes it not good. Trust us. Boring. Thinking this is a step in the right direction is like thinking building a tall tower is a step toward going to the moon. --Tim May The only purpose for which power can be rightfully exercised over any member of a civilized community, against his will, is to prevent harm to others. His own good, either physical or moral, is not a sufficient warrant. --John Stuart Mill --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
'E-postmark' gives stamp of approval
http://seattletimes.nwsource.com/cgi-bin/PrintStory.pl?document_id=134580416zsection_id=268448455slug=comdex21date=20021121 Thursday, November 21, 2002, 12:00 a.m. Pacific Fall Comdex 2002: 'E-postmark' gives stamp of approval By Brier Dudley Seattle Times technology reporter LAS VEGAS - Big screens, small gadgets and fast wireless connections have received much attention at the Comdex technology trade show this week, but a mundane product quietly unveiled at Microsoft's booth may have more of an impact on the average computer user. On display was an electronic stamp the U.S. Postal Service plans to sell to certify authenticity and delivery time of e-mail. The technology, called electronic postmarks, will not necessarily end the era of free e-mail. But it does create a first class version with a small delivery charge. The postmarks are likely to be used to transmit sensitive documents, for instance, to authenticate the sender and give the recipient more reassurance. The plan is to have e-mail-postage software available in the next 30 to 45 days At first, it would be an add-on to Microsoft's popular Outlook e-mail-management software. Later, it would be bundled into the new version of Microsoft's Office suite, due around summer. When loaded, it would appear as several buttons on the Outlook control panel. Users would pay the Postal Service anywhere from a penny to $2, depending on the volume of use, to add an official stamp of authenticity. The stamp would be applied with a click, not a lick. Actually, it would take 10 clicks - unless you send a lot of certified e-mails, in which case you could tailor the system to only require two, said Michael Wolf, who developed the product for AuthentiDate of New York. After two years of working with the Postal Service, AuthentiDate won a contract in July to run the service and use its network to issue, verify and store the certificates of authenticity. Terms were not available, but corporate filings indicate the Postal Service paid AuthentiDate $250,000 and established provisions to share revenue. Because AuthentiDate would run the service, said Chief Executive Rob Van Naarden, We get most of the revenue. Microsoft, which helped tailor the product for Outlook and provided software-development tools to AuthentiDate, would get a share of postmark sales that it generates, Van Naarden said. Having a feature certified as secure by a federal agency contributes to the sense of trustworthiness Microsoft is trying to impart after numerous high-profile security lapses. AuthentiDate is interested in bundling the technology with products from other software vendors, but for now it's focusing on Microsoft, said Wolf, the company's chief technical evangelist. Microsoft is not prohibiting us from approaching any other vendors, he said. Certifying e-mail is a crowded business full of companies providing encryption and other technologies to secure transmission of information. Federal privacy measures require such precautions for medical records and other sensitive documents. Several attempts by companies to charge per e-mail for authentication services have failed, noted analysts at IDC, a research company in Framingham, Mass. It's a great idea, but unfortunately nobody's paid for it in the past, and there's no indication they will in the future, said IDC's Chris Christiansen. A key reason is people still don't trust the technology enough, IDC's research shows. Van Naarden said electronic postmarks will succeed because they have federal authority. He said the stamps would provide legal force to electronic documents, and the Postal Service can prosecute people who circumvent the system. Van Naarden would not say how many electronic stamps he expects will be sold, but that business volume should be in the hundreds of millions of dollars in a few years. Likely markets include government, financial services and health care. Microsoft has worked for years on adding electronic postage to Office. It has a partnership with Stamps.com that enables Word users to buy postage online and print envelopes stamped with a bar code accepted by the Postal Service. The feature will be updated in the new Office suite next year. Microsoft has had other business relationships with the Postal Service, which has become increasingly entrepreneurial since it was reorganized in 1971 as a government-owned corporation. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Amnesty says two Chinese Internet users were executed
http://www.theinquirer.net/?article=6422 Amnesty says two Chinese Internet users were executed US firms colluding in State clamp down claim By Mike Magee: Tuesday 26 November 2002, 19:05 HUMAN RIGHTS ORGANISATION Amnesty International issued a warning today on its Web site that Internet users in mainland China could be killed by the State for expressing their opinion online. Thirty three people were named as prisoners of conscience today, for apparently doing little more than expressing their opinions online. Two subversives have already died in custody, it claimed. And the statement, which it released today, also warns that overseas companies were colluding in a crack down we first reported last August. The full report is here. One paragraph states: Foreign companies, including Websense and Sun Microsystems, Cisco Systems, Nortel Networks, Microsoft have reportedly provided important technology which helps the Chinese authorities censor the Internet. Nortel Networks along with some other international firms are reported to be providing China with the technology which will help it shift from filtering content at the international gateway level to filtering content of individual computers, in homes, Internet cafes, universities and businesses. The report asked China - avowedly a police state - to release anyone detained or jailed for using the Internet to express their views or to share information. American companies are helping China track down people that the government wants to detain for online subversion. It has designated 33 people detained for using the Internet as prisoners of conscience. Two people have already died in custody, the report said. AI says that anyone surfing the Internet in China could be at risk of arbitrary detention and imprisonment. There are around 60 million Internet users in mainland China, with the numbers rising steadily. µ -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[Announce]OpenCDK 0.3.3
--- begin forwarded text Status: U From: Timo Schulz [EMAIL PROTECTED] To: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] User-Agent: Mutt/1.5.1i Subject: [Announce]OpenCDK 0.3.3 Sender: [EMAIL PROTECTED] Date: Sun, 24 Nov 2002 21:47:25 +0100 Current Version: 0.3.3 (latest devel 0.3.4-cvs) License: GPL Author: Timo Schulz [EMAIL PROTECTED] Available from: http://www.winpt.org/opencdk.html Hi, this is the first public announcement for OpenCDK. It is a library to provide some basic parts of the OpenPGP Message Format (RFC2440). First the library was planned for key conversation in GnuTLS and other applications which support OpenPGP keys but after a while, I decided to include some low-level functions for file handling. Now the library basically consists of two parts. First, the key database code which can be used for reading, writing, export, import and key conversation and secondly file routines. It is *not* planned to add full OpenPGP support or to replace any of the existing OpenPGP versions. But it some cases, it might be handy to have OpenPGP natively without a detour over pipes. The library itself does *not* contain any cryptographic code. For this, Libgcrypt is used which bases on GPG code which was tested a lot. Other parts of the lib also contain GPG code to reduce the time for testing new code. For a good introduction, the MinPG example might be a good start. It shows how to use the API and how things work. If you use Debian, you can also use the precompiled package from Debian.org (unstable) but it's not up-to-date and might have more problems (it is 0.3.2). If you are interested to get the latest version, use anonymous CVS. Here is short overview about the recently added features: Noteworthy changes in version 0.3.3 (2002-11-16) * Support for the various signatures types (detached, ...) * Sign and Encrypt is working now. * Limited support for RFC1991 (v3 signatures, ...) * Corrected a problem with decompressing larger files. * A lot of bug fixes all over the place. * UTF8 en- and decoding routines. Noteworthy changes in version 0.3.2 (2002-11-07) * Keyserver support (HKP only). * Fixed problem with v3 signatures. * Fixed problem with searching packets in KBNODEs. * API documentation for the external interface. Timo ___ Gnupg-announce mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-announce ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Digital ID papers
--- begin forwarded text Status: RO To: Bob Hettinga [EMAIL PROTECTED] From: David G.W. Birch [EMAIL PROTECTED] Date: Mon, 18 Nov 2002 14:36:19 + Subject: Digital ID papers Hi Bob, Can you post this in all the usual places thanks! The presentations from the 3rd Annual Consult Hyperion Digital Identity Forum are now available for downloading from the Forum web site at www.digitalidforum.com, including presentations from Microsoft, Liberty Alliance, the UK Office of the e-Envoy, Royal Bank of Scotland and others. The Forum was very successful: some of the delegate comments received were * You get the finest audiences for these events - it was a *real* forum, and there were powerful cylinders firing throughout the room. * I found the event both interesting and stimulating. The quality of papers was very good, and quite a lot of open discussion was allowed * Just to say thanks again for a very enlightening event - I hope other delegates got as much out of it as I did! * I think I made some potentially useful contacts, and the content itself was fascinating. I thought it was really well run as well - brilliantly done! Regards, Dave Birch. -- -- David Birch, Director, Consult Hyperion -- -- tel +44 (0)1483 301793, fax +44 (0)1483 561657 -- mail [EMAIL PROTECTED], web http://www.chyp.com -- -- See you at the Benelux Cards conference in Brussels -- Dec. 4th/5th 2002, see http://www.smi-online.co.uk/benelux.asp --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Fwd: [fc] list of papers accepted to FC'03
--- begin forwarded text Status: RO Date: Thu, 14 Nov 2002 13:14:12 -0800 To: [EMAIL PROTECTED] From: Fearghas McKay [EMAIL PROTECTED] Subject: Fwd: [fc] list of papers accepted to FC'03 Reply-To: Usual People List [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] --- begin forwarded text From: Rebecca N. Wright [EMAIL PROTECTED] To: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: [fc] list of papers accepted to FC'03 Sender: [EMAIL PROTECTED] X-BeenThere: [EMAIL PROTECTED] X-Mailman-Version: 2.0.12 List-Help: mailto:[EMAIL PROTECTED]?subject=help List-Post: mailto:[EMAIL PROTECTED] List-Subscribe: http://mail.ifca.ai/mailman/listinfo/fc, mailto:[EMAIL PROTECTED]?subject=subscribe List-Id: Financial Cryptography Conference Announcements fc.ifca.ai List-Unsubscribe: http://mail.ifca.ai/mailman/listinfo/fc, mailto:[EMAIL PROTECTED]?subject=unsubscribe List-Archive: http://mail.ifca.ai/pipermail/fc/ Date: Wed, 13 Nov 2002 12:42:38 -0500 (EST) Here is the list of papers accepted to Financial Cryptography '03. In addition, there will be several invited talks and panels. A preliminary program will be available shortly. For more info, see www.ifca.ai/fc03. == Rebecca Wright phone: +1 201 216-5015 Department of Computer Science fax: +1 201 216-8249 Stevens Institute of Technology Castle Point on Hudson e-mail: [EMAIL PROTECTED] Hoboken, NJ 07030Web: www.cs.stevens-tech.edu/~rwright == List of papers accepted to FC'03 A Micro-Payment Scheme Encouraging Collaboration in Multi-Hop Cellular Networks Markus Jakobsson and Jean-Pierre Hubaux and Levente Buttyan Using Trust Management to Support Transferable Hash-Based Micropayments Simon N Foley Fully Private Auctions in a Constant Number of Rounds Felix Brandt Verifiable Secret Sharing for General Access Structures, with Application to Fully Distributed Proxy Signatures Javier Herranz and Germ·n S·ez Cryptanalysis of the OTM signature scheme from FC'02 Jacques Stern and Julien P. Stern Squealing Euros: Privacy Protection in RFID-Enabled Banknotes Ari Juels and Ravikanth Pappu Preventing Tracking and ''Man in the Middle'' Attacks on Bluetooth Devices Dennis K¸gler Traversing Hash Chain with Constant Computation Yaron Sella Retrofitting Fairness on the Original RSA-Based E-Cash Shouhuai Xu and Moti Yung Fault based cryptanalysis of the Advanced Encryption Standard (AES) Johannes Blmer and Jean-Pierre Seifert How Much Security is Enough to Stop a Thief? Stuart E. Schechter and Michael D. Smith Fair Off-Line e-Cash made easier Matthieu Gaud and Jacques TraorÈ Asynchronous Optimistic Fair Exchange Based on Revocable Item Holger Vogt Secure Generalized Vickrey Auction using Homomorphic Encryption Koutarou Suzuki and Makoto Yokoo Non-interactive Zero-Sharing with Applications to Private Distributed Decision Making Aggelos Kiayias and Moti Yung Timed Fair Exchange of Arbitrary Signatures Juan Garay and Carl Pomerance On the Economics of Anonymity Alessandro Acquisti and Roger Dingledine and Paul Syverson ___ fc mailing list [EMAIL PROTECTED] http://mail.ifca.ai/mailman/listinfo/fc --- end forwarded text --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Fun with Rosslyn Chapel, or, What *was* the Templar's Cipher,anyway?
--- begin forwarded text Status: U To: [EMAIL PROTECTED] From: T. Wolf [EMAIL PROTECTED] Date: Sun, 17 Nov 2002 00:00:51 +0100 Subject: Re: Fun with Rosslyn Chapel, or, What *was* the Templar's Cipher, anyway? Dear RAH, I just found the old attached message of yours doing a web search. Coincidentally, I'm currently looking for the very the same thing (i.e. the ciphers the Templars used for their bearer certificates). Since your message is two years old already, I'm hoping you found the solution by now. If you did, PLEASE PLEASE PLEASE tell me! Thanks, Thomas - Your old message (http://archives.neohapsis.com/archives/crypto/2000-q2/0315.html) - I'm dong an IBUC shirt for EFCE2K, and, given that we're in Edinburgh, and Rosslyn Chapel, the famous Templar, um, Mecca, is here, and the Templars ran the original money transfer business, using cryptography no less, Fearghas and I popped out to Roslin to root around for stuff to stick on the aforesaid shirt. Close, but, more or less, no cigar. We saw the faded remains of a Templar floriated cross on the Earl of St. Clair's supposed crypt-cover (kinda small, people speculate about all kinds of goodies in there), which might have been cool, but it was all eroded and I haven't found line art of one on the web and it's late. I've gotten a couple kinda-crypto things, of which I'll pick one for the shirt tomorrow morning before we mail it out to the silkscreener, but what I'd *really* like to know, if it's not one of the many secrets of the Templars [like the shroud of Turin is DeMolay, or that the Templars were Masons, or vice versa, or that they had the head of John the Baptist (or christ, or Joseph, or the original Green Man) or that they *really* had the Ark of the Covenent, or the Holy Grail, or that DeMolay was the Second Gunman on the Grassy Knoll :-), or, whatever] is... Has anyone ever figured out, or discovered or whatever, what kind of cryptosystem the Templars used to encrypt, decrypt, sign/modify the chits (dare I say bearer certificates? ;-)) they used so that people could go from preceptory to preceptory, getting cash/food/whatever, all the way to the holy land (and get the remains of their money back, or a bill :-), when they returned home? Cheers, RAH, Who, oddly enough, and by the sheerest coincidence (and I swear on a stack of Illuminati), lives in the Roslindale section of Boston, named for Roslin, home of Rosslyn Chapel --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
17 Cypherpunks subscribers on watch list, Project Lookout
--- begin forwarded text Status: RO Date: Tue, 19 Nov 2002 14:06:35 -0800 Subject: 17 Cypherpunks subscribers on watch list, Project Lookout From: Tim May [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] A company I am involved with has been on the distribution list for the FBI's Project Lookout watch list, the list being shared with banks, electronics companies, consulting firms, transportation companies, and 1100 other firms. Cross-indexing with the CP subscriber list, I find 17 names on both lists. We must be vigilant! Civil rights are only for innocents, not guilty persons. --Tim May -- Timothy C. May [EMAIL PROTECTED]Corralitos, California Political: Co-founder Cypherpunks/crypto anarchy/Cyphernomicon Technical: physics/soft errors/Smalltalk/Squeak/ML/agents/games/Go Personal: b.1951/UCSB/Intel '74-'86/retired/investor/motorcycles/guns Recent interests: category theory, toposes, algebraic topology --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: 17 Cypherpunks subscribers on watch list, Project Lookout
--- begin forwarded text Status: RO Date: Tue, 19 Nov 2002 15:59:42 -0800 Subject: Re: 17 Cypherpunks subscribers on watch list, Project Lookout From: Tim May [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] On Tuesday, November 19, 2002, at 02:06 PM, Tim May wrote: A company I am involved with has been on the distribution list for the FBI's Project Lookout watch list, the list being shared with banks, electronics companies, consulting firms, transportation companies, and 1100 other firms. Cross-indexing with the CP subscriber list, I find 17 names on both lists. We must be vigilant! Civil rights are only for innocents, not guilty persons. Wow, what a response, at least in private! Four of you have so far contacted me about the Watch List, asking out of curiousity if they are on the list or if the list is available online someplace. (One of the four got the message from a forwarding by a list member here. I really wish you, E.L., would not forward messages to unrelated lists.) But I need a fifth name. HomeSec promised my own name would be removed if I provided the name of _five_ (5) other suspects. And I need to get off that list by April 1st, which has been designated Roundup Day. --Tim May To those who scare peace-loving people with phantoms of lost liberty, my message is this: Your tactics only aid terrorists. --John Ashcroft, U.S. Attorney General --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: security of limits in mondex (Re: Spending velocity limit implementation in smart cards)
, the answer is yes, and no. Hence, it takes a long time and a lot of questions to figure out how it works. Even worse, any authority can simply say, no, that's not the way it works, and refuse to elaborate. And, they would be correct. And incorrect. That's the great thing about Mondex, it is everything you want it to be. -- iang --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
security of limits in mondex (Re: Spending velocity limit implementation in smart cards)
--- begin forwarded text Status: RO Date: Mon, 11 Nov 2002 19:32:54 + From: Adam Back [EMAIL PROTECTED] To: IanG [EMAIL PROTECTED] Cc: R. A. Hettinga [EMAIL PROTECTED], [EMAIL PROTECTED], Digital Bearer Settlement List [EMAIL PROTECTED] Subject: security of limits in mondex (Re: Spending velocity limit implementation in smart cards) User-Agent: Mutt/1.2.2i Sender: [EMAIL PROTECTED] On Mon, Nov 11, 2002 at 12:55:24PM -0500, IanG wrote: [...] If you are talking about the system, then simply go to the backends and do some statistics on the backend data base. Even Mondex uploads transactions, so you would be able to do the numbers. (From memory, Mondex uploads the last 10 transactions when you plug it into certain terminals. Although, this feature is contraversial, as the company has never released sufficient details to know for sure.) I was wondering about this recently to do with mondex. They claim as you say have limits on transaction uploads, so the user could hide some transactions. Indeed the user need never reconnect to the bank, always refilling via other users and spending to other users. Although they could if they chose implement something on the card to force it to connect within some maxium interval to the bank. And yet I thought they claimed to be able to have some liability limiting factors such as limits on card spending per month, and perhaps card spending ever. And the card itself is just a tamper resistant counter, and signed receipts are exchanged between cards to add to the counter (received payment) and subtract from the counter (send payment). But I think these claims are contradictory unless the limiting factors are implemented on the card, in which case they offer limited protection against someone extracting private keys from the card. So are they really uploading everything to bank via other cards even in peer to peer, or perhaps enough information (value, but not user or transaction description) to notice imbalances (corresponding to hacked bottomless cards)? Or is it that the limits in fact implemented on card and their likely effectivness in combatting fraud from tampered cards exaggerated? Adam -- http://www.cypherspace.net/ --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
E-C Logix: current patent holder for the DigiCash patents?
--- begin forwarded text Status: U To: [EMAIL PROTECTED] From: Myers Carpenter [EMAIL PROTECTED] Date: 29 Oct 2002 16:48:09 -0500 Sender: [EMAIL PROTECTED] Subject: E-C Logix: current patent holder for the DigiCash patents? While poking around the net today I think I might have come across the new holders of the DigiCash patents, or at least a licensee. As far as I find other sources about who owns the patents it went from DigiCash - eCash Technologies - InfoSpace I have not found evidence to link these people from InfoSpace. You can find it at http://www.e-clogix.com/ , but prepare to use view source quite a bit if you aren't using IE. Some points of interest: http://www.e-clogix.com/about.html This appears to be a venture of a Todd Stinson in Lincoln, Nebraska (you gotta love the photoshop hacked logo on the building). The email [EMAIL PROTECTED] bounced, and I have not attempted to call them. A response an editorial on ecash in Barron's published April 23, 2001 (if anyone has the original please let me know) http://www.e-clogix.com/editorials/barrons_rebuttal.html Interesting links that are 404: Demo site: http://www.e-clogix.com/Bank/index.html Anyone know anyone involved in this? myers --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
patent free(?) anonymous credential system pre-print
--- begin forwarded text Status: RO Date: Tue, 29 Oct 2002 23:49:21 + (UTC) From: Jason Holt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Old-Subject: patent free(?) anonymous credential system pre-print Subject: patent free(?) anonymous credential system pre-print Sender: [EMAIL PROTECTED] I've submitted a pre-print of my anonymous credential system to the IACR ePrint server. Thanks to all of you who responded to the questions I posted here while working on it. I'd love to hear feedback from any and all before I sumbit it for publication; particularly, I want to make sure I haven't forgotten to give proper attribution for any previous work. http://eprint.iacr.org/2002/151/ It mentions how to use the blinding technique Ben Laurie describes in his Lucre paper, which I don't think has been mentioned in the formal literature, and also describes what I call a non-interactive cut and choose protocol which is new AFAICT. Thanks again! -J --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Digital Identity Forum programme
--- begin forwarded text Status: RO User-Agent: Microsoft-Entourage/10.1.0.2006 Date: Mon, 14 Oct 2002 15:16:44 +0800 Subject: Digital Identity Forum programme From: David G.W. Birch [EMAIL PROTECTED] To: Bob Hettinga [EMAIL PROTECTED] Cc: Digital Bearer Settlement List [EMAIL PROTECTED] Hi Bob, Here's a more detailed plug for the Forum. Please feel free to post it anywhere you think folks might be interested. The 3rd Annual Consult Hyperion Digital Identity Forum will be held in London on November 12th and 13th 2002. Thanks to our sponsors, it will cost only UKP595 plus VAT for two days of discussion, debate and learning at the forefront of the digital identity field. This year's theme will be the balance between security and privacy in the post-September 11th world because public and private sectors have choices to make in the implementation of the identity and authentication schemes that are necessary to evolve the online world, but these choices are not context-free. The event, sponsored by RSA Security with support from Cybersource, PayPal and American Express is complementary to the annual Digital Money Forum and is a place to share knowledge across the field of digital identity: not simply the technical aspects of certificates, biometrics, smart cards and so on, but the business and social aspects that will shape this emerging field. The speakers will therefore include legal personnel, IT specialists, private and public sector experts, law enforcement personnel, a psychologist and others. For more information and the up-to-date programme please see http://www.digitalidforum.com/ Confirmed speakers already include: Steve Marsh, Director of Security Policy for the UK Government's e-Envoy. Laurent Beslay from the EC Joint Research Centre in Seville. Jof Walters, a strategist with online bank Egg. Ian Walden from the Institute of Computer Communications Law in London. Andre Durand from Digital ID World in the US. Gabi Vago of Fortress. Clare Lees from the Henley Centre, experts on public attitudes. Psychologist and expert on virtual identity, Kristina Downing-Orr. Simon Pugh of MasterCard, a Liberty Alliance board member. Peter Dalziel from the Royal Bank of Scotland. Bill Perry, an advisor to the UK Passport Office. Caspar Bowden from Microsoft UK, an expert on security and privacy in context. Hope to see you there. Regards, Dave Birch. -- -- My own opinion (I think) given solely in my capacity -- as an interested member of the general public. -- -- mail dgw(at)birches.org, web http://www.birches.org/dgwb --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Mitnick starts security company
http://technology.scmp.com/cgi-bin/gx.cgi/AppLogic+FTContentServer?pagename=SCMP/Printacopyaid=ZZZRFQ7QX6D Thursday, October 10, 2002 Hacker starts security company AGENCE FRANCE-PRESSE in Washington Kevin Mitnick, the cult figure hacker jailed for breaking into big corporate computer networks, is starting his own Internet security firm, according to an interview published this week. Mr Mitnick, who served nearly five years in prison for stealing corporate computer secrets, said he had formed the company and would work more intensely on it when the terms of his supervised release expire in a few months. I am taking my knowledge and experience to help educate government and industry on how to protect their assets, instead of using my former hobby to create grief, Mr Mitnick told silicon.com. Mr Mitnick allegedly broke into computer systems of Motorola, Sun Microsystems, Qualcomm and others until he was apprehended in 1995. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Microsoft marries RSA Security to Windows
--- begin forwarded text Status: RO From: Elyn Wollensky [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: William Knowles [EMAIL PROTECTED] Subject: Microsoft marries RSA Security to Windows Date: Tue, 8 Oct 2002 17:44:57 -0400 Sender: [EMAIL PROTECTED] Microsoft marries RSA Security to Windows http://www.theregister.co.uk/content/55/27499.html Microsoft has signed a wide-ranging deal to incorporate RSA encryption technology into its applications and services. The agreement, announced today (without financial details, is pitched as a key component in Microsoft's Trustworthy computing push. The first initiatives will centre on Microsoft's licensing of RSA SecurID two-factor authentication software and RSA Security's development of an RSA SecurID Software Token for Pocket PC. This will allow Windows Pocket PC-powered devices to function as RSA SecurID authenticators, so eliminating the need for users to carry separate hardware tokens. Used in conjunction with RSA ACE/Server authentication management software, RSA SecurID authenticators positively identify users and prevent unauthorised access to networks and systems. The technology is typically, and widely, used for remote access log-ins to corporate mail servers and secure sites. RSA Security has given Microsoft a license for the RSA ACE/Agent component of its two-factor authentication software, allowing Microsoft the option of directly integrating the RSA SecurID agent into Microsoft applications. The next enhancement of Microsoft's Internet Security and Acceleration (ISA) Server 2000 will be the first to feature this capability. ISA Server, Microsoft's first security product, is positioned against enterprise software firewalls. Security professionals expressed sceptism about the produt but then again many careers are based on fixing security holes which Microsoft overlooked. Passport stamped Last, and perhaps most ambitiously, RSA today announced a strategic relationship with software developer iRevolution to provide two-factor authentication to Microsoft Passport. The two firms are developing technology designed to allow Passport users to sign-on using RSA Mobile software to provide stronger and more secure authentication. RSA Mobile software uses mobile phones and the SMS (short messaging service) infrastructure to quickly deliver one-time access codes to end users for secure entry into Passport enabled sites. This is a real head spinner and we'll only scratch the surface on at this pass. First, Passport was never designed with two factor authentication in mind, so will Microsoft have to revisit the whole concept? Second, and easier to address, aren't SecureID access codes supposed to change every 30 seconds - less than the time it might take to receive an SMS message and then type in the relevant code? The mind boggles. In any case, the relationship with Microsoft is a real fillip for RSA Security, which in recent years has struggled to build sales in the becalmed Public Key Infrastructure market. Now it's a Web access management company, clearly tied into Microsoft's .Net vision - even to the extent of signing up wholeheartedly to Passport, its flakiest component. The announcements came during RSA Security's conference in Paris this week. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: JYA ping
--- begin forwarded text Status: RO Date: Fri, 04 Oct 2002 07:54:21 -0400 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: JYA ping Sender: [EMAIL PROTECTED] JYA is temporarily dead online due to work load in the DC area, near the armageddon push button, which is located, in case you give a, out on Route 7 disguised as FAA Leesburg. We paid a surprise Sunday morning visit to the CIA back entrance, got surrounded by HMMVs and spiffy guards with hands on guns, interrogated by a swell looking Ms. Security who ran our Duncan Frissell ID card through the master file, idled for 1/2 hour observing gaps in the maginot line, and then received a heartfelt thanks for cooperating, Duncan, wink. Mrs. Frissell hissed bitch as we serpentined the Jersey barriers back out the way in. --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Net Security Interview with Jon Callas
Linux versions of PGP products? We are considering it. We can produce a GUI version of PGP similar to the ones we do for Mac OSX and Windows. The biggest question for us is whether or not Linux people would find such a thing valuable enough to want to buy. There are a number of freeware systems available now -- should we bother making something we charge for, or should we just interoperate with what's out there? Are there plans for the development of new products in the PGP line in the near future? Oh, yes. We weren't funded just to pick up the PGP business. We were funded for our new product plans. Without giving it away, our aim is to make products that are extremely easy to use. Think of it as PGP for people whose VCRs flash 12:00. Is there a possibility for you to discontinue any of the PGP products? I can't think of one. What do you think about the whole segment of handheld computers security? Where does PGP Corporation stands at this topic? We already have versions of PGP for Palm OS and WinCE. We have Symbian's OS. We believe this is a huge opportunity for us. What is your perspective on full disclosure of vulnerabilities? I am a proponent of full openness. I'm a proponent of published source code, so by necessity vulnerabilities will be disclosed -- just look at the differences in the source. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[dgc.chat] New Release of NeuDist
--- begin forwarded text Status: RO Subject: [dgc.chat] New Release of NeuDist From: Pelle Braendgaard [EMAIL PROTECTED] To: neudist-discuss [EMAIL PROTECTED], [EMAIL PROTECTED], DGCChat [EMAIL PROTECTED], xmlx [EMAIL PROTECTED] Date: 03 Oct 2002 03:27:33 +0100 Reply-To: [EMAIL PROTECTED] Relese 0.4 of NeuDist has just been released at http://neudist.org NeuDist is a Java based clearing framework for developing financial web services on the Neubia distributed clearing platform. Most of the core layers are working and relatively complete now. You can see an example of a user authentication application at: http://neudist.org:8080/neudistframework/ While this example uses User Authentication Tickets, you will be able to use the technology to authenticate and clear virtually anything that can be described in XML. In particular Payments or as we call them Asset Transfers. This is the next layer of the platform and will be implemented in the next release. We will use an XML format similar to XML/X (http://xml-x.org) and have a sample payment application available based on gold backed currencies. In the next 3 months we hope to have the following types of applications live: - Book Entry Asset Transfer (Payment, Stock Issuance etc.) - Exchange Applications (Auction and Stock Exchange type) Much of the software for writing applications like the above will be open source and will allow for easy integration into existing systems. We are interested in hearing from anyone who has interesting ideas for applications. We are slowly but surely adding more documentation, but please ask questions. Thanks Pelle -- Antilles Software Ventures SA http://neubia.com/asv My Web Log Live and Direct from Panama http://talk.org Views of an EconoFist http://econofist.com subscribe: send blank email to [EMAIL PROTECTED] unsubscribe: send blank email to [EMAIL PROTECTED] digest: send an email to [EMAIL PROTECTED] with set [EMAIL PROTECTED] digest=on in the message body --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: JYA ping
--- begin forwarded text Status: RO From: Trei, Peter [EMAIL PROTECTED] To: Eugen Leitl [EMAIL PROTECTED], 'Graham Lally' [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: JYA ping Date: Thu, 3 Oct 2002 09:34:28 -0400 Sender: [EMAIL PROTECTED] Graham Lally[SMTP:[EMAIL PROTECTED]] wrote: Eugen Leitl wrote: On Wed, 2 Oct 2002, Anonymous wrote: Cryptome has nor been updated since 9/23 ... any clues, anyone ? No. Anyone knows whether John Young is okay? Can't get through to http://www.jya.com/ either (plus Google hasn't cached it, for some reason...?) - can't resolve it at all. I can't get through to www.jya.com either, but cryptome.org comes through fine. At the bottom of the initial document list, I find the line: 19 August 2002: The JYA.com archive is temporarily unavailable during relocation. Considering the glitches and mis-steps that often accompany server relocation, I'm not too worried - yet. It would be nice if John would drop the list a note. Peter Trei --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The 3rd Annual Consult Hyperion Digital Identity Forum
--- begin forwarded text Status: U To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Date: Thu, 03 Oct 2002 06:01:38 -0700 (PDT) Subject: Re: The 3rd Annual Consult Hyperion Digital Identity Forum The guy messed up his own URL. It should be http://www.digitalidforum.com which redirects to http://www.consult.hyperion.co.uk/digid3.html R. A. Hettinga wrote: Dear All, See www.digitalidentityforum.com for more details. Speakers include Microsoft and Liberty Alliance, UK central and local government, law enforcement, financial services (Egg and RBS/NatWest), EC Research Centre, a psychologist and others. Look forward to seeing you there. Regards, Dave Birch. -- -- David Birch, Director, Consult Hyperion -- -- tel +44 (0)1483 301793, fax +44 (0)1483 561657 -- mail [EMAIL PROTECTED], web a href=http://mail.vudu.net//jump/http://www.chyp.com;http://www.chyp.com/a -- -- See you at the 2nd Annual Digital Transactions Forum in Singapore -- October 16th/17th 2002, see a href=http://mail.vudu.net//jump/http://www.digitaltransactionsforum.com;http://www.digitaltransactionsforum.com/a/ --- end forwarded text -- - R. A. Hettinga lt;mailto: [EMAIL PROTECTED]gt; The Internet Bearer Underwriting Corporation lt;a href=http://mail.vudu.net//jump/http://www.ibuc.com/gt;http://www.ibuc.com/gt/a; 44 Farquhar Street, Boston, MA 02131 USA quot;... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience.quot; -- Edward Gibbon, 'Decline and Fall of the Roman Empire' For help on using this list (especially unsubscribing), send a message to quot;[EMAIL PROTECTED]quot; with one line of text: quot;helpquot;. --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
The 3rd Annual Consult Hyperion Digital Identity Forum
--- begin forwarded text Status: RO User-Agent: Microsoft-Entourage/10.1.0.2006 Date: Thu, 03 Oct 2002 07:56:39 +0100 Subject: The 3rd Annual Consult Hyperion Digital Identity Forum From: David G.W. Birch [EMAIL PROTECTED] To: Bob Hettinga [EMAIL PROTECTED] Cc: Digital Bearer Settlement List [EMAIL PROTECTED] Dear All, See www.digitalidentityforum.com for more details. Speakers include Microsoft and Liberty Alliance, UK central and local government, law enforcement, financial services (Egg and RBS/NatWest), EC Research Centre, a psychologist and others. Look forward to seeing you there. Regards, Dave Birch. -- -- David Birch, Director, Consult Hyperion -- -- tel +44 (0)1483 301793, fax +44 (0)1483 561657 -- mail [EMAIL PROTECTED], web http://www.chyp.com -- -- See you at the 2nd Annual Digital Transactions Forum in Singapore -- October 16th/17th 2002, see http://www.digitaltransactionsforum.com/ --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
VeriSign Sells CALEA-Ware to Arrival, Cellular Mobile Systems,and First Cellular
in commerce and communications with confidence. VeriSign's digital trust services create a trusted environment through four core offerings -- Web presence services, security services, payment services, and telecommunication services -- powered by a global infrastructure that manages more than seven billion network connections and transactions a day. Additional news and information about the company is available at www.verisign.com. Contacts Media Relations: Penny Thomas, [EMAIL PROTECTED], 360-493-6724 Investor Relations: Steven Gatoff, [EMAIL PROTECTED], 650-426-4560 Statements in this announcement other than historical data and information, including but not limited to, statements regarding benefits of VeriSign's restructuring and new service offerings, constitute forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. These statements involve risks and uncertainties that could cause VeriSign's actual results to differ materially from those stated or implied by such forward-looking statements. The potential risks and uncertainties include, among others, VeriSign's limited operating history under its current business structure, the risk that businesses of previously-acquired companies as well as other businesses will not be integrated successfully and unanticipated costs of such integration; uncertainty of future revenue and profitability and potential fluctuations in quarterly operating results; the ability of VeriSign to successfully develop and market new services and customer acceptance of any new services; the risk that VeriSign's announced strategic relationships may not result in additional products, services, customers and revenues; increased competition and pricing pressures; risk that the company may not be able to achieve anticipated cost savings from the restructuring; and risks related to potential security breaches. More information about potential factors that could affect the company's business and financial results is included in VeriSign's filings with the Securities and Exchange Commission, including in the company's Annual Report on Form 10-K for the year ended December 31, 2001 and quarterly reports on Form 10-Q. VeriSign undertakes no obligation to update any of the forward- looking statements after the date of this press release. MAKE YOUR OPINION COUNT - Click Here http://tbutton.prnewswire.com/prn/11690X59942075 SOURCE VeriSign, Inc. -0- 10/02/2002 /CONTACT: media, Penny Thomas, +1-360-493-6724, or [EMAIL PROTECTED], or investors, Steven Gatoff, +1-650-426-4560, or [EMAIL PROTECTED], both of VeriSign, Inc./ /Web site: http://www.verisign.com/ » Lycos Worldwide © Copyright 2002, Lycos, Inc. All Rights Reserved. Lycos® is a registered trademark of Carnegie Mellon University. About Terra Lycos | Help | Jobs | Advertise | Business Development Your use of this website constitutes acceptance of the Lycos Privacy Policy [Updated] and Terms Conditions -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[SIMSOFT] machine shop -Biometrics Slouches Toward the Mainstream
the iris for the account holder that's on file. Used in this manner, biometrics can be exceedingly accurate-especially if it is used in conjunction with a second factor, such as a smart card, PIN or password. Alternatively, biometrics can be used to identify a person from a database of thousands or millions-the so-called one-to-many application. This is the way that biometric face ID systems from companies such as Viisage and Visionics (now called Identix) are being used at airports to scan for known terrorists. The computer has a database of known bad guys, and it consults the entire database as each potential traveler walks by. Those systems are inherently less accurate than one-to-one because the chances of a mismatch, or false positive, are proportional to the size of the database. On the surface, biometrics seem like the perfect tools for authenticating computer users. The fingerprint systems developed and refined for law enforcement are not the fingerprint readers that are making their way onto desktop computers. Unlike passwords, a biometric print can't be forgotten-no more passwords written on yellow sticky notes-and bioprints can't be shared, sold or stolen by social engineering. Indeed, that's one of the reasons that I bought an ECCO voice-print lock for my front door: I was renting out a spare room in the house, and with the biometric reader, I never had to change my house's locks. But biometrics are not foolproof: A person's bioprint can be captured, copied and then fraudulently submitted for verification. For this reason, readers need to have some sort of built-in security to make sure that they are actually performing a live scan; encryption should be used to protect data as it travels from the reader to the database; and the verification software should reject attempts that are too close a fit. Meanwhile, experienced biometric scientists know that they should never use a fingerprint scanner that doesn't have a pulse detector or some other way to detect the culpable use of a severed digit. Be very wary if you hear a company boasting about its system for biometric encryption. Because a biometric print will never read exactly the same way twice, biometric encryption systems need some form of error correction so that encrypted data can actually be decrypted at a later point in time. This error correction makes it easier for an attacker to guess the correct encryption key, since a close guess will be corrected. An even bigger problem with those systems: If your key is compromised, there is no way to change your fingerprint. Better for Doors Than Windows That's why I'm a big fan of using biometrics for physical access control-such as the front door lock that I had for so many years. Besides preventing people from sharing or duplicating keys, the lock made it clear to visitors that I took security seriously. Deploy a fingerprint-based time-card reader at a supermarket and you can be sure that clerks won't be punching each other's time cards. Likewise, a hand geometry reader installed at an airport will prevent an $8/hour employee from giving the access code to a terrorist or selling a card for a few thousand dollars (and then reporting the card lost a few hours later). Even better, those systems are sold today as sealed, stand-alone units, which makes them both more reliable and more resistant to attack than bioprint readers on Internet-connected computers. Within the coming months, expect to see live-scan fingerprint readers turning up in laptops and cell phones. Integration done by the manufacturer will reduce cost-ultimately to $25 or less-and increase the chances that those systems will actually work as intended. If they do, and if they are accepted by end users, then biometrics might take off in the coming years. If not, biometrics will probably be sent back to the labs for another decade of RD. Simson Garfinkel, CISSP, is a technology writer based in the Boston area. He is also CTO of Sandstorm Enterprises, an information warfare software company. --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Reversible data hiding
--- begin forwarded text Status: RO Date: Mon, 23 Sep 2002 21:39:53 -0400 To: undisclosed-recipient:; From: Monty Solomon [EMAIL PROTECTED] Subject: Reversible data hiding Xerox, University of Rochester Researchers Discover Better Way to Embed, Remove Hidden Data in Digital Images - Sep 23, 2002 09:34 AM (BusinessWire) ROCHESTER, N.Y.--(BUSINESS WIRE)--Sept. 23, 2002--Scientists from the University of Rochester and Xerox Corporation (NYSE:XRX) have invented a new way to hide information within an ordinary digital image and to extract it again -- without distorting the original or losing any information. Called reversible data hiding, the new technique will solve a dilemma faced by digital image users, particularly in sensitive military, legal and medical applications. Until now they have had to choose between an image that's been watermarked to establish its trustworthiness and one that isn't watermarked but preserves all the original information, allowing it to be enlarged or enhanced to show detail. When information is embedded using the newly discovered method, authorized users can do both. The technique, described in a paper that will be presented at the IEEE 2002 International Conference on Image Processing here on Sept. 24, was co-developed by Mehmet U. Celik and A. Murat Tekalp of the university and Gaurav Sharma and Eli Saber of Xerox. Their collaborative research was done in the Center for Electronic Imaging Systems (CEIS), a New York State Office of Science, Technology and Academic Research designated center for advanced technology. ... - http://finance.lycos.com/home/news/story.asp?story=28782313 --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: unforgeable optical tokens?
--- begin forwarded text Status: RO User-Agent: Microsoft-Entourage/10.1.0.2006 Date: Sun, 22 Sep 2002 14:40:58 +0100 Subject: Re: unforgeable optical tokens? From: David G.W. Birch [EMAIL PROTECTED] To: Bob Hettinga [EMAIL PROTECTED], Digital Bearer Settlement List [EMAIL PROTECTED] On 20/9/02 6:09 pm, Perry e-said: A couple of places have reported on this: http://www.nature.com/nsu/020916/020916-15.html An idea from some folks at MIT apparently where a physical token consisting of a bunch of spheres embedded in epoxy is used as an access device by shining a laser through it. I remember being shown a similar system from a Dutch company four or five years ago. Same idea, except that they were using the alignment of fibres trapped in the resin (rather than bubbles). It's an interesting way of making an unforgeable token, but I think its practical applications are more in brand protection (labels for designer sunglasses and so on) rather than in cryptography. Regards, Dave Birch. -- -- My own opinion (I think) given solely in my capacity -- as an interested member of the general public. -- -- mail dgw(at)birches.org, web http://www.birches.org/dgwb --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
NSP Security List
--- begin forwarded text Status: RO From: Barry Raveendran Greene [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: NSP Security List Date: Mon, 16 Sep 2002 19:46:32 -0700 Sender: [EMAIL PROTECTED] Hello Everyone, Thanks to Jared's sponsorship, we are creating a nsp-* mailing list for the NSP Security Operations community. We will use the nsp-security for NSP security coordination and consultation. We expect most of the consultation to be on procedures, polices, tools, mitigation techniques, and other proactive activities. We will also try to use the list as an incident response alias - tracking and mitigating attacks in progress. Membership to the alias will be restricted to those actively mitigating of NSP Security incidents. Therefore, it will be limited to operators, vendors, researchers, and FIRST team and other people in the NSP operations community working to stop attacks. That means no press and (hopefully) none of the bad guys. We will use a simple trust/peering relationship used on some of the other aliases. This model is not as secure as an encrypted conversation, but better than a wide-open public dialog. We will establish the trust by asking members of the list to vouch for new subscriber requests. If the list administrators know the person, then they can vouch for them. Yes, we have had similar security lists in the past. With nsp-security we will connection the E-mail dialog with face-to-face meetings in the operations conferences. The first meeting is the ISP Security BOF at the next NANOG. Like NANOG's Peering BOF, the ISP Security BOF is a facilitation tool ... bring together people living with the daily pain of ISP Security incidents. So the hope is the combination of face-to-face and private E-mail list will help use take forward steps. So apply for subscription, send a note to: [EMAIL PROTECTED] with the word subscribe in the subject or body of the message. Alternatively, you can use the web page at: http://puck.nether.net/mailman/listinfo/nsp-security Barry PS - Looking for a couple more volunteers to help as administrators. ~ Barry Raveendran Greene| ||||| Senior Consultant | ||||| CTO Corporate Consulting | | | ..:||:..:||:.. | e-mail: [EMAIL PROTECTED] | C i s c o S y s t e m s | Phone: +1 408 525-8089 ~ --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Interests of online banks and their users [was Re: Cryptogram: Palladium Only for DRM]
At 1:07 PM -0700 on 9/17/02, [EMAIL PROTECTED] wrote: As far as I know, banks assume that a certain percentage of their transactions will be bad and build that cost into their business model. Credit and ATM cards and numbers are as far from secure as could be, far less secure than somebody doing online transactions from a Wintel machine on an unencrypted connection, let alone an encrypted one. Until somebody takes full advantage of the current system and steals a few trillion dollars in one day, the problems are easier to deal with than a solution. Until that happens, there's no reason for banks to go through the pain of dealing with or requiring Pd. I wouldn't go that far. While Pd. -- and a certain long-term ejaculative (look it up...) denizen of my kill-file -- is pretty much a disingenuous shuck, greed is an amazing thing. The lowest cost producer of anything, transactions, say, will not only make more money than its competitors, but they will also *survive* longer than anyone else. To quote, um, Stalin, quantity has a quality all its own. So, if strong financial cryptography gives us the lowest *risk-adjusted* cost per transaction by some very large amount, the market will adopt it just as quickly as if confronted with a threat that only strong cryptography can remedy. As software (in the http://www.nobel.se/economics/laureates/1992/ Gary Becker sense, things that can be more or less perfectly copied) and wetware (valuable opinion, for lack of a better word) become more important compared to hardware (stuff, discovered, extracted, or built), the more valuable strong, secure, (geodesic :-)) networks and (bearer :-)) financial cryptography becomes. Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Saturday meeting/BBQ/party--last minute comments
--- begin forwarded text Status: RO Date: Wed, 11 Sep 2002 09:07:41 -0700 Subject: Saturday meeting/BBQ/party--last minute comments From: Tim May [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Last Minute Comments: * Meeting/BBQ/Party at Tim May's house, Saturday, September 14th, 1 p.m. onwards. Formal agenda to start promptly at 2 p.m. * I've had a lot of confirmations (not required, except for lurkers and strangers) from a lot of people, so PARKING is OFFICIALLY BECOMING A PROBLEM. I live at the top of a hill serviced by a one-lane road going from the valley floor up several hundred feet to my driveway above. I have had parties where about 15 cars were in one of several places: -- my own parking lot, handling about 4-5 cars besides my own 2. -- my driveway, handling about 4-6 more cars, depending on whether they block others! -- the side of the road at the very top of the hill, handling 3-5 other cars -- the rest, I'm not sure where they parked! * Those who arrive earliest will of course get the best parking, but may also get hemmed in (blocked) by later arrivals. (FILO) * OK, so you've again been warned. TRY TO CARPOOL. Twelve cars carrying 2-3 people each will give us a normal 20-30 person attendance. Twenty or thirty cars will be a disaster. * About 8 people, counting couples, have contacted me about sleeping space. The two spare bedrooms are spoken for, and the sofas are spoken for. For those who still want to stay over, there's some space on the floor. Be sure if you think you might stay to bring a sleeping bag or blankets, etc. Also, you may need to go out and move your car around if others are blocked. * Directions again follow. * Several interesting talks are expected...more can be done ad hoc. In addition, I hope we can talk about meaty issues of where things are going, besides just the usual griping about new laws. Cypherpunks write code. I look forward to seeing you there! --Tim Getting to Tim May's house in Corralitos: 427 Allan Lane (MapQuest works well). 831-728-0152 From Santa Cruz, south on Highway 1. Take Freedom Boulevard exit in Aptos. Go inland, on Freedom Blvd. Travel about 5 miles, to first stop sign. Take a left on Corralitos Road. At the the next stop sign, the Corralitos Market (good sausages!) will be on your left. Just before the stop sign, bear right on Brown's Valley Road. Cross bridge and then bear left as Brown's Valley Road turns. Travel about one mile to Allan Lane, on the right. Allan Lane is at about the 360 mailbox point on Brown's Valley Road...if you go too far and enter the redwoods, turn back! Drive to top of hill on Allan Lane. At top, bear left, over a small rise, past a house on the left, then down my driveway. My house will be the white stucco semi-Spanish style, with a red Explorer and black Mercedes in the driveway. Note for parties: You can park either in my driveway or at the top of the hill and walk a few hundred feet. Don't block any driveways! From points south of Santa Cruz, take Green Valley Road exit off of Highway 1. Travel about 2 miles to Freedom Boulevard. Turn left. Then right at Corralitos Road. --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[fc] reminder: fc03 deadline approaching
--- begin forwarded text Status: RO From: Rebecca N. Wright [EMAIL PROTECTED] To: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: [fc] reminder: fc03 deadline approaching Sender: [EMAIL PROTECTED] Date: Thu, 5 Sep 2002 16:09:35 -0400 (EDT) The extended, firm, deadline for submitting papers to Financial Cryptography '03 is Monday, September 16th, 2002, at 23:59:59 EST. Information about the conference, including the call for papers and a link to the electronic submissions server (which is now running) are at http://ifca.ai/fc03/ Proposals for panels are also solicited, and should include a brief description of the panel as well as prospective participants. Panel proposals should be submitted via e-mail, in plain ASCII format, to [EMAIL PROTECTED] Questions about paper or panel submissions should be directed to the program chairs at [EMAIL PROTECTED] ___ fc mailing list [EMAIL PROTECTED] http://mail.ifca.ai/mailman/listinfo/fc --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
seeking information for Wired News article
--- begin forwarded text Status: RO From: Danit Lidor [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: seeking information for Wired News article Date: Fri, 6 Sep 2002 13:19:21 -0700 Hi there, I am a reporter at Wired News. We received notice of the upcoming Cypherpunks10th anniversary bash. I am thinking of writing a short article about the history and current status of the cypherpunk community. Obviously, things have changed a lot in the last 10 years. I imagine that you and other cypherpunks would have much to say on the topic. Please feel free to rant and rave to me about whatever you feel would be relevant to this kind of article. When did the Cypherpunks come into existence? Who were the founding members? What was the inital purpose? What kinds of people are involved? Who (socially, i mean, not names!) exactly are the members of the group? How many at any one time? Is it a rotating membership, with people coming and going? There has been a substantial amount of press dedicated to the Cypherpunks, what's been the community response? Have their been internal discussions about the repercussions of the media's involvment and the like? WN has had a very familiar relationship with the cypherpunks - has it been viewed as a positive thing? Have the ideals of the group changed over the years? Are there any manifestos or official statements from the group that I can access? What are the future plans for the cypherpunks? I attempted to access cypherpunks.com but most of the links are dead, why isn't anyone maintaining it? Or is it unrelated to the current community? With whom else are the cypherpunks allied? What do you, personally, have to say about the future of the Internet, privacy, legislation, hacking, phreaking, cyber terrorism, the governement. etc? and finally, who else should I be talking to? Thanks for your time. I am hoping to get the story done before the end of next week (i.e. before the actual party.) Of course, I would never publish the location of the party or any other information that you don't feel comfortable about. Danit Lidor I am also available at 415.276.3925. please leave me a message if I'm away from my desk. I am more than happy to call you back. --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Announcement: Cypherpunks meeting/party/BBQ, Tim May's house (fwd)
--- begin forwarded text Status: RO Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Date: Wed, 4 Sep 2002 19:09:03 +0200 (CEST) From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Announcement: Cypherpunks meeting/party/BBQ, Tim May's house (fwd) -- -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://eugen.leitl.org 83E5CA02: EDE4 7193 0833 A96B 07A7 1A88 AA58 0E89 83E5 CA02 -- Forwarded message -- Date: Wed, 4 Sep 2002 09:54:03 -0700 From: Tim May [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], Bill Stewart [EMAIL PROTECTED] Subject: Announcement: Cypherpunks meeting/party/BBQ, Tim May's house ANNOUNCEMENT: Cypherpunks Meeting and Party/BBQ, Saturday, September 14th, 2002. Tim May's house, Corralitos, California. * WHAT?: Ten years ago this month the first Cypherpunks meeting. Cypherpunks meeting and party. Several interesting talks are planned, though nothing of the usual political action sort. A flexible agenda will be posted at the meeting. I am hoping we can have as stimulating a discussion as we had at our first meetings a decade ago. * WHEN?: Saturday, September 14th, 1 p.m. to late. (A limited amount of people can stay overnight--ask me about it.) Formal talks will probably run for several hours, then the informal and BBQ/party takes over. People can arrive as early as 1 p.m. and hang out, but the formal agenda will start promptly at 2. * WHERE?: Tim May's house in Corralitos, east of Santa Cruz and north of Watsonville. 427 Allan Lane, Corralitos. Detailed driving instructions at the end of this message...or use one of the many mappers on the Net. It takes about an hour to get from Sunnyvale to my house, about 40 miles, so plan your travel accordingly. * WHO?: Cypherpunks and friends who are not narcs or Feds. Contrary to some meetings in the past, this is NOT an open meeting, open to all. That strategy worked OK for some meetings in public places where certain kinds of software were to be distributed. But my house is a private residence. I have nothing against legitimate cops enforcing legitimate laws, but I don't want persecutors traipsing through my house, perhaps planting evidence, looking for signs of illegal activities or grounds for a warrant, etc. This is a PRIVATE RESIDENCE and I intend to escort to the door anyone who is unknown to others. If you are a lurker who doesn't know anybody and you want to attend, send me e-mail and we'll arrange something. * WHAT ELSE?: Parking may be tight. And because of the distance, carpooling with your friends would be good. A cat lives in the house...don't leave any doors open, and tell me if you see him get out. * CHILDREN?: My house is not child-friendly, and I don't have time to make sure nothing dangerous is exposed. Please leave children out of this meeting/party. * FOOD: If you stay for the evening BBQ and party, bring something to share. Don't everyone bring a bag of chips! The Corralitos Market is a popular place for meats, sausages, etc. (Don't everyone bring sausages, either!) And if you drink, remember the drive home. --Tim May (location instructions below) Getting to Tim May's house in Corralitos: 427 Allan Lane (MapQuest works well). 831-728-0152 From Santa Cruz, south on Highway 1. Take Freedom Boulevard exit in Aptos. Go inland, on Freedom Blvd. Travel about 5 miles, to first stop sign. Take a left on Corralitos Road. At the the next stop sign, the Corralitos Market (good sausages!) will be on your left. Just before the stop sign, bear right on Brown's Valley Road. Cross bridge and then bear left as Brown's Valley Road turns. Travel about one mile to Allan Lane, on the right. Allan Lane is at about the 360 mailbox point on Brown's Valley Road...if you go too far and enter the redwoods, turn back! Drive to top of hill on Allan Lane. At top, bear left, over a small rise, past a house on the left, then down my driveway. My house will be the white stucco semi-Spanish style, with a red Explorer and black Mercedes in the driveway. Note for parties: You can park either in my driveway or at the top of the hill and walk a few hundred feet. Don't block any driveways! From points south of Santa Cruz, take Green Valley Road exit off of Highway 1. Travel about 2 miles to Freedom Boulevard. Turn left. Then right at Corralitos Road. --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography
State of Idaho RFP: Digital Authentication Services
--- begin forwarded text Status: RO Date: Tue, 27 Aug 2002 14:18:14 -0400 To: Digital Bearer Settlement List [EMAIL PROTECTED], [EMAIL PROTECTED] From: R. A. Hettinga [EMAIL PROTECTED] Subject: State of Idaho RFP: Digital Authentication Services Sender: [EMAIL PROTECTED] Reply-To: R. A. Hettinga [EMAIL PROTECTED] --- begin forwarded text Status: RO Reply-To: [EMAIL PROTECTED] From: Daniel Greenwood [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: State of Idaho RFP: Digital Authentication Services Date: Tue, 27 Aug 2002 13:02:08 -0400 Hi Bob, Would you be willing to send this to your list? I am trying to get some good vendors to reply. Thanks, - Dan personal snippage == Dear Colleagues, Any vendor offering effective and efficient electronic authentication solutions should consider bidding upon the State of Idaho's recent official Request for Proposals for such services. The State of Idaho is in the process of exciting and important eGovernment initiatives and this RFP will serve as a channel to provide needed digital authentication services toward that end. A copy of the RFP can be found at http://civics.com/id-rfp.htm When the State of Idaho has completed the next phase of their eGovernment evolution, I believe they will serve as a model of innovation that will be of interest to many of the members of this list. I hope that many vendors with appropriate offerings will reply to this RFP and that members of this list will forward this information to all relevant parties. Best regards, - Daniel Greenwood, Special Deputy Attorney General to the State of Idaho for Digital Authentication == | Daniel J. Greenwood, Esq. | Director, E-Commerce Architecture Program | MIT School of Architecture and Planning | 77 Massachusetts Avenue, Room 7-231 | Cambridge, MA 02139 | | http://ecitizen.mit.edu | or http://www.civics.com | [EMAIL PROTECTED] == --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' For help on using this list (especially unsubscribing), send a message to [EMAIL PROTECTED] with one line of text: help. --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
He's Baaaack!
Yee-freakin'-hah! Wherein Dr. C., freed from clutches of the WAVEoids, resumes the fight for Truth, Justice, and the PGP Way... Outstanding. Congratulations, Jon. Go get 'em. Cheers, RAH -- http://www.pgp.com/cto.php CONTACT US | CAREERS PGP Corporation Products Purchase Partners Support International About Us PRODUCTS Letter from CEO Letter from CTO Customer Transition Information Perpetual License Announcing PGP 8 Schedule of PGP Events The report of my death has been greatly exaggerated. -- Mark Twain It is with great pleasure that I get to write this letter. As you can see from our Media Release and announcement of PGP 8.0, PGP is alive and very well, with substantive plans for the future. There is a FAQ elsewhere on the web site that describes many of the nuts and bolts details about the new PGP Corporation. As the CTO, I know that we have a large, technically savvy user base that cares deeply about our products. This letter is for you. As in Phil's CEO letter, you will see we are focusing on three themes - continuity, relationship, and innovation. First of all continuity - you will be glad to hear that we will publish source code. This is very important to us. It's very important to our investors, too. They understand that one of the main reasons people trust PGP is that its source is available. Our forthcoming source release will be for PGP 8. We also believe in the OpenPGP protocols and standards. We actively support the IETF as well as other organizations that help spread the use of the technology. There will also be a freeware release of PGP 8. As always, you'll be able to use PGP free for non-commercial use. However, if you use PGP for commercial purposes -- which means that you're using it for something that makes you money -- then please buy it. Second, about relationship. Much of the passion in the worldwide crypto community comes from strongly held beliefs that quality crypto such as PGP is necessary and important. For our joint relationship to work, we need a fair exchange of value so that we can continue building products with the quality you've come to expect from PGP. If you think what we are doing -- and how we are doing it -- is important, and you're using our technology for your profit, please pay for it. This is especially important to us because we publish our source code. We have been told that publishing source code and freeware leads to unpaid software licenses. Help us prove the cynics wrong. Third, about innovation. We have a lot of ideas about how we can make PGP better, and we hope you'll find them as exciting as we do. These new technologies will start showing up in less than a year, focused on improving PGP's ease of use. I look forward to discussing these with you and getting your input. Thank you for being interested enough in PGP's ongoing success to read this far. I hope you're looking forward to PGP's future as much as we are. Jon Callas CTO PGP Corporation Copyright © 2002 PGP Corporation. All Rights Reserved. Privacy Statement -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[ISN] Cybersecurity should be kept in civilian hands
--- begin forwarded text Status: RO Date: Mon, 19 Aug 2002 07:40:25 -0500 (CDT) From: InfoSec News [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [ISN] Cybersecurity should be kept in civilian hands Sender: [EMAIL PROTECTED] Reply-To: InfoSec News [EMAIL PROTECTED] http://www.boston.com/dailyglobe2/230/business/Cybersecurity_should_be_kept_in_civilian_hands+.shtml By Whitfield Diffie and Susan Landau, 8/18/2002 In the wake of Sept. 11, we're all agreed on the need to protect critical infrastructure - telecommunications, electric power, transportation, banking, and finance. We also know much of that infrastructure depends on the Internet, so cybersecurity will be a critical concern of the proposed Department of Homeland Security. The only question: How best to achieve it? The administration's plan has the FBI's National Infrastructure Protection Center, the Commerce Department's Critical Infrastructure Protection Office, and the GSA's Federal Computer Incident Response Center all moving over to the new Department of Homeland Security. That's appropriate. But the plan also includes moving the Commerce Department's Computer Security Division (part of the National Institute of Standards and Technology) to Homeland Security. That move would be a big mistake. The Computer Security Division's job is to develop security standards and technology for the protection of sensitive information in government and the private sector. The problem with moving this division into Homeland Security is that the civilian side of the world doesn't work the same way as the classified side. A case in point: Computer security outside the national security community has been a Commerce Department responsibility since 1967, but in the 1980s, a challenge to that authority arose. The National Security Agency, which provides information security for classified government information, felt it had more expertise. So the NSA pressed banks to adopt its systems, the workings of which were classified, over the publicly released Data Encryption Standard. But banking standards are international. There was no way other countries would accept information security standards they couldn't verify. The NSA's efforts set the banks' standards efforts back 16 months. The 1980s and '90s saw many battles over the Computer Security Division's cryptography standards, with national security and law enforcement arrayed on one side, industry and the public on the other. In a study titled ''Cryptography's Role in Securing the Information Society,'' the National Research Council found the result was a delay in the deployment of secure systems - exactly the opposite of what is needed now. These days the Computer Security Division has learned how to develop computer security standards in an open environment, thus smoothing the path to widespread international use. It is well suited by tradition, reputation, and structure to do this. Its recent successes include approval of the algorithm Rijndael, designed by two Belgian cryptographers, as the new Advanced Encryption Standard (AES). This Federal Information Processing Standard was the culmination of a four-year effort by the Computer Security Division. The result is an algorithm that is well accepted internationally and likely to be rapidly adopted. The bottom line is this: We haven't got the 16 months that banking lost when NSA tried to involve itself in issues properly belonging to the civilian world. As recently reported in the national press, Al Qaeda has been exploring cyberattacks. The Department of Homeland Security needs to have the resources to prevent them. It may, for example, need additional cybersecurity expertise for determining appropriate standards for systems controlling critical infrastructure components, much like the Treasury Department's standards for electronic funds transfer, which mandate the use of the Data Encryption Standard, the predecessor to AES. But the Computer Security Division is effectively doing its job improving computer security for public systems. Moving it to a department controlled by law enforcement and national security would diminish its effectiveness. It would, in short, leave us less secure in cyberspace, not more. Sun Microsystems' Whitfield Diffie, chief security officer, and Susan Landau, senior staff engineer, are co-authors of ''Privacy on the Line: the Politics of Wiretapping and Encryption'' (MIT Press, 1998). Diffie is the coinventor of public-key cryptography. This story ran on page E4 of the Boston Globe on 8/18/2002. - ISN is currently hosted by Attrition.org To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn' in the BODY of the mail. --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end
Re: Thanks, Lucky, for helping to kill gnutella
I'm genuinely sorry, but I couldn't resist this... At 12:35 PM -0400 on 8/11/02, Sean Smith wrote: Actually, our group at Dartmouth has an NSF Trusted Computing grant to do this, using the IBM 4758 (probably with a different OS) as the hardware. We've been calling the project Marianas, since it involves a chain of islands. ...and not the world's deepest hole, sitting right next door? ;-) Cheers, RAH --Sean If only there were a technology in which clients could verify and yes, even trust, each other remotely. Some way in which a digital certificate on a program could actually be verified, perhaps by some kind of remote, trusted hardware device. This way you could know that a remote system was actually running a well-behaved client before admitting it to the net. This would protect Gnutella from not only the kind of opportunistic misbehavior seen today, but the future floods, attacks and DOSing which will be launched in earnest once the content companies get serious about taking this network down. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Thanks, Lucky, for helping to kill gnutella (fwd)
At 1:03 AM +0200 on 8/10/02, Some anonymous, and now apparently innumerate, idiot in my killfile got himself forwarded to Mr. Leitl's cream of cypherpunks list: They will protect us from being able to extend trust across the network. As Dan Geer and Carl Ellison have reminded us on these lists and elsewhere, there is no such thing as trust, on the net, or anywhere else. There is only risk. Go learn some finance before you attempt to abstract emotion into the quantifiable. Actual numerate, thinking, people gave up on that nonsense in the 1970's, and the guys who proved the idiocy of trust, showing, like LaGrange said to Napoleon about god, that the capital markets had no need that hypothesis, Sire ended up winning a Nobel for that proof the 1990's*. Cheers, RAH *The fact that Scholes and Merton eventually ended up betting on equity volatility like it was actually predictable and got their asses handed to them for their efforts is beside the point, of course. :-). -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[SIMSOFT] Protecting Privacy with Translucent Databases
involves the creation of a database system for a community baby-sitter reservation system. Clearly, there's a lot of damage that somebody could do with a database of parents who are away from home, teenage baby sitters, and vulnerable children. But Wayner shows how you can use a combination of hash functions and digital signatures to store all of that information in a database, so that it's simply not possible for anyone other than authorized users to get it out. You can find out more about translucent databases at http://www.wayner.org/books/td/Wayner's Web site. And if you want to apply to Yale, you can find out more information at http://www.yale.edu/admit/http://www.yale.edu/admit/. http://www.oreillynet.com/pub/au/355Simson Garfinkel is a developer with 24 years of programming experience, the author or coauthor of 12 books, an entrepreneur, and a journalist. He is the founder and Chief Technology Officer of Sandstorm Enterprises, a Boston-based firm that develops state-of-the-art computer security tools. Return to the http://www.oreillynet.com/O'Reilly Network. --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [SIMSOFT] Protecting Privacy with Translucent Databases
--- begin forwarded text Status: RO Date: Sat, 3 Aug 2002 20:36:04 -0400 To: R. A. Hettinga [EMAIL PROTECTED], Digital Bearer Settlement List [EMAIL PROTECTED], [EMAIL PROTECTED] From: Peter Wayner [EMAIL PROTECTED] Subject: Re: [SIMSOFT] Protecting Privacy with Translucent Databases I'm glad commentators are beginning to point out that more care should be put into protected personal information. However, solution proposed in this article seems to me to be more complicated than necessary. I can't find any legitimate reason why colleges should need your SSN when deciding whether to admit you. They get away with it because they can, but that doesn't mean they are right to do so. It seems to me that a much more privacy-friendly solution would be to simply refrain from asking for sensitive personal information like SSN and date of birth -- name and a random unique identifier printed on the application form ought to suffice. (If SSN is later needed for financial aid purposes, it could be requested after the student decides to matriculate.) Am I missing anything? Yes, a random nonce would be fine in many cases. The hash of the SSN, the birthday, or combination, however, is much easier for a person to remember. The random nonce requires a person to keep a copy. That may be good practice, but it's not always practical. Hard disks crash. Buildings burn down. Etc. Hashing can also be quite flexible. In this case, PU might store SHA(Yale sux+ssn) while YU might store SHA(Princeton sux+ssn) in their databases. ('+' means concatenation.) The results would be quite different and the databases couldn't be cross linked. But if someone knows their ssn, they can call up the records quickly. There are many limitations to this approach as there are limitations in all cryptography, but I think it has a few advantages that are well worth the few extra cycles for the hash function. If this computation is done on the client machine, the results are quite secure even without SSL protecting the link. This is actually fairly easy to implement with a Java applet. --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
ZKS Pulls IPO
http://www.forbes.com/newswire/2002/08/02/rtr684925.html Internet security firm pulls planned IPO Reuters, 08.02.02, 8:52 AM ET MONTREAL, August 2 (Reuters) - Zero-Knowledge Systems Inc. pulled the plug on Friday on a planned initial public offering, saying it will instead use a recently completed private financing to fund growth for its Internet security software business. Privately held Zero-Knowledge, a high-flyer during the technology boom that attracted heavy media and industry attention, did not disclose the value of the financing. With the downturn in public market conditions since we began the process of a public offering 10 weeks ago, our investors, management and board of directors no longer felt that raising money in the public markets was the best option, said Chief Executive Tamas Hevizi in a statement. The Montreal-based company said it has signed several important sales in the past six months, including Hewlett-Packard Co. (nyse: HPQ - news - people), Telus Corp. T.TO and France Telecom FTE.PA. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
STOS Conference, Monterey 8/26 - 30
--- begin forwarded text Status: RO Subject: STOS Conference, Monterey 8/26 - 30 From: Ron Dumont [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Date: Fri, 2 Aug 2002 10:24:41 -0700 [STOS] - The Secure Trusted Operating System Consortium is pleased to announce the: 1st Annual - Mac OS X BSD Security Symposium Monday, August 26, 2002 - Friday August 30, 2002 Hyatt, Monterey, CA (across the street from the Naval Post Graduate School) http://www.stosdarwin.org/event/mont02/ Keynote Speaker (Wednesday morning) Keith T. Schwalm Director of Infrastructure Protection President's Critical Infrastructure Protection Board The symposium is targeted to system and lab administrators, programmers, developers, strategists, and other technical staff involved in the deployment and securing of computer systems. Past [STOS] events have been a networking frenzy for the Mac OS X / Darwin security community. This Mac OS X BSD Security Symposium will follow in the footsteps of previous [STOS] events by promoting the sharing of ideas and techniques with the goal of maximizing the security of involved systems. With the addition of Robert Watson's TrustedBSD tutorial and several new papers on various aspects of BSD based services, brings even more excitement to this event. There is no other event with the same depth of Mac OS X and BSD Security subject matter as the Mac OS X and BSD Security Symposium. Top 5 Reasons to attend: (1) Only place you can get an in-depth tutorial on using TrustedBSD with Robert Watson of Network Associates Laboratories and the FreeBSD Core Team (2) Only place you will find training on Apple's implementation of CDSA directly from Apple's data security team (3) Unparalleled networking opportunities with those interested in all aspects of Mac OS X / Darwin and BSD security. (4) Birds of a Feather events every night. (5) When else do you get to spend 5 days, during the best time of the year, in the legendary beauty of Monterey, California? Just a few of the top Tutorials: * Building Secure Software John Viega, Chief Technical Officer, Secure Software Solutions * Introduction to the architecture, design, and implementation of TrustedBSD Robert Watson, founder, and head of the TrustedBSD Project * Introduction to Smart Cards in Darwin and Mac OS X Data Security Team, Apple * Introduction to CDSA and Layered Services Data Security Team, Apple * Intro to PKI with Entrust Entrust Implementation Engineers * Mac OS X Forensics Derrick Donnelly, IST Security Manager, Apple Conference Dates Monday, August 26, 2002, through Friday August 30, 2002 Tutorials Monday August 26, through Tuesday August 27, 2002 Research and Proposals Research Papers and Proposals from Wednesday, August 28 through Friday August 30, 2002 Registration http://shopping.oraclesmallbusiness.com/events Pricing Discount Deadline: August 10, 2002 Full Pass - $795.00 - 2 days of tutorials - 3 days of research - 5 days of nightly BOF's Research Pass - $299.00 - 3 days of research - 3 days of BOF's After August 10, 2002 prices go up to Full Pass - $995.00 Research Pass - $499.00 *NOTE: Limited to the first 150 About the [STOS] Consortium [STOS] Website: http://www.stosdarwin.org/ The [STOS] Consortium represents the formal coordination of Public, Private and Academic sectors in an environment of open collaboration to enhance the security of Operating Systems built on the Darwin Open Source project at Apple. We look forward to seeing you all in Monterey, CA ! Shawn Geddis Chairman, [STOS] Consortium [EMAIL PROTECTED] [STOS] Secure Trusted OS Consortium Website:http://www.stosdarwin.org/ Mail Lists: http://lists.stosdarwin.org/ ___ Discuss mailing list [EMAIL PROTECTED] http://www.opendarwin.org/mailman/listinfo/discuss --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[fc] Financial Cryptography 2003 CFP
--- begin forwarded text Status: RO From: Rebecca Wright [EMAIL PROTECTED] To: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: [fc] Financial Cryptography 2003 CFP Sender: [EMAIL PROTECTED] Date: Wed, 24 Jul 2002 23:13:20 -0400 (EDT) Call for Papers Financial Cryptography '03 January 27-30, 2003 La Creole Beach Hotel, Gosier, Guadeloupe Sponsored by the International Financial Cryptography Association Original papers are solicited on all aspects of financial data security and digital commerce for submission to the Seventh Annual Conference on Financial Cryptography (FC '03). FC '03 brings together researchers in the financial, legal, cryptologic, and data security fields to foster cooperation and exchange of ideas. Relevant topics include: Anonymity Infrastructure Design Auctions Legal and Regulatory Issues Audit and AuditabilityPayments and Micropayments Authentication and Identification Peer-to-Peer Systems Certification and Authorization Privacy Commercial Transactions and Contracts Reputation Systems Digital Incentive Systems Risks Management Digital Rights Management Secure Banking Identity Management Smart Cards Implementation Issues Trust Management Information Economics Watermarking We are particularly interested in novel approaches, such as game-theoretic or economic approaches, to these topics. Instructions for Authors: Complete papers (or complete extended abstracts) must be at most fifteen (15) single-spaced standard pages in length and must be received by 23h59 EST on September 13, 2002. All papers must be submitted electronically. (In exceptional circumstances, paper submissions can be accepted, but special arrangements must be made with the program chairs prior to September 1, 2002.) Papers must be in either standard PostScript or PDF format, and should be submitted electronically according to the instructions at http://ifca.ai/fc03/ prior to the deadline. Submissions in formats other than PostScript or PDF, including word processor source formats such as MS Word or LaTeX, will be rejected. Submitted papers should include on the first page the title, all authors and their affiliations, a brief abstract, and a list of topical keywords. Papers must describe original work. Submission of previously published material and simultaneous submission of papers to other conferences or workshops with proceedings is not permitted. Authors of papers found to be double submissions risk having all their submissions withdrawn from consideration, as well as any other appropriate sanctions. Proposals for panels are also solicited, and should include a brief description of the panel as well as prospective participants. Panel proposals should also be submitted electronically, in plain ASCII format. The conference proceedings containing all accepted papers will be published in the Springer-Verlag Lecture Notes in Computer Science (LNCS) series after the conference. A pre-proceedings containing preliminary versions of the papers will be distributed at the conference. Important Dates: Conference January 27 - 30, 2003 Submission deadline September 13, 2002, 23h59 EST Author notification November 11, 2002 Pre-proceedings version due December 16, 2002 Proceedings version due March 31, 2003 General Chair: David Pointcheval (Ecole Normale Superieure) Program Chairs: Jean Camp (Harvard University) and Rebecca Wright (Stevens Institute of Technology) Program Committee: Chris Avery (Harvard Universiy) Helger Lipmaa (Helsinki University of Technology) Dan Burk (University of Minnesota) Dahlia Malkhi (Hebrew University of Jerusalem) Lorrie Cranor (ATT Labs) Satoshi Obana (NEC) Carl Ellison (Intel Labs) Andrew Odlyzko (University of Minnesota) Ian Goldberg (Zero Knowledge) Benny Pinkas (DIMACS) John Ioannides (ATT Labs) Jacques Stern (Ecole Normale Superieure) Markus Jakobsson (RSA Laboratories) Gene Tsudik (U. C. Irvine) Ari Juels (RSA Laboratories) ___ fc mailing list [EMAIL PROTECTED] http://mail.ifca.ai/mailman/listinfo/fc --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[Mac_crypto] Hello and welcome back
--- begin forwarded text Status: RO To: [EMAIL PROTECTED] From: Vinnie Moscaritolo [EMAIL PROTECTED] Subject: [Mac_crypto] Hello and welcome back Sender: [EMAIL PROTECTED] Date: Fri, 26 Jul 2002 16:18:03 -0700 hello everyone and welcome back to the new and improved Mac Crypto list. we are now running on a (sigh) Mac OS-X system with postfix/mailman etc. I would first like to remind all that the list address has changed to mac_crypto from mac-crypto.. a subtle but necessary change.. A little bird tells me that we will have some exciting macintosh crypto news in the next few weeks so stay tuned.. and in the meantime enjoy the list! -- Vinnie Moscaritolo ITCB-IMSH PGP: 3F903472C3AF622D5D918D9BD8B100090B3EF042 --- ___ mac_crypto mailing list [EMAIL PROTECTED] http://www.vmeng.com/mailman/listinfo/mac_crypto --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
The NSA Draws Fire
http://www.time.com/time/nation/printout/0,8816,322587,00.html Saturday, Jul. 20, 2002 The NSA Draws Fire A scathing House report charges the agency is badly mismanaged BY DOUGLAS WALLER The FBI and the CIA have come under plenty of fire for their failure to prevent 9/11. Now, it seems, it?s the turn of the National Security Agency (NSA). The agency, whose job is to protect U.S. government information and ferret out foreign secrets, has already drawn criticism for being slow to analyze two cryptic messages it intercepted last Sept. 10, warning that something big was going to happen the next day. Now a scathing report issued by the House Intelligence Committee has concluded that the agency is badly mismanaged - congressional sources tell TIME - which resulted in its failing to provide tactical and strategic warning of Sept. 11. The intelligence panel's Subcommittee on Terrorism and Homeland Security, which released an unclassified summary of its report last week, found that the NSA is unable to identify how it spends the money it gets from Congress each year to any level of detail. A number of its projects duplicate one another, the report said. And while the NSA had listened in on large volumes of phone calls from the part of the world [where] al-Qaeda was located, says Representative Saxby Chambliss, who chairs the terrorism subcommittee, the problem was, they didn't focus on al-Qaeda, so that those messages could be identified and processed quickly. Another problem is that the cash-strapped agency, which spent billions on cold war?era satellites, hired no new employees for an extended period of time before Sept. 11. That was a big mistake, the subcommittee believes, because the NSA was already chronically short of computer scientists, engineers and foreign-language experts. The NSA even established incentive programs to entice more employees to take early retirement. What's worse, the agency's overworked linguists and analysts were allowed to continue taking advantage of the early-retirement program - even after Sept. 11. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
MS white paper says Palladium open, clean, not DRM
http://www.theregister.co.uk/content/4/26231.html MS white paper says Palladium open, clean, not DRM By John Lettice Posted: 17/07/2002 at 09:25 GMT A final draft of Microsoft's Palladium consultation white paper appears to have escaped, and is currently being hosted by Neowin.net. Microsoft intends to open Palladium up for discussion, but it's not as yet clear to us whether this means it will be distributing the white paper to all and sundry, or whether it envisages a more restricted distribution list. In any event we haven't been able to nail down anywhere on the Microsoft site you can get it,* or any mention of the Microsoft Content Security Business Unit, which authored it. There's much in the paper that's interesting, and it's even interesting that it's in PDF format, rather than Word - the authors are clearly having a bash at being ecumenical. Palladium, it stresses, is not an operating system, but a collection of trusted subsystems and components that are opt-in. You will not get the advantages of Palladium if you don't opt in, of course, but you don't have to. It's als some years off, but one of the objectives is to make a Windows-based device a trustworthy environment for any data. Which is a tall order. Software will have to be rewritten or specially developed to take advantage of Palladium, and software of this class is referred to as a Trusted Agent. Users will be able to separate their data into realms, which are analogous to vaults and can have varying access and security criteria. The system does not need to know who you are, indeed doesn't really want to know who you are, because it's about verifying the identity of machines. So a company could identify an employee's home machine for secure operation remotely on the corporate network. Then it gets really interesting. Palladium will not require Digital Rights Management (DRM) technology, and DRM will not require Palladium... They are separate technologies. Now, we know they don't need to be separate technologies, we know that Palladium could enhance DRM considerably, and we suspect that at least some people at Microsoft would take this route if they thought they could get away with it. But the authors here seem to have concluded that Palladium will not fly if it has a whiff of DRM about it, and are determined to distance themselves. This is good, people, if we all keep shouting 'DRM bad!' they stand a chance of not having their minds changed for them. Deeper into the Department of Bizarre Revolutions we have: A Palladium system will be open at all levels. The hardware will run any TOR (Trusted Operating Root), the TOR will run trusted agents from any publisher, will work with any trusted service provider, (the authors envisage this as a new service category) and it'll all be independently verified. TOR source code will be published, Palladium will be regularly examined by a credible security auditor and anyone can certify Palladium hardware or software, and we expect that many companies and organizations will offer this service. Of course, right now these are only words, the terms and conditions for publication, verification and auditing haven't been revealed, and Microsoft has a long and inglorious record in Untrustworthy Industry Leadership to overcome before we entirely buy the Trustworthy Computing pitch. However, as far as it goes, this little lot sounds plausible. If it were any other company, you might even be inclined to take it at face value. Keep talking, people, and prove you mean it. ® -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]