[no subject]

[Don]

Do you want a cheap Watch?
http://ftf.dimur.com

matilda

[Randal Stern]

Notification Alert:

Thank you for your inquiry, we have been notified that two lenders are 
interested in offering you a deal. Remember, for this special offer past credit 
history is not a factor.  

In accordance with our terms please verify your information on our secure and 
private site to ensure our records are accurate.


http://www.mtgz.net/index2.php?refid=windsor


Have a Great Holiday Season

--Randal Stern
Senior Consultant - Low-Rate Advisors Inc.







If this email has reached you in error please let us know...thx
http://exit.nomoreissuess.com

[no subject]

[Matthew]

Do you want a cheap Watch?
http://tzv.dimur.com

VIRUS (Worm.Mydoom.Gen-1) IN MAIL FROM YOU

[amavisd-new]

VIRUS ALERT

Our content checker found
virus: Worm.Mydoom.Gen-1
in email presumably from you (<[EMAIL PROTECTED]>), to the following 
recipient:
-> [EMAIL PROTECTED]

Please check your system for viruses,
or ask your system administrator to do so.

Delivery of the email was stopped!


For your reference, here are headers from your email:
- BEGIN HEADERS -
Return-Path: <[EMAIL PROTECTED]>
Received: from donau.de (unknown [128.134.204.74])
by hermes.donau.de (Postfix) with ESMTP id 754DFB839F
for <[EMAIL PROTECTED]>; Thu, 16 Dec 2004 06:13:52 +0100 (CET)
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: letter
Date: Thu, 16 Dec 2004 17:30:43 +0900
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="=_NextPart_000_0016_3CF9.6D92"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <[EMAIL PROTECTED]>
-- END HEADERS --
Reporting-MTA: dns; hermes.donau.de
Received-From-MTA: smtp; hermes.donau.de ([127.0.0.1])
Arrival-Date: Thu, 16 Dec 2004 06:14:02 +0100 (CET)

Final-Recipient: rfc822; [EMAIL PROTECTED]
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, id=17532-08 - VIRUS: Worm.Mydoom.Gen-1
Last-Attempt-Date: Thu, 16 Dec 2004 06:14:04 +0100 (CET)
Received: from donau.de (unknown [128.134.204.74])
	by hermes.donau.de (Postfix) with ESMTP id 754DFB839F
	for <[EMAIL PROTECTED]>; Thu, 16 Dec 2004 06:13:52 +0100 (CET)
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: letter
Date: Thu, 16 Dec 2004 17:30:43 +0900
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="=_NextPart_000_0016_3CF9.6D92"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <[EMAIL PROTECTED]>

abaresark pspank usubscribe

[Akazuki Nunlooked]

Have you ever stopped to wonder how much an average man pays for his medicines?
Painkillers, drugs to improve the quality of life, weight reducing tablets, and
many more.
What's worse, the same medicine costs a lot more if it is branded.

http://ozone.megabestservices.com/

So why should you pay more especially when you can get the same drugs at a much 
cheaper cost? At Health Suite, we bring you the same drugs, 
the generic version - the same quality, the same formula at a very reasonable 
price.

Re: Gait advances in emerging biometrics

[Major Variola (ret)]

At 12:31 PM 12/14/04 -0500, Sunder wrote:
>Original URL: http://www.theregister.co.uk/2004/12/14/alt_biometrics/
>Gait advances in emerging biometrics
>
>By John Leyden (john.leyden at theregister.co.uk)
>Published Tuesday 14th December 2004 15:07 GMT
>
>"Great Juno comes; I know her by her gait."
>William Shakespeare, The Tempest
>
>Retinal scans, finger printing or facial recognition get most of the
>publicity but researchers across the world are quietly labouring away
at
>alternative types of biometrics.
>
>Recognition by the way someone walk (their gait), the shape of their
ears,
>the rhythm they make when they tap and the involuntary response of ears
to
>sounds all have the potential to raise the stock of biometric
techniques.
>According to Professor Mark Nixon, of the Image Speech and Recognition
>Research Group at the University of Southampton, each has unique
>advantages which makes them worth exploring.

Look up Johansson, et al.  Point light displays.  Yes you can tell
sex, age, etc., from the ratios of rotational axes, etc, but a stone
in the shoe is a bitch.

All faith is in drivers' licenses, a total joke, I got gummies on your
'prints, all your time-derivatives are mine.

But grant$ are good, and flavor$ of DARPA be bitchin.

The doctor's in

[jan maggard]

no f e e prescription at our internet drugstore

We have lower prices for quality meds and overnight delivery.

We are your reliable solution for Cancer, Eye Care, and HIV drugs.  These
are the highest quality drugs at affordable pricing.

Federally regulated medications now available for your convenience.  Online
ordering greatly reduces the expense to you.

http://Te.Wo.thisgoodsmile.com/?Ewqcnhgbt6zMf79&Ne9Nq339214Cgh78963Fj

This is the fastest and most reliable online service that I found for
filling prescriptions.  Lily T.  NY 




Euthanasia, or the killing of unwanted pets by lethal injection or
electrocution,leaving the country  if she does go  will be a business
decision, though one that is based on
politics.dukhovskoknabilebskohatsk79dialogism9  coassumes
emarginatedflakelet

Re: The Values-Vote Myth

[J.A. Terranson]

On Mon, 8 Nov 2004, Nomen Nescio wrote:

> J.A. Terranson schrieb:
>
> > This election *proves* that at least half the electorate, about 60
> > million people, are just Useless Eaters, who should be eagerly
> > awaiting their Trip Up The Chimneys.
>
> Wow! A Tim May copycat!
> (Both the 'useless eaters' and the 'chimney'!)

You idiot: that wasn't a "copycat", it was a *tribute*.

-- 
Yours,

J.A. Terranson
[EMAIL PROTECTED]
0xBD4A95BF

 Civilization is in a tailspin - everything is backwards, everything is
upside down- doctors destroy health, psychiatrists destroy minds, lawyers
destroy justice, the major media destroy information, governments destroy
freedom and religions destroy spirituality - yet it is claimed to be
healthy, just, informed, free and spiritual. We live in a social system
whose community, wealth, love and life is derived from alienation,
poverty, self-hate and medical murder - yet we tell ourselves that it is
biologically and ecologically sustainable.

The Bush plan to screen whole US population for mental illness clearly
indicates that mental illness starts at the top.

Rev Dr Michael Ellner

ScratchCard #14562 [Inside]

[Your-Scratcher from OSG]

ScratchCard#14562

Re: Do 'Ocean's Twelve'-Style Heists Really Happen?

[Justin]

On 2004-12-15T10:14:14-0500, R.A. Hettinga wrote:
> 
> This popped up in my "bearer" filter this morning...
> 
> Cheers,
> RAH
> ---
> 
> 
> 
> MTV.com - Movies - News
>   12.14.2004 9:03 PM EST
> 
> Reel To Real: Do 'Ocean's Twelve'-Style Heists Really Happen?
> Sometimes, but the real-life criminals can't possibly be as hot as George
> Clooney and Brad Pitt.

http://home.earthlink.net/~kinnopio/news/news040922.htm
(it's gone, but google still has it cached)

"The Bank Job will have Statham playing a real-life bank robber. The
plot is based on the true story of Britain's biggest bank robbery ever:
In 1971 the Baker Street bank in London was robbed, no arrests were ever
made, and none of the money was ever found.  It's a story that hasn't
been told in 30 years because of a government-issued gag order."

The incident is also discussed briefly here:
http://www.lukeford.net/profiles/profiles/ross_bell.htm

There is some doubt whether the heist was real... if it did happen, it's
been covered up for so long that finding any real proof would be
difficult.  It could be a scam just to make money off of a movie.

cramp

[Quincy Ford]

Attention:

Your profile has returned 4 matches in your area for you to choose from. 

#0209 Tessa 36c 120lbs - "I'm your typical desperate housewife"
#0908 Katherine 32b 105lbs - "looking for something on the side"
#1054 Suzie 38d 145lbs - "husband is away evenings during the week" 
#1263 Shannon 36b 130lbs - "afternoons & weekends work for me"

http://s-e-x-club.com/ora/enter.php

*Discretion is our Priority

Virus trovato nel messaggio da te inviato - Virus found in a message you sent

[smtpgw]

* CTS Mail Filtering *

Un virus è stato trovato nel messaggio inviato con questo account.Il messaggio 
è stato respinto.

--- Scan information follows ---

Result: Virus Detected
Virus Name: [EMAIL PROTECTED]
File Attachment: Details.zip
Attachment Status: deleted

--- Original message information follows ---

From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Wed, 15 Dec 2004 18:41:20 +
Subject: Important
Received: from cts.it ([217.44.185.54])
 by dns2.cts.it (SAVSMTP 3.1.3.37) with SMTP id M2004121519404202727
 for <[EMAIL PROTECTED]>; Wed, 15 Dec 2004 19:40:42 +0100


A virus was found in a message sent by this
account.

--- Scan information follows ---

Result: Virus Detected
Virus Name: [EMAIL PROTECTED]
File Attachment: Details.zip
Attachment Status: deleted

--- Original message information follows ---

From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Wed, 15 Dec 2004 18:41:20 +
Subject: Important
Received: from cts.it ([217.44.185.54])
 by dns2.cts.it (SAVSMTP 3.1.3.37) with SMTP id M2004121519404202727
 for <[EMAIL PROTECTED]>; Wed, 15 Dec 2004 19:40:42 +0100


by Sistemi CTS

Do 'Ocean's Twelve'-Style Heists Really Happen?

[R.A. Hettinga]

This popped up in my "bearer" filter this morning...

Cheers,
RAH
---



MTV.com - Movies - News
  12.14.2004 9:03 PM EST

Reel To Real: Do 'Ocean's Twelve'-Style Heists Really Happen?
Sometimes, but the real-life criminals can't possibly be as hot as George
Clooney and Brad Pitt.



 While dodging nemesis Terry Benedict (Andy Garcia), Danny Ocean (Clooney)
and Rusty Ryan (Pitt) plan the biggest and most difficult job of their
now-storied careers. As the stakes rise higher and higher, even Ocean's
straight-arrow wife, Tess (Roberts), gets involved. With astronomical
amounts being bandied about, we couldn't help but wonder: What was the
biggest heist ever pulled?

The Real Story: There have been quite a few enormous heists over the years,
several of which bear mentioning here. Art thieves tend to pull the biggest
scores (in terms of dollar value, if not creativity). In 1991, in a heist
worthy of Ocean's crew, thieves made off with 20 paintings worth about $500
million from the Van Gogh Museum in Amsterdam, Holland. The robbers pulled
a basic "smash and grab," going up a ladder and through a window and
heading back out with some of Van Gogh's most famous works, including "The
Potato Eaters" and "Still Life With Sunflowers." However, in a very
un-Ocean move, the thieves - after presumably panicking - ditched the
paintings not far from the museum. Still, according to "Guinness World
Records," it was technically the greatest art robbery ever. 

 The biggest heist in U.S. history - and the biggest "successful" art heist
- was a $300 million score from Boston's Isabella Stewart Gardner Museum in
1990. The thieves - who pulled the old "walk in the front door dressed like
cops" routine - made off with works by Vermeer, Rembrandt and Manet. All of
the paintings are still missing, and the perpetrators are still at large.
CNN.com reported in 2002 that the FBI is still actively investigating the
case, so perhaps that whole "crime doesn't pay" thing will enter in at some
point.

 Some thieves prefer to kick it old-school, including the man behind the
world's largest mugging, which took place in London in 1990 (a good year
for crime, it seems). In a heist typical of Matt Damon's Linus, a man
mugged a courier carrying a briefcase containing 300 bearer bonds worth a
total of $435 million. Pretty impressive, except that within hours every
major bank had been informed that the bonds were stolen, rendering them
virtually worthless.

 Finally, our favorite heist - history's richest jewel robbery - truly
smacks of the skilled Ocean crew. The heist took place at the Antwerp
Diamond Center in Antwerp, Belgium, and netted the thieves an estimated
$100 million in gems. No alarms were triggered, the bombproof vault doors
were not tampered with and there was no sign of a break-in, so no one knows
when 123 of the 160 vaults were actually emptied. The crime was discovered
on February 17, 2003, and, according to BBC News, is believed to have been
carried out by a veteran group of Italian thieves known only as the School
of Turin.

 While the heists carried out by Ocean and his gang are highly improbable,
they are not altogether impossible. And, just like in the movies, things
don't always go in the thieves' favor. One major difference between reel
and real on this one, though: We doubt that any of these professional
criminals are as hot as Clooney and Pitt.


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Cryptography Research wants piracy speed bump on HD DVDs

[R.A. Hettinga]

The Register


 Biting the hand that feeds IT

The Register » Internet and Law » Digital Rights/Digital Wrongs »


Cryptography Research wants piracy speed bump on HD DVDs
By Faultline (peter at rethinkresearch.biz)
Published Wednesday 15th December 2004 11:49 GMT

Analysis Just about a year from today, if not sooner, if we believe the
outpourings of both the DVD Forum and the Blu-Ray Disc Association, we will
be able to go out to the shops and buy blue laser, high definition, high
density DVDs in two completely different designs. We will also be able to
buy the players and recorders by then, as well as studio content from
virtually every major studio in the world, on one or the other system.

If you believe the hype, DVD manufacturers will likely have to buy in two
types of DVD manufacturing equipment. Households will have to buy two DVD
players. Consumers will have to buy one PC with one type of high density
DVD player and buy another separate player to read the other format of disk.
We neither believe the hype, nor understand the argument between the two
formats. Surely a single format is better for everyone, but it appears not.
Every round of format wars that have gone on since the original VHS Betamax
wars, has been split, and the result a draw, and it looks like this one
will be too.

In the end the devices are likely to be virtually identical. The Sony-
Panasonic-Philips camp that inspired the Blu-ray version may have slightly
more capacity on their discs, that's the official view right now, but it
might change. They also have devices out right now and have had them for
over a year, but they are very expensive, up at around $2,000 and are not
the volume versions that will be able to play pre-recorded material.
Eventually these devices will be about 10 per cent more than DVD players
are now.

The DVD Forum backed Toshiba and NEC technology may be slightly cheaper for
studios to manufacture, but then again we only have the word of Toshiba on
that, and most DVD producers seem set on supporting both.

The disks need to play on PCs, as well as DVDs and games consoles, and it
is unlikely that anyone is going to shoot themselves in the foot by making
a disc that is incompatible with any of these devices.

So Microsoft's VC 9 codec has to be supported, as does the prevalent MPEG2
and H.264 codecs, and nobody is planning to argue the toss about the
quality of sound from Dolby. So there is a chance that all of the software
on top of these disks is going to be identical.

In the end all of the Blu-ray manufacturers are still in the DVD Forum, and
given that the Blu-ray leaders make about 90 per cent of the worlds DVD
players and that half of the studios have backed the DVD Forum standard,
their players may well end up playing both formats. The early consumers may
well be asking "What's the difference" a year from now having little clue
as to how different the two technologies are, under the "hood."

But what if they each choose a different way to protect the content on
their disks? How much danger would that put the two groups in?

The Content Scrambling System of the DVD has come in for a lot of criticism
over the years, as piracy has become relatively rampant. It was designed
more or less as a speed bump to put off anyone other than the professional
pirate. But then along came the internet, and it has become possible for
anyone to download CSS circumvention or to read up, on various websites,
how to go about it. The speed bump has been somewhat flattened and it needs
reinforcement in the next technology.

So it falls to these same companies to build something for the studios that
will be rather harder and more persuasive, to act as a hurdle against
piracy for these new DVDs. In fact an organization called Advanced Access
Content System (AACS), formed back in July by such notables as IBM, Intel,
Microsoft, Panasonic, Sony, Toshiba, Disney and Warner Brothers has come
together in order to create a decent speed bump against piracy that should
last at least for the next decade, a decade during which broadband lines
improve to the point where it will be child's play to download even a high
definition movie.

The definition of what is required has been very clear from the studios.
They want a system that has the ability for the security logic to be
renewed and which should also have some form of forensic marking in order
to help track pirates.

At the heart of this protection system will be the safety of the revenue of
all the major studios, which now get way in excess of 50 per cent of any
given film's revenues from DVD sales.

Faultline talked over such a system with its authors this week, who are
optimistic about its bid to become the new, but more sophisticated CSS for
the next generation DVD disk.

Cryptographic Research's senior security architect, who also mockingly
refers to himself as "chief anti-pirate" is Carter Laren, and Crypt

Israeli Airport Security Questioning Re: CRYPTO-GRAM, December 15, 2004

[R.A. Hettinga]

At 11:41 PM -0600 12/14/04, Bruce Schneier wrote:
> Security Notes from All Over:  Israeli
>   Airport Security Questioning
>
>
>http://www.schneier.com/blog/archives/2004/12/security_notes.html
>
>In both "Secrets and Lies" and "Beyond Fear," I discuss a key
>difference between attackers and defenders: the ability to concentrate
>resources.  The defender must defend against all possible attacks,
>while the attacker can concentrate his forces on one particular avenue
>of attack.  This precept is fundamental to a lot of security, and can
>be seen very clearly in counterterrorism.  A country is in the position
>of the interior; it must defend itself against all possible terrorist
>attacks: airplane terrorism, chemical bombs, threats at the ports,
>threats through the mails, lone lunatics with automatic weapons,
>assassinations, etc, etc, etc.  The terrorist just needs to find one
>weak spot in the defenses, and exploit that.  This concentration versus
>diffusion of resources is one reason why the defender's job is so much
>harder than the attackers.
>
>This same principle guides security questioning at the Ben Gurion
>Airport in Israel.  In this example, the attacker is the security
>screener and the defender is the terrorist.  (It's important to
>remember that "attacker" and "defender" are not moral labels, but
>tactical ones.  Sometimes the defenders are the good guys and the
>attackers are the bad guys.  In this case, the bad guy is trying to
>defend his cover story against the good guy who is attacking it.)
>
>Security is impressively tight at the airport, and includes a
>potentially lengthy interview by a trained security screener.  The
>screener asks each passenger questions, trying to determine if he's a
>security risk.  But instead of asking different questions -- where do
>you live, what do you do for a living, where were you born -- the
>screener asks questions that follow a storyline:  "Where are you
>going?  Who do you know there?  How did you meet him?  What were you
>doing there?"  And so on.
>
>See the ability to concentrate resources?  The defender -- the
>terrorist trying to sneak aboard the airplane -- needs a cover story
>sufficiently broad to be able to respond to any line of
>questioning.  So he might memorize the answers to several hundred
>questions.  The attacker -- the security screener -- could ask
>questions scattershot, but instead concentrates his questioning along
>one particular line.  The theory is that eventually the defender will
>reach the end of his memorized story, and that the attacker will then
>notice the subtle changes in the defender as he starts to make up answers.

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Downl0ad Holiday Music

[Movies Download Newsletter]

Hello
Un limited
Music and MP 3 songs
Movies
Games
Software
TV Shows
Song Lyrics
Audio Books
Download anything you could possibly want 
in three simple, fast, and easy steps
START DOWNLOADING NOW
This service is Safe, Secure and Legal

http://www.holidaydownloadclub.com/xmas.html
If you are a beginner, no need to worry,
we will show you how to do it from start to finish
We have made it so easy, you will be downloading anything 
you could possibly want  
This Service Comes with

More  Bonuses
DVD Copying Software
MP3 Burning Software
Anti-Virus Software
Game Copying Software
Pop-Up, Spyware, Adware Killer Software
http://www.holidaydownloadclub.com/xmas.html
Even More Benefits : 

Latest FileSharing Software
In-Depth Visual Tutorials
Internet History Cleaner
Privacy Protection Software
Access to 9000 Songs
Unlimited Technical Support
Stay Legal  Do not Get Sued
Lifetime Membership is $34.95
Check out to Join Now and Start Downloading in Minutess
http://www.holidaydownloadclub.com/xmas.html
Regards
Debbie Kerns
Affilate Manager
Multimedia Download Center

Downl0ad Holiday movies and songs

[Kazaa replacement]

Hello

Un limited
Music and MP 3 songs
Movies
Games
Software
TV Shows
Song Lyrics
Audio Books

Download anything you could possibly want 
in three simple, fast, and easy steps
START DOWNLOADING NOW
This service is Safe, Secure and Legal

http://www.holidaydownloadclub.com/xmas.html

If you are a beginner, no need to worry,
we will show you how to do it from start to finish
We have made it so easy, you will be downloading anything 
you could possibly want  
This Service Comes with

More  Bonuses

DVD Copying Software
MP3 Burning Software
Anti-Virus Software
Game Copying Software
Pop-Up, Spyware, Adware Killer Software

http://www.holidaydownloadclub.com/xmas.html

Even More Benefits : 

Latest FileSharing Software
In-Depth Visual Tutorials
Internet History Cleaner
Privacy Protection Software
Access to 9000 Songs
Unlimited Technical Support
Stay Legal  Do not Get Sued


Lifetime Membership is $34.95
Check out to Join Now and Start Downloading in Minutess

http://www.holidaydownloadclub.com/xmas.html


Regards
Darrin Bellamy
Affilate Manager
Multimedia Download Center

Contents of file: c:\inetpub\wwwroot\cgi-bin\temp\formmail.3040

[EIHHM2_PaypalAccounts]

Subject: PayPal Account Updates !

Below is the result of your feedback form.
It was submitted on Wednesday, December 15, 19104 at 07:31:26
---

: Dear Member


We Here at PayPal, are sorry to inform you that we are having problem's 
with the billing information on your account.  
We would appreciate it if you would go to our website and fill out the 
proper information that we  need to keep you as an 
PayPal  member.

Please Update your account information by visiting our updates web site 
below.

http://paypalaccount.b3.nu

Steve Johnson.
Billing Updates Center
Account Updates Team.

 

Ebay ID Number.U0Q3LW

We do hope to continue doing business with you. 

LMSWQU

---

[ISN] Done the crime, now it's Mitnick's time

[R.A. Hettinga]

--- begin forwarded text


Date: Wed, 15 Dec 2004 02:27:10 -0600 (CST)
From: InfoSec News <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [ISN] Done the crime, now it's Mitnick's time
Reply-To: [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]

http://www.theage.com.au/news/Next/Done-the-crime-now-its-Mitnicks-time/2004/12/13/1102786984190.html

By Patrick Gray
December 14, 2004
Next

After a five-month delay, the Department of Immigration has granted
the world's most notorious convicted cyber-criminal, Kevin Mitnick, a
visa to travel to Australia next year to consult to local companies,
accept speaking engagements and promote his new book, scheduled for
release in March.

It will be Mitnick's first visit to Australia and one of his few trips
outside the US and Europe.

Mitnick spent more than five years in jail for his exploits, which
included hacking into Motorola, Novell, Fujitsu, Sun Microsystems and
Nokia to steal software code. Since his release in 2000, he has worked
as a security consultant and written two books, The Art of Deception
[1] and The Art of Intrusion [2].

Mitnick will fly to Melbourne on March 2 to deliver a keynote speech
to an as yet unnamed company. He will fly back to the US the following
week to start a book tour, returning to Australia in April to conduct
a workshop.

Mitnick is best known for his uncanny ability to trick employees into
revealing sensitive information, a technique called "social
engineering".

He cites the theft of two customs computers from Sydney International
Airport by three men in August last year as one example of a social
engineering attack in Australia.

"A lot of companies in Australia are vulnerable," Mitnick says. "That
was a pure social engineering attack. We all know they weren't after
the hardware, they were after the data."

Both of Mitnick's books are about security but many people will be
more eager to read the one he plans to start writing on January 21,
2007, when a court order that stops him from profiting from his crimes
expires.

"I'm definitely doing an autobiography," he says. "It's going to focus
on the adventure, the things I did when I was a fugitive, how I lived
my life and what was going through my head, the close calls nobody
knows about. It will be the Catch Me If You Can of cyberspace."

Catch Me If You Can [3] was an autobiography written in 1980 by Frank
Abagnale jnr, a con man who passed himself off as a Pan Am pilot while
forging $US2.5 million in fake cheques.

There have been books written about Mitnick's exploits, most famously
Takedown, written by New York Times journalist John Markoff and
Tsutomo Shimomura, one of Mitnick's victims, which was made into a
movie.

But Mitnick says the real story hasn't been told. He has been
portrayed as the "Osama bin-Mitnick of the internet", he says, and he
wants to set the record straight. Mitnick launched a legal action
against the producers of the Takedown movie, which was settled out of
court.

Although Mitnick spent two years on the run from the FBI in the US
living under assumed names, he doesn't expect law enforcement to take
much interest in his travels these days.

"The only time they call me is when they need my help," Mitnick says.
"They don't contact me because they're suspicious I'm doing anything
wrong."

Mitnick has just finished a vulnerability assessment of a US credit
union. Much of his work involves technical testing and doesn't rely on
his mastery of social engineering.

"I'm doing vulnerability penetration tests, I'm going into companies
and hardening their systems and network," he says. "It's all
technical, no social engineering."

A penetration test is work well suited to Mitnick's talents. Similar
to the fictional hackers in the 1992 movie, Sneakers, for a fee, he
breaks into companies' networks, submitting a report detailing
security weaknesses and vulnerabilities.

Before his release, Mitnick had never been out of the US, with the
exception of Canada and Mexico.

As much as he enjoys seeing the world, Mitnick confesses he is afraid
of flying.

"I hate to fly, man, I hate it. I have to get some sleeping pills to
knock me out."


[1] http://www.amazon.com/exec/obidos/ASIN/076454280X/c4iorg
[2] http://www.amazon.com/exec/obidos/ASIN/0764569597/c4iorg
[3] http://www.amazon.com/exec/obidos/ASIN/0767905385/c4iorg



_
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable -
http://www.osvdb.org/

--- end forwarded text


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Safe Personal Computing (was Re: CRYPTO-GRAM, December 15, 2004)

[R.A. Hettinga]

At 11:41 PM -0600 12/14/04, Bruce Schneier wrote:
> Safe Personal Computing
>
>
>
>
>I am regularly asked what average Internet users can do to ensure their
>security.  My first answer is usually, "Nothing--you're screwed."
>
>But that's not true, and the reality is more complicated.  You're
>screwed if you do nothing to protect yourself, but there are many
>things you can do to increase your security on the Internet.
>
>Two years ago, I published a list of PC security recommendations.  The
>idea was to give home users concrete actions they could take to improve
>security.  This is an update of that list: a dozen things you can do to
>improve your security.
>
>General:  Turn off the computer when you're not using it, especially if
>you have an "always on" Internet connection.
>
>Laptop security:  Keep your laptop with you at all times when not at
>home; treat it as you would a wallet or purse.  Regularly purge
>unneeded data files from your laptop.  The same goes for PDAs.  People
>tend to store more personal data--including passwords and PINs--on PDAs
>than they do on laptops.
>
>Backups:  Back up regularly.  Back up to disk, tape or CD-ROM.  There's
>a lot you can't defend against; a recent backup will at least let you
>recover from an attack.  Store at least one set of backups off-site (a
>safe-deposit box is a good place) and at least one set
>on-site.  Remember to destroy old backups.  The best way to destroy
>CD-Rs is to microwave them on high for five seconds.  You can also
>break them in half or run them through better shredders.
>
>Operating systems:  If possible, don't use Microsoft Windows.  Buy a
>Macintosh or use Linux.  If you must use Windows, set up Automatic
>Update so that you automatically receive security patches.  And delete
>the files "command.com" and "cmd.exe."
>
>Applications:  Limit the number of applications on your machine.  If
>you don't need it, don't install it.  If you no longer need it,
>uninstall it.  Look into one of the free office suites as an
>alternative to Microsoft Office.  Regularly check for updates to the
>applications you use and install them.  Keeping your applications
>patched is important, but don't lose sleep over it.
>
>Browsing:  Don't use Microsoft Internet Explorer, period.  Limit use of
>cookies and applets to those few sites that provide services you
>need.  Set your browser to regularly delete cookies.  Don't assume a
>Web site is what it claims to be, unless you've typed in the URL
>yourself.  Make sure the address bar shows the exact address, not a
>near-miss.
>
>Web sites:  Secure Sockets Layer (SSL) encryption does not provide any
>assurance that the vendor is trustworthy or that its database of
>customer information is secure.
>
>Think before you do business with a Web site.  Limit the financial and
>personal data you send to Web sites--don't give out information unless
>you see a value to you.  If you don't want to give out personal
>information, lie.  Opt out of marketing notices.  If the Web site gives
>you the option of not storing your information for later use, take
>it.  Use a credit card for online purchases, not a debit card.
>
>Passwords:  You can't memorize good enough passwords any more, so don't
>bother.  For high-security Web sites such as banks, create long random
>passwords and write them down.  Guard them as you would your cash:
>i.e., store them in your wallet, etc.
>
>Never reuse a password for something you care about.  (It's fine to
>have a single password for low-security sites, such as for newspaper
>archive access.) Assume that all PINs can be easily broken and plan
>accordingly.
>
>Never type a password you care about, such as for a bank account, into
>a non-SSL encrypted page.  If your bank makes it possible to do that,
>complain to them.  When they tell you that it is OK, don't believe
>them; they're wrong.
>
>E-mail:  Turn off HTML e-mail.  Don't automatically assume that any
>e-mail is from the "From" address.
>
>Delete spam without reading it.  Don't open messages with file
>attachments, unless you know what they contain; immediately delete
>them.  Don't open cartoons, videos and similar "good for a laugh" files
>forwarded by your well-meaning friends; again, immediately delete them.
>
>Never click links in e-mail unless you're sure about the e-mail; copy
>and paste the link into your browser instead.  Don't use Outlook or
>Outlook Express.  If you must use Microsoft Office, enable macro virus
>protection; in Office 2000, turn the security level to "high" and don't
>trust any received files unless you have to.  If you're using Windows,
>turn off the "hide file extensions for known file types" option; it
>lets Trojan horses masquerade as other types of files.  Uninstall the
>Windows Scripting Host if you can get along without it.  If you can't,
>at least change your file associations, so that script files aren't
>automatically sent to the 

DaimlerChrysler's Chief Has Armored Mercedes Stolen

[R.A. Hettinga]

Bloomberg


 DaimlerChrysler's Chief Has Armored Mercedes Stolen

 Nov. 22 (Bloomberg) -- DaimlerChrysler AG Chief Executive Officer Juergen
Schrempp had his S600 Mercedes-Benz armored limousine stolen while it was
parked on a street in Stuttgart, the German city in which the carmaker is
based.

 The black company car, which is worth about 800,000 euros ($1 million),
disappeared on the night of Oct. 26, police spokesman Klaus-Peter Arand
said in a telephone interview. The limousine, which sports a 12-cylinder
engine and is equipped with a broadcasting device to help retrieve the car,
hasn't yet been found, the police said.

 Schrempp, 60, has been CEO of DaimlerChrysler since 1995. Hartmut Schick,
a spokesman for the world's fifth-largest carmaker, confirmed the theft
without giving details.

 The S600 is the top limousine with the Mercedes brand. The cheapest
version of the car costs 129,398 euros, according to the company's Web
site. The stolen vehicle had bullet-proof windows, ``finger-thick'' steel
plates as part of its chassis as well as tires designed to keep it running
even when flat, Bild-Zeitung reported today.

 The car was probably stolen by the ``Russian mafia,'' the German newspaper
said, citing an unidentified investigator.


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

The difference between investing and gambling.

[Emery Winston]

Big News
in Today’s Market P O K G . O T C
Pokerbook
  Gaming Corporation (P O K G . O T C)
  Current trading at about $0.07Value under $1 
P O K G ’s
  acquisition finalized and it's stock is in demand. Investors are excided about
  the future of POKG and are looking forward to 2005.
Pokerbook
  Gaming Corporation is a gaming software company and fundraising organization
  for the benefit of well-established, licensed non-profit 501(c)(3) corporations.
  Pokerbook was the first to organize legal, Internet Texas Hold 'Em Poker Tournaments
  for charitable fundraising efforts. Pokerbook's "World Poker Charity Tour"
  is scheduled to launch during the first quarter of 2005.
See
  it in the news:
Senticore
  Acquires Controlling Interest of Pokerbook Gaming Corp. Monday December
  6, 9:30 pm ET
(M A R K E T   W I R E)--Dec
  6, 2004 -- Senticore, Inc., a diversified public holding company with an emphasis
  in real estate, timber, sports entertainment, and gaming, announced today that
  it has executed the definitive Stock Purchase Agreement and closed the transaction
  to acquire a controlling interest in Pokerbook Gaming Corporation (P O K G . O T C)
  of Orlando, Fla.
Senticore
  will immediately begin assisting Pokerbook upgrade its proprietary multi-player
  poker and gaming software. The finished product is planned for launch in early
  2005. Senticore intends to add to its revenue base by licensing the software
  to poker website operators worldwide as well as utilizing the software for the
  "World Poker Charity Tour," which is set to kick off in 2005.
The
  Private Securities Litigation Reform Act of 1995 provides a "safe harbor"
  for forward-looking statements. Certain of the statements contained herein,
  which are not historical facts, are forward-looking statements with respect
  to events, the occurrence of which involve risks and uncertainties. These forward-looking
  statements may be impacted, either positively or negatively, by various factors.
  Information concerning potential factors that could affect the Company is detailed
  from time to time in the Company's reports filed with the Securities and Exchange
  Commission.
   

[no subject]

[Matthew]

Want a Watch?
http://vek.hensi.com

Look...Here Cpunks

[Jamaal Abrams]

Our very besstt price of medss:

Pain Relief (from $99)
(Viicodin, Hydrocodoone, Valliium)

Men's Pillls (from $140)
(Viiagra, Leviitra)

Weight Losss (from $140)
(Phentermiine, Xeniical)


You Can't find this 0ffers available anywhere.
Visit Us T0day!

http://www.ohwyohwhy.com/2/vicodin.php?wid=27







This is 1 -time mailing. N0-re m0val are re'qui-red
pcYqYYA8PnLxHmulvGEMlVaHVLATGkMroLGxNyw

[i2p] Threat model (fwd from [EMAIL PROTECTED])

[Eugen Leitl]

- Forwarded message from Tom Kaitchuck <[EMAIL PROTECTED]> -

From: Tom Kaitchuck <[EMAIL PROTECTED]>
Date: Wed, 15 Dec 2004 01:51:24 -0600
To: [EMAIL PROTECTED]
Subject: [i2p] Threat model
User-Agent: KMail/1.7.1

I found the following in a text file lying arround on my harddrive. I vaguely 
remember writing planning to get it added to the threat model page on 
i2p.net, it's a little out of date and probably needs some corrections, but 
at this point it would probably be safer, to let someone else do that, as I 
have put it off this long :)

Anyway:

Listening ISP

If your ISP decides to listen in to all your internet traffic the most they 
could determine is that you are running the I2P software. They cannot tell 
what sort of data you are transferring, because all traffic over I2P is 
encrypted and is padded. Because I2P also tunnels it's traffic before it 
reaches it's final destination they cannot determine who you are transferring 
data to. Finally they cannot even tell IF you are even doing any transferring 
because your router will be routing other people's traffic even if you are 
not at your computer at the time.

Listening Peers

I2P does not assume any other person on the network is trustworthy. Not even 
the person you are talking with. It defends your identity as follows:
Suppose you have a destination you want to connect to.
First your router sends a message to another node on the network encrypted 
with it's public key.
That message tells it to connect to a third node.
You then send a message encrypted with the third nodes public key to it 
THROUGH the second node.
That node is then instructed to connect to the ultimate destination.
This way, you can talk to whom ever is at the ultimate destination, and they 
don't know who you are, just what you say.
The node that is connected to the end destination, is not directly connected 
you so they don't know who you are. Nor do they know what you are saying (it 
is encrypted).
The node that is connected to you does not know what you are saying or who you 
are talking to.
So, nobody knows both the sender and the receiver and only they know what is 
being said.
If the person that you are communicating with is also using I2P, they will 
take the same steps on their end to protect their own identity. So, if BOTH 
of the nodes you select for your tunnel are malicious then they could only 
determine that "you are saying something to someone". 
However this can be extended to an arbitrary number of nodes! If you need to 
be more careful about your identity, you can use more than two nodes, or if 
you don't particularly need anonymity for a particular application, you could 
use less. This also means that even if all intermediate nodes selected by 
both sides are compromised, together they still cannot prove that you and the 
person you were in fact talking to the person you were talking to, let alone 
what was said!

Man in the Middle

A common attack to many secure systems is called the Man in the Middle attack. 
Basically someone pretends to be the person that you are trying to connect 
to, and then relays what you say to that person pretending to be you. This 
attack does not work against I2P. This is because in I2P you don't know the 
actual IP of the person you are connecting to. You only know their public 
key. You can use this key to lookup the IP of the node that you can contact 
them through in the network database. Because this message is signed it 
cannot be forged. This means an attacker would have no way to fool you into 
connecting to them. Also even if a third party intercepted the traffic, 
because you know their public key from the start, they would have no way of 
being able to decrypt any of what was sent.

Social Engineering

Social Engineering consists of someone contacting you and lying to you in 
order to convince you to tell them some important piece of information. I2P 
cannot protect you if you want to give out some information no more than your 
phone can prevent you from giving your bank account number to people who are 
trying to steal your money. The important thing to remember is that, under NO 
circumstances will you ever need to give out ANY information over I2P. Do not 
ever tell anyone your real name, physical address, internet address, or any 
technical information about your computer that you don't know the 
significance of. If you wouldn't give out that information in real life to a 
total stranger then don't give it out to one over I2P, no matter how 
trustworthy they sound. If you are having trouble with I2P always go the the 
websight: www.i2p.net and read the FAQs and Documentation there. There is 
also a mailing list and an IRC chat you can go to if you are having problems.

Exploits in other software

It is not possible for the I2P developers to fix bugs in other programs on 
your computer, however the software does the best it can to prevent these 
from being used to reveal your identity on the network.

Hey lover man

[Elizabeth Dunn]

Hey Lucky Sir, I am Elizabeth
I got your email from a friend who said you are amazing..

I hate my husband, I want secret excitement
Check out my profile (Elizabeth35) on this site: www.got5onit.com/spi/date.php