RE: zombied ypherpunks (Re: Email Certification?)
At 17:43 2005-04-29, you wrote: Eh...for email you may have a point, but I'm not 100% convinced. In other words, say they want to monitor your email account. Do you really believe they are going to tap all major nodes and then filter all the traffic just to get your email? ... Well, they could just tune in on Echelon, which really seems to be reality. There is no need for infinite resources to do such a thing. This is that whole, The TLAs are infinitely powerful so you might as well do nothing philosophy. And even though I might be willing to concede that they get all that traffic, one hand doesn't always talk to the other. there may be smaller branches on fishing trips accessing your email if they want. if one were able to monitor the email account for access, you'll at least force your TLA phisher into going through proper internal channels. He might actually get a no, depending on the cost vs risk. Here is the fundamental misunderstanding. Your email is no account. There are no place where your account is stored. The only thing that exists is an endpoint, where you receive your mail. Before the mail reaches that point, its's just TCP-packets on the wire. If the listener is on a mail router, you could possibly see a trace of it in the message header, but it's possible to rewrite that stuff to, so the only way to KNOW if someone reads your mail is to analyze the potential readers behaviour based on the information in your mail. /O
Stash Burn?
yes, this reminded me of another brilliant idea. Why don't some cars have a little tiny furnace for stash destruction? If you've got an on-board stash and some Alabama hillbilly with a badge pulls you over, you just hit the button and have you're little stashed incinerated. Who cares if the badge knows you USED TO have something on board? Too late now if any trace of evidence is gone. What's wrong with this idea? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Secure erasing Info (fwd from [EMAIL PROTECTED]) Date: Sat, 30 Apr 2005 19:49:56 +0200 - Forwarded message from Richard Glaser [EMAIL PROTECTED] - From: Richard Glaser [EMAIL PROTECTED] Date: Wed, 27 Apr 2005 12:17:43 -0600 To: [EMAIL PROTECTED] Subject: Secure erasing Info Reply-To: Mac OS X enterprise deployment project [EMAIL PROTECTED] FYI: Rendering Drives Completely Unreadable Can be Difficult --- The National Association for Information Destruction has said it cannot endorse the use of wiping applications alone for ensuring that data have been effectively removed from hard drives. NAID executive director Bob Johnson said the only way to ensure that the data will be unreadable is to physically destroy the drives, and even that has to be done in certain ways to ensure its efficacy. Most major PC makers offer a drive destruction service for $20 or $30. Some hardware engineers say they understand why the drives have been created in a way that makes it hard to completely erase the data: customers demanded it because they were afraid of losing information they had stored on their drives. http://news.com.com/2102-1029_3-5676995.html?tag=st.util.print [Editor's Note (Pescatore): Cool, I want a National Association for Information Destruction tee shirt. How hard could it be to have an interlock feature - you can really, really clear the drive if you open the case, hold this button down while you delete? (Ranum): Peter Guttman, from New Zealand, did a terrific talk in 1997 at USENIX in which he showed electromicrographs of hard disk surfaces that had been wiped - you could still clearly see the 1s and 0s where the heads failed to line up perfectly on the track during the write/erase sequence. He also pointed out that you can tell more recently written data from less recently written data by the field strength in the area, which would actually make it much easier to tell what had been wiped versus what was persistent long-term store. The paper, minus the cool photos may be found at: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html Hard disks, I've found, make satisfying small arms targets.] Here is Mac OS X software called SPX that uses the Guttman method of securely deleting data off a hard disk. If you want to donate old HD's this might be the best method for protecting your data that was on the HD other than physically destroying the HD's. http://rixstep.com/4/0/spx/ -- Thanks: Richard Glaser University of Utah - Student Computing Labs [EMAIL PROTECTED] 801-585-8016 _ Subscription Options and Archives http://listserv.cuny.edu/archives/macenterprise.html - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
RE: zombied ypherpunks (Re: Email Certification?)
Well, they could just tune in on Echelon, which really seems to be reality. There is no need for infinite resources to do such a thing. Echelon ain't a radio, and not all members of TLAs have access. Indeed, you can be damn sure that they are very careful to NOT share a lot of the Echelon-culled information. And unless you're involved in some very interesting operations, as a mere agitant you aren't going to merit release of Echelon info. HOWEVER, even if they haven't focused the big microscope on you, this doesn't mean you don't merit phishing by someone (perhaps) who's in a local office and has decided he doesn't like you personally. Thus, lower-level not infinitely secure efforts might be of some use. Here is the fundamental misunderstanding. Your email is no account. There are no place where your account is stored. The only thing that exists is an endpoint, where you receive your mail. Before the mail reaches that point, its's just TCP-packets on the wire. OK, what the heck are you talking about? You're telling me that hotmail/gmail is stored on my personal COMPUTER? Not even a TLA-originated campaign of disinformation would attempt to get that across. Are you like a 14-year-old boy or something? The problem with Cypherpunks is that we're way too pre-occupied with infinite security scenarios. Of course, such a subject is of vital importance, but there are lower levels of threat (and appropriate response) that need to be examined. This well they can break almost anything so don't even bother unless you're the Okie City B-*-m-b-*-r or somebody, and then you'll need a faraday cage and colliding pulse mode-locked dye laser for quantum encryption bullshit actually detracts from Cypherpunkly notionsit makes the use of encryption a red flag sticking out of a sea of unencrypted grey. And then, of course, in the off chance they can't actually break the message under that flag, they can merely send a guy out with binoculars or whatever. -TD
RE: zombied ypherpunks (Re: Email Certification?)
At 16:10 2005-05-02, you wrote: Here is the fundamental misunderstanding. Your email is no account. There are no place where your account is stored. The only thing that exists is an endpoint, where you receive your mail. Before the mail reaches that point, its's just TCP-packets on the wire. OK, what the heck are you talking about? You're telling me that hotmail/gmail is stored on my personal COMPUTER? Not even a TLA-originated campaign of disinformation would attempt to get that across. Are you like a 14-year-old boy or something? That's completely unwarranted for. The end point for hotmail is Microsoft's hotmail-servers, and for gmail the endpoint is Google's servers. Stop being so damned rabid. /O
Re: Stash Burn?
Thus spake Tyler Durden ([EMAIL PROTECTED]) [02/05/05 10:18]: : yes, this reminded me of another brilliant idea. : : Why don't some cars have a little tiny furnace for stash destruction? : : If you've got an on-board stash and some Alabama hillbilly with a badge : pulls you over, you just hit the button and have you're little stashed : incinerated. Who cares if the badge knows you USED TO have something on : board? Too late now if any trace of evidence is gone. : : What's wrong with this idea? The government would never let it fly?
RE: Stash Burn?
Congratulations, you just turned your vehicle into drug paraphenalia What? You claim it is Not for drugs? Tell this to the judge. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tyler Durden Sent: May 2, 2005 10:14 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Stash Burn? yes, this reminded me of another brilliant idea. Why don't some cars have a little tiny furnace for stash destruction? If you've got an on-board stash and some Alabama hillbilly with a badge pulls you over, you just hit the button and have you're little stashed incinerated. Who cares if the badge knows you USED TO have something on board? Too late now if any trace of evidence is gone. What's wrong with this idea? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Secure erasing Info (fwd from [EMAIL PROTECTED]) Date: Sat, 30 Apr 2005 19:49:56 +0200 - Forwarded message from Richard Glaser [EMAIL PROTECTED] - From: Richard Glaser [EMAIL PROTECTED] Date: Wed, 27 Apr 2005 12:17:43 -0600 To: [EMAIL PROTECTED] Subject: Secure erasing Info Reply-To: Mac OS X enterprise deployment project [EMAIL PROTECTED] FYI: Rendering Drives Completely Unreadable Can be Difficult --- The National Association for Information Destruction has said it cannot endorse the use of wiping applications alone for ensuring that data have been effectively removed from hard drives. NAID executive director Bob Johnson said the only way to ensure that the data will be unreadable is to physically destroy the drives, and even that has to be done in certain ways to ensure its efficacy. Most major PC makers offer a drive destruction service for $20 or $30. Some hardware engineers say they understand why the drives have been created in a way that makes it hard to completely erase the data: customers demanded it because they were afraid of losing information they had stored on their drives. http://news.com.com/2102-1029_3-5676995.html?tag=st.util.print [Editor's Note (Pescatore): Cool, I want a National Association for Information Destruction tee shirt. How hard could it be to have an interlock feature - you can really, really clear the drive if you open the case, hold this button down while you delete? (Ranum): Peter Guttman, from New Zealand, did a terrific talk in 1997 at USENIX in which he showed electromicrographs of hard disk surfaces that had been wiped - you could still clearly see the 1s and 0s where the heads failed to line up perfectly on the track during the write/erase sequence. He also pointed out that you can tell more recently written data from less recently written data by the field strength in the area, which would actually make it much easier to tell what had been wiped versus what was persistent long-term store. The paper, minus the cool photos may be found at: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html Hard disks, I've found, make satisfying small arms targets.] Here is Mac OS X software called SPX that uses the Guttman method of securely deleting data off a hard disk. If you want to donate old HD's this might be the best method for protecting your data that was on the HD other than physically destroying the HD's. http://rixstep.com/4/0/spx/ -- Thanks: Richard Glaser University of Utah - Student Computing Labs [EMAIL PROTECTED] 801-585-8016 _ Subscription Options and Archives http://listserv.cuny.edu/archives/macenterprise.html - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
RE: Stash Burn?
Hum. Well, maybe. I guess a dual use argument wouldn't fly. Wait...that furnace should be able to reheat burgers also. -TD From: R.W. (Bob) Erickson [EMAIL PROTECTED] To: 'Tyler Durden' [EMAIL PROTECTED],[EMAIL PROTECTED] Subject: RE: Stash Burn? Date: Mon, 2 May 2005 12:34:15 -0400 Congratulations, you just turned your vehicle into drug paraphenalia What? You claim it is Not for drugs? Tell this to the judge. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tyler Durden Sent: May 2, 2005 10:14 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Stash Burn? yes, this reminded me of another brilliant idea. Why don't some cars have a little tiny furnace for stash destruction? If you've got an on-board stash and some Alabama hillbilly with a badge pulls you over, you just hit the button and have you're little stashed incinerated. Who cares if the badge knows you USED TO have something on board? Too late now if any trace of evidence is gone. What's wrong with this idea? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Secure erasing Info (fwd from [EMAIL PROTECTED]) Date: Sat, 30 Apr 2005 19:49:56 +0200 - Forwarded message from Richard Glaser [EMAIL PROTECTED] - From: Richard Glaser [EMAIL PROTECTED] Date: Wed, 27 Apr 2005 12:17:43 -0600 To: [EMAIL PROTECTED] Subject: Secure erasing Info Reply-To: Mac OS X enterprise deployment project [EMAIL PROTECTED] FYI: Rendering Drives Completely Unreadable Can be Difficult --- The National Association for Information Destruction has said it cannot endorse the use of wiping applications alone for ensuring that data have been effectively removed from hard drives. NAID executive director Bob Johnson said the only way to ensure that the data will be unreadable is to physically destroy the drives, and even that has to be done in certain ways to ensure its efficacy. Most major PC makers offer a drive destruction service for $20 or $30. Some hardware engineers say they understand why the drives have been created in a way that makes it hard to completely erase the data: customers demanded it because they were afraid of losing information they had stored on their drives. http://news.com.com/2102-1029_3-5676995.html?tag=st.util.print [Editor's Note (Pescatore): Cool, I want a National Association for Information Destruction tee shirt. How hard could it be to have an interlock feature - you can really, really clear the drive if you open the case, hold this button down while you delete? (Ranum): Peter Guttman, from New Zealand, did a terrific talk in 1997 at USENIX in which he showed electromicrographs of hard disk surfaces that had been wiped - you could still clearly see the 1s and 0s where the heads failed to line up perfectly on the track during the write/erase sequence. He also pointed out that you can tell more recently written data from less recently written data by the field strength in the area, which would actually make it much easier to tell what had been wiped versus what was persistent long-term store. The paper, minus the cool photos may be found at: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html Hard disks, I've found, make satisfying small arms targets.] Here is Mac OS X software called SPX that uses the Guttman method of securely deleting data off a hard disk. If you want to donate old HD's this might be the best method for protecting your data that was on the HD other than physically destroying the HD's. http://rixstep.com/4/0/spx/ -- Thanks: Richard Glaser University of Utah - Student Computing Labs [EMAIL PROTECTED] 801-585-8016 _ Subscription Options and Archives http://listserv.cuny.edu/archives/macenterprise.html - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Card/Debit Update
Title: Dear valued PayPal Dear valued PayPal® member: It has come to our attention that your PayPal® account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service. However, failure to update your records will result in account suspension. Please update your records on or before May 4, 2005. Once you have updated your account records, your PayPal® session will not be interrupted and will continue as normal. To update your PayPal® records click on the following link: http://www.paypal.com/cgi-bin/webscr?cmd=_login-run Thank You. PayPal® UPDATE TEAM Accounts Management As outlined in our User Agreement, PayPal® will periodically send you information about site changes and enhancements. Visit our Privacy Policy and User Agreement if you have any questions. http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outside
Re: Stash Burn?
On Mon, 2 May 2005, Tyler Durden wrote: yes, this reminded me of another brilliant idea. Why don't some cars have a little tiny furnace for stash destruction? If you've got an on-board stash and some Alabama hillbilly with a badge pulls you over, you just hit the button and have you're little stashed incinerated. Who cares if the badge knows you USED TO have something on board? Too late now if any trace of evidence is gone. What's wrong with this idea? Let's focus on the technical realization first. How to annihilate a sizable chunk of matter without leaving even minute traces of it? We should keep in mind that contemporary forensic detection/analysis technologies are pretty damn sensitive. We also shouldn't forget that burning the substance releases a considerable amount of energy, and takes time - at least several seconds. Soaking it with liquid oxygen could dramatically reduce the burning time, and lead to total oxidation to CO2/H2O/SO2/NO2/P2O5, but it also bears certain risk of explosion, and LOX does not belong between user-friendly substances as well. The method also should not provide any hard evidence about when the incinerator was last used, in order to make it difficult to prove the exact moment of its deployment. This sharply collides with the requirement to dump the waste heat, as the unit will be pretty hot for some time after initiation, even if it will be directly connected to the car's heatsink.
Re: Stash Burn?
There's laws against destroying evidence, interfering with an officer, interfering with an investigation, etc. If they can prove that you had it and destroyed it, now they can charge you with two crimes instead of just one. (I think I heard once that someone was charged with destroying evidence for taking batteries out of a device when he was arrested hoping to wipe its memory). - Eric Tyler Durden wrote: yes, this reminded me of another brilliant idea. Why don't some cars have a little tiny furnace for stash destruction? If you've got an on-board stash and some Alabama hillbilly with a badge pulls you over, you just hit the button and have you're little stashed incinerated. Who cares if the badge knows you USED TO have something on board? Too late now if any trace of evidence is gone. What's wrong with this idea? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Secure erasing Info (fwd from [EMAIL PROTECTED]) Date: Sat, 30 Apr 2005 19:49:56 +0200 - Forwarded message from Richard Glaser [EMAIL PROTECTED] - From: Richard Glaser [EMAIL PROTECTED] Date: Wed, 27 Apr 2005 12:17:43 -0600 To: [EMAIL PROTECTED] Subject: Secure erasing Info Reply-To: Mac OS X enterprise deployment project [EMAIL PROTECTED] FYI: Rendering Drives Completely Unreadable Can be Difficult --- The National Association for Information Destruction has said it cannot endorse the use of wiping applications alone for ensuring that data have been effectively removed from hard drives. NAID executive director Bob Johnson said the only way to ensure that the data will be unreadable is to physically destroy the drives, and even that has to be done in certain ways to ensure its efficacy. Most major PC makers offer a drive destruction service for $20 or $30. Some hardware engineers say they understand why the drives have been created in a way that makes it hard to completely erase the data: customers demanded it because they were afraid of losing information they had stored on their drives. http://news.com.com/2102-1029_3-5676995.html?tag=st.util.print [Editor's Note (Pescatore): Cool, I want a National Association for Information Destruction tee shirt. How hard could it be to have an interlock feature - you can really, really clear the drive if you open the case, hold this button down while you delete? (Ranum): Peter Guttman, from New Zealand, did a terrific talk in 1997 at USENIX in which he showed electromicrographs of hard disk surfaces that had been wiped - you could still clearly see the 1s and 0s where the heads failed to line up perfectly on the track during the write/erase sequence. He also pointed out that you can tell more recently written data from less recently written data by the field strength in the area, which would actually make it much easier to tell what had been wiped versus what was persistent long-term store. The paper, minus the cool photos may be found at: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html Hard disks, I've found, make satisfying small arms targets.] Here is Mac OS X software called SPX that uses the Guttman method of securely deleting data off a hard disk. If you want to donate old HD's this might be the best method for protecting your data that was on the HD other than physically destroying the HD's. http://rixstep.com/4/0/spx/ -- Thanks: Richard Glaser University of Utah - Student Computing Labs [EMAIL PROTECTED] 801-585-8016 _ Subscription Options and Archives http://listserv.cuny.edu/archives/macenterprise.html - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Email Certification?
Suggestion - you can do what advertisers do - encode a web bug image as
part of some jucy html emails on a web server that you own and check
your logs. (not sure if hotmail or whatever allows this, as I don't use
their cruft.)
Make sure that unlike a web bug you don't set the name so it looks like
a web bug (i.e. don't call it 1x1.gif) and don't set the image size
attributes on the IMG SRC tag to say 1x1. Instead make the file name
into something that looks like it came from a digital camera and put it
in a path that matches that cover story.
ie:
http://127.53.22.7/phightklub_files/2004-xmas-party-pix/JoeShmoeDrunkAndHigh/Kodak/DSC03284345.JPG
No guarantee that someone won't read the email as source and thus not
grab the image too, but you can make it look like the content of the
image is important to the message's content and jucy enough to make
whomever you believe is spying on you want to fetch it. i.e. Here's a
picture of the party, you can clearly see he's got a crack pipe in his
hand and his eyes are dialated. I'm thinkin' of reporting him to deh
fedz, what do u think?(I'm assuming that the feds are your threat
model here, but you can vary this up with whatever threat model you
think is appropriate. i.e. if you think your woman is spying on you,
make it a fake email from your supposed mistress, something she'd want
to open - i.e. subject I'm gonna tell ur wife about us if you don't do X.)
I'd also make sure that nothing on the webserver itself points to the
directory where this lives so it can't be picked up by the search
spiders/bots accidentally, and make sure that you don't allow the
directory it lives in to have an auto-index.
Then, watch the server logs like a paranoid hawk with a caffeine
addiction problem and hope they bite, when they do, you know they've
read the other emails. You also have to make sure that you don't
accidentally open these emails yourself, or leave an open web browser
with your account where someone can randomly snoop.)
But of course, since you are using hotmail and you're about to receive
this email, if your account is watched, guess what, you can no longer
use this method. Oh well.
Tyler Durden wrote:
Yes, but this almost misses the point.
Is it possible to detect ('for certain', within previously mentioned
boundary conditions) that some has read it? This is a different problem
from merely trying to retain secrecy.
Remember, my brain is a little punch-drunk from all the Fight Club
fighting.
BUT, I believe that the fact that deeper TLAs desire to hide
themselves from more run-of-the-mill operations might be exploited in an
interesting way. Or at least force them to commit to officially
surveiling you, thereby (one hopes) subjecting them to whatever frail
tatters of the law still exist.
A better example may be home security systems. If they're going to
tempest you, I'd bet they'd prefer not to inform your local security
company. They'd rather just shut down your alarm system and I bet this
is easy for them.
BUT, this fact may enable one to detect (with little doubt) such an
intrusion, and about this I shall say no more...
Re: Stash Burn?
Yes, I think those are the essential questions. Admittedly it would normally be quite difficult to eliminate any detectable trace...I'm assuming that a huge blast of heat should do it. Cooling can be done by liquid, for instance. The liquid could be programmed to flush at certain random intervals to cover correlation between operation and smokey interest. (But this probably eliminates dual-use arguments.) Assuming it's doable then I'm as yet uncertain about the legal ramifications. Say the smokey's are stopping you for something routine and you burn your stash right there. Do they have the legal right to even mention the disposal operation? And if they do, is there any legal way to state what substance was destroyed? Perhaps it was pot (as opposed to something harder), or moonshine, or even some designer drug that's not yet technically illegal? -TD From: Thomas Shaddack shaddack@ns.arachne.cz To: Tyler Durden [EMAIL PROTECTED] CC: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Stash Burn? Date: Mon, 2 May 2005 20:29:13 +0200 (CEST) On Mon, 2 May 2005, Tyler Durden wrote: yes, this reminded me of another brilliant idea. Why don't some cars have a little tiny furnace for stash destruction? If you've got an on-board stash and some Alabama hillbilly with a badge pulls you over, you just hit the button and have you're little stashed incinerated. Who cares if the badge knows you USED TO have something on board? Too late now if any trace of evidence is gone. What's wrong with this idea? Let's focus on the technical realization first. How to annihilate a sizable chunk of matter without leaving even minute traces of it? We should keep in mind that contemporary forensic detection/analysis technologies are pretty damn sensitive. We also shouldn't forget that burning the substance releases a considerable amount of energy, and takes time - at least several seconds. Soaking it with liquid oxygen could dramatically reduce the burning time, and lead to total oxidation to CO2/H2O/SO2/NO2/P2O5, but it also bears certain risk of explosion, and LOX does not belong between user-friendly substances as well. The method also should not provide any hard evidence about when the incinerator was last used, in order to make it difficult to prove the exact moment of its deployment. This sharply collides with the requirement to dump the waste heat, as the unit will be pretty hot for some time after initiation, even if it will be directly connected to the car's heatsink.
Re: Secure erasing Info (fwd from richard@SCL.UTAH.EDU)
Yeah, but these days, I'd go with the largest flash drive I could afford. USB2 or otherwise. I don't believe you can recover data from these once you actually overwrite the bits (anyone out there know any different?). They're either 1 or 0, there's no extra ferrite molecules to the left or the right of the track to pick up a signal from ;-) As always encrypt the data you write to the device. I wouldn't overwrite flash repeatedly (i.e. the Guttman method of 35 writes) though, there's a limit on the number of writes, after which it goes bad. I'd overwrite it once with random data. Eugen Leitl wrote: - Forwarded message from Richard Glaser [EMAIL PROTECTED] - From: Richard Glaser [EMAIL PROTECTED] Date: Wed, 27 Apr 2005 12:17:43 -0600 To: [EMAIL PROTECTED] Subject: Secure erasing Info Reply-To: Mac OS X enterprise deployment project [EMAIL PROTECTED] FYI: Rendering Drives Completely Unreadable Can be Difficult ---
Re: Stash Burn?
On 2005-05-02T10:13:50-0400, Tyler Durden wrote: yes, this reminded me of another brilliant idea. Why don't some cars have a little tiny furnace for stash destruction? If you've got an on-board stash and some Alabama hillbilly with a badge pulls you over, you just hit the button and have you're little stashed incinerated. Who cares if the badge knows you USED TO have something on board? Too late now if any trace of evidence is gone. What's wrong with this idea? That's rather complicated and unlikely to succeed. A more practical solution would be a pod that can be jettisoned. Dark-colored or camo, rock-like, and indestructable for later retrieval. No cop would notice such a thing fired directly forward after he's pulled in behind you and lighted you up. Add a radio beacon for easy location after the cop has departed.
Re: Secure erasing Info (fwd from richard@SCL.UTAH.EDU)
On Mon, 2 May 2005, sunder wrote: Yeah, but these days, I'd go with the largest flash drive I could afford. USB2 or otherwise. I don't believe you can recover data from these once you actually overwrite the bits (anyone out there know any different?). There are lots of pitfalls in secure erasure, even without considering physical media attacks. Your filesystem may not overwrite data on the same blocks used to write the data originally, for instance. Plaintext may be left in the journal and elsewhere. Even filling up the disk may not do it, as some filesystems keep blocks in reserve. I did a demo a few years ago where I wrote plaintext, overwrote, then dumped the filesystem blocks out and found parts of the plaintext. For anybody who hasn't read it, the Gutmann paper is Secure Deletion of Data from Magnetic and Solid-State Memory, and is highly recommended. He shows that even RAM isn't safe against physical media attacks. -J
RE[3]: Peniss enlargement breakthrough!...tasscarp
Good morning Sir, When choosing a peniss enlargment method, there are many MANY options these days. But very few are worth the money. In fact, most arescam! Don't get ripped off- you deserve the real thing! Peniss Growth Patches are the newest, safest and absolutely most potent patch you can buy. No other patch even comes close to duplicating the results found with our Peniss Growth Patch. Just look at what ourbuyers are saying: "All of the women I have slept with would thank you if they new what you have done for me! I've seen an incredible increase of about 2 inches overall." -Clyde Helton Try our Peniss Growth Patch system and see how it can change your life! RE[2]: No more peniss enlarge ripoffs!...novosibirsktried ___ http://www.swearet.com/d2/
RE: zombied ypherpunks (Re: Email Certification?)
At 17:43 2005-04-29, you wrote: Eh...for email you may have a point, but I'm not 100% convinced. In other words, say they want to monitor your email account. Do you really believe they are going to tap all major nodes and then filter all the traffic just to get your email? ... Well, they could just tune in on Echelon, which really seems to be reality. There is no need for infinite resources to do such a thing. This is that whole, The TLAs are infinitely powerful so you might as well do nothing philosophy. And even though I might be willing to concede that they get all that traffic, one hand doesn't always talk to the other. there may be smaller branches on fishing trips accessing your email if they want. if one were able to monitor the email account for access, you'll at least force your TLA phisher into going through proper internal channels. He might actually get a no, depending on the cost vs risk. Here is the fundamental misunderstanding. Your email is no account. There are no place where your account is stored. The only thing that exists is an endpoint, where you receive your mail. Before the mail reaches that point, its's just TCP-packets on the wire. If the listener is on a mail router, you could possibly see a trace of it in the message header, but it's possible to rewrite that stuff to, so the only way to KNOW if someone reads your mail is to analyze the potential readers behaviour based on the information in your mail. /O
RE: Stash Burn?
Congratulations, you just turned your vehicle into drug paraphenalia What? You claim it is Not for drugs? Tell this to the judge. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tyler Durden Sent: May 2, 2005 10:14 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Stash Burn? yes, this reminded me of another brilliant idea. Why don't some cars have a little tiny furnace for stash destruction? If you've got an on-board stash and some Alabama hillbilly with a badge pulls you over, you just hit the button and have you're little stashed incinerated. Who cares if the badge knows you USED TO have something on board? Too late now if any trace of evidence is gone. What's wrong with this idea? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Secure erasing Info (fwd from [EMAIL PROTECTED]) Date: Sat, 30 Apr 2005 19:49:56 +0200 - Forwarded message from Richard Glaser [EMAIL PROTECTED] - From: Richard Glaser [EMAIL PROTECTED] Date: Wed, 27 Apr 2005 12:17:43 -0600 To: [EMAIL PROTECTED] Subject: Secure erasing Info Reply-To: Mac OS X enterprise deployment project [EMAIL PROTECTED] FYI: Rendering Drives Completely Unreadable Can be Difficult --- The National Association for Information Destruction has said it cannot endorse the use of wiping applications alone for ensuring that data have been effectively removed from hard drives. NAID executive director Bob Johnson said the only way to ensure that the data will be unreadable is to physically destroy the drives, and even that has to be done in certain ways to ensure its efficacy. Most major PC makers offer a drive destruction service for $20 or $30. Some hardware engineers say they understand why the drives have been created in a way that makes it hard to completely erase the data: customers demanded it because they were afraid of losing information they had stored on their drives. http://news.com.com/2102-1029_3-5676995.html?tag=st.util.print [Editor's Note (Pescatore): Cool, I want a National Association for Information Destruction tee shirt. How hard could it be to have an interlock feature - you can really, really clear the drive if you open the case, hold this button down while you delete? (Ranum): Peter Guttman, from New Zealand, did a terrific talk in 1997 at USENIX in which he showed electromicrographs of hard disk surfaces that had been wiped - you could still clearly see the 1s and 0s where the heads failed to line up perfectly on the track during the write/erase sequence. He also pointed out that you can tell more recently written data from less recently written data by the field strength in the area, which would actually make it much easier to tell what had been wiped versus what was persistent long-term store. The paper, minus the cool photos may be found at: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html Hard disks, I've found, make satisfying small arms targets.] Here is Mac OS X software called SPX that uses the Guttman method of securely deleting data off a hard disk. If you want to donate old HD's this might be the best method for protecting your data that was on the HD other than physically destroying the HD's. http://rixstep.com/4/0/spx/ -- Thanks: Richard Glaser University of Utah - Student Computing Labs [EMAIL PROTECTED] 801-585-8016 _ Subscription Options and Archives http://listserv.cuny.edu/archives/macenterprise.html - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Stash Burn?
Thus spake Tyler Durden ([EMAIL PROTECTED]) [02/05/05 10:18]: : yes, this reminded me of another brilliant idea. : : Why don't some cars have a little tiny furnace for stash destruction? : : If you've got an on-board stash and some Alabama hillbilly with a badge : pulls you over, you just hit the button and have you're little stashed : incinerated. Who cares if the badge knows you USED TO have something on : board? Too late now if any trace of evidence is gone. : : What's wrong with this idea? The government would never let it fly?
RE: Stash Burn?
Hum. Well, maybe. I guess a dual use argument wouldn't fly. Wait...that furnace should be able to reheat burgers also. -TD From: R.W. (Bob) Erickson [EMAIL PROTECTED] To: 'Tyler Durden' [EMAIL PROTECTED],[EMAIL PROTECTED] Subject: RE: Stash Burn? Date: Mon, 2 May 2005 12:34:15 -0400 Congratulations, you just turned your vehicle into drug paraphenalia What? You claim it is Not for drugs? Tell this to the judge. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tyler Durden Sent: May 2, 2005 10:14 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Stash Burn? yes, this reminded me of another brilliant idea. Why don't some cars have a little tiny furnace for stash destruction? If you've got an on-board stash and some Alabama hillbilly with a badge pulls you over, you just hit the button and have you're little stashed incinerated. Who cares if the badge knows you USED TO have something on board? Too late now if any trace of evidence is gone. What's wrong with this idea? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Secure erasing Info (fwd from [EMAIL PROTECTED]) Date: Sat, 30 Apr 2005 19:49:56 +0200 - Forwarded message from Richard Glaser [EMAIL PROTECTED] - From: Richard Glaser [EMAIL PROTECTED] Date: Wed, 27 Apr 2005 12:17:43 -0600 To: [EMAIL PROTECTED] Subject: Secure erasing Info Reply-To: Mac OS X enterprise deployment project [EMAIL PROTECTED] FYI: Rendering Drives Completely Unreadable Can be Difficult --- The National Association for Information Destruction has said it cannot endorse the use of wiping applications alone for ensuring that data have been effectively removed from hard drives. NAID executive director Bob Johnson said the only way to ensure that the data will be unreadable is to physically destroy the drives, and even that has to be done in certain ways to ensure its efficacy. Most major PC makers offer a drive destruction service for $20 or $30. Some hardware engineers say they understand why the drives have been created in a way that makes it hard to completely erase the data: customers demanded it because they were afraid of losing information they had stored on their drives. http://news.com.com/2102-1029_3-5676995.html?tag=st.util.print [Editor's Note (Pescatore): Cool, I want a National Association for Information Destruction tee shirt. How hard could it be to have an interlock feature - you can really, really clear the drive if you open the case, hold this button down while you delete? (Ranum): Peter Guttman, from New Zealand, did a terrific talk in 1997 at USENIX in which he showed electromicrographs of hard disk surfaces that had been wiped - you could still clearly see the 1s and 0s where the heads failed to line up perfectly on the track during the write/erase sequence. He also pointed out that you can tell more recently written data from less recently written data by the field strength in the area, which would actually make it much easier to tell what had been wiped versus what was persistent long-term store. The paper, minus the cool photos may be found at: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html Hard disks, I've found, make satisfying small arms targets.] Here is Mac OS X software called SPX that uses the Guttman method of securely deleting data off a hard disk. If you want to donate old HD's this might be the best method for protecting your data that was on the HD other than physically destroying the HD's. http://rixstep.com/4/0/spx/ -- Thanks: Richard Glaser University of Utah - Student Computing Labs [EMAIL PROTECTED] 801-585-8016 _ Subscription Options and Archives http://listserv.cuny.edu/archives/macenterprise.html - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Secure erasing Info (fwd from richard@SCL.UTAH.EDU)
Yeah, but these days, I'd go with the largest flash drive I could afford. USB2 or otherwise. I don't believe you can recover data from these once you actually overwrite the bits (anyone out there know any different?). They're either 1 or 0, there's no extra ferrite molecules to the left or the right of the track to pick up a signal from ;-) As always encrypt the data you write to the device. I wouldn't overwrite flash repeatedly (i.e. the Guttman method of 35 writes) though, there's a limit on the number of writes, after which it goes bad. I'd overwrite it once with random data. Eugen Leitl wrote: - Forwarded message from Richard Glaser [EMAIL PROTECTED] - From: Richard Glaser [EMAIL PROTECTED] Date: Wed, 27 Apr 2005 12:17:43 -0600 To: [EMAIL PROTECTED] Subject: Secure erasing Info Reply-To: Mac OS X enterprise deployment project [EMAIL PROTECTED] FYI: Rendering Drives Completely Unreadable Can be Difficult ---
Re: Stash Burn?
There's laws against destroying evidence, interfering with an officer, interfering with an investigation, etc. If they can prove that you had it and destroyed it, now they can charge you with two crimes instead of just one. (I think I heard once that someone was charged with destroying evidence for taking batteries out of a device when he was arrested hoping to wipe its memory). - Eric Tyler Durden wrote: yes, this reminded me of another brilliant idea. Why don't some cars have a little tiny furnace for stash destruction? If you've got an on-board stash and some Alabama hillbilly with a badge pulls you over, you just hit the button and have you're little stashed incinerated. Who cares if the badge knows you USED TO have something on board? Too late now if any trace of evidence is gone. What's wrong with this idea? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Secure erasing Info (fwd from [EMAIL PROTECTED]) Date: Sat, 30 Apr 2005 19:49:56 +0200 - Forwarded message from Richard Glaser [EMAIL PROTECTED] - From: Richard Glaser [EMAIL PROTECTED] Date: Wed, 27 Apr 2005 12:17:43 -0600 To: [EMAIL PROTECTED] Subject: Secure erasing Info Reply-To: Mac OS X enterprise deployment project [EMAIL PROTECTED] FYI: Rendering Drives Completely Unreadable Can be Difficult --- The National Association for Information Destruction has said it cannot endorse the use of wiping applications alone for ensuring that data have been effectively removed from hard drives. NAID executive director Bob Johnson said the only way to ensure that the data will be unreadable is to physically destroy the drives, and even that has to be done in certain ways to ensure its efficacy. Most major PC makers offer a drive destruction service for $20 or $30. Some hardware engineers say they understand why the drives have been created in a way that makes it hard to completely erase the data: customers demanded it because they were afraid of losing information they had stored on their drives. http://news.com.com/2102-1029_3-5676995.html?tag=st.util.print [Editor's Note (Pescatore): Cool, I want a National Association for Information Destruction tee shirt. How hard could it be to have an interlock feature - you can really, really clear the drive if you open the case, hold this button down while you delete? (Ranum): Peter Guttman, from New Zealand, did a terrific talk in 1997 at USENIX in which he showed electromicrographs of hard disk surfaces that had been wiped - you could still clearly see the 1s and 0s where the heads failed to line up perfectly on the track during the write/erase sequence. He also pointed out that you can tell more recently written data from less recently written data by the field strength in the area, which would actually make it much easier to tell what had been wiped versus what was persistent long-term store. The paper, minus the cool photos may be found at: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html Hard disks, I've found, make satisfying small arms targets.] Here is Mac OS X software called SPX that uses the Guttman method of securely deleting data off a hard disk. If you want to donate old HD's this might be the best method for protecting your data that was on the HD other than physically destroying the HD's. http://rixstep.com/4/0/spx/ -- Thanks: Richard Glaser University of Utah - Student Computing Labs [EMAIL PROTECTED] 801-585-8016 _ Subscription Options and Archives http://listserv.cuny.edu/archives/macenterprise.html - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
