Re: Dell to Add Security Chip to PCs
On Sat, Feb 05, 2005 at 11:23:14AM +0100, Eugen Leitl wrote: > > The point is that HDTV is a popular consumer technology, and the MPAA > > and TV networks alone managed to hijack it. > > I have yet to see a single HDTV movie/broadcast, and I understand most TV > sets can't display anything beyond 800x600. Not widespread in Europe yet, but all the big networks in the US now support it for most or nearly all their prime time schedule and most big events (sports and otherwise) are now in HDTV in the USA. Also more and more cable networks in HDTV and some movie channels. Bandwidth is the big limitation on satellite and cable, otherwise there would be even more. And HDTV sets are selling well now in the USA. Most do not yet have the full 1920 by 1080 resolution, but many are around 1280 by 720 native resolution which works well with the 720p progressive version used primarily for sports (looks better with fast motion). > > DVD started with a copy protection, too. However the really strange thing about the FCC broadcast flag is that the actual over the air ATSC transport stream on broadcast channels is mandated by law to be sent *IN THE CLEAR*, no encryption allowed - so the FCC decision basicly requires any receiver sold to the public *ENCRYPT* an ITC signal before providing it to the user.Naturally this bit of nonsense will go far to make the broadcast flag very effective indeed at preventing anyone with very modest sophistication from capturing the over the air in the clear transport stream and passing it around on P2P networks or whatever - there is already plenty of PCI hardware out there to receive ATSC transmissions (MyHD and many others) and supply the transport stream to software running on the PC. -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass 02493
Re: Optical Tempest FAQ
On Thu, Dec 02, 2004 at 12:32:09PM -0500, Tyler Durden wrote: > However, his discussion would indicate that the various practical concerns > and limitations probably limit this to very niche-type applications...I'd > bet that it's very rare when such a trechnique is both needed as well as > useful, given the time, the subject and the place. > > -TD The big problem with this technology (and classic Van Eck electromagnetic interception too) is that more and more folks are using LCD screens or other display devices that do not do single thread raster scans of what they are displaying. Thus no single signal exists to detect with all the pixels of the image in it. In fact the greater hazard may sometimes be from red, yellow or green LEDs on the front of equipment that are directly driven with real data in order to allow troubleshooting - recovering data from one of those at a distance using a good telescope may be possible and most people don't think of the gentle flicker of the LED as carrying actual information that could be intercepted. -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass 02493
[TSCM-L] Technology boosts use of wiretaps
ons that have been made public - are coming into courts. More are likely, and in more disparate parts of the state, as word of the new system's capabilities filters out, Wall said. Where formerly police in any part of the state had to seek out switching equipment - mostly in Madison or Milwaukee - to set up a wiretap, the new computer system can be run from Madison on "a phone from anywhere in the world" and piped out to any part of the state. "When they give it to us, they're essentially giving it to 72 county sheriffs and 700 police departments," Wall said. "When you call me and you're from the Podunk Police Department, we're there." Ray Dall'Osto, a Milwaukee defense attorney and former legal director for the American Civil Liberties Union of Wisconsin, said he is interested in examining the kinds of new wiretap cases and whether Wisconsin authorities use a wider range of justifications for listening in on citizens' conversations. The right to privacy in certain situations, he said, is very fragile, like an egg. "Once it's gone, it's very hard, if not impossible, to put back together," Dall'Osto said. He also expects the uptick in wiretap usage to continue. "They've got this stuff, and they've got to use it," Dall'Osto said. -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass 02493
Re: "Forest Fire" responsible for a 2.5mi *mushroom cloud*?
On Sun, Sep 12, 2004 at 12:01:29AM -0500, J.A. Terranson wrote: > "No big deal"? Who are they kidding? Has it occured to anyone this might be a covert US (or Chinese or ) operation to destroy the PRK nuke test setup, say with cruise missiles, stealth B2 bombers, or a infiltrated sabotage team ? That could produce a large explosion (but little radioactivity)... And with obvious PRK preparations for a test far advanced (see today's NYT) , I would think it was now or never for such a covert attack. Maybe that is why Dubya was completely shitfaced getting off the helo at the WH on the way back from campaigning in Johnstown Pa this past Thursday ? Too much pressure to keep that Jim Beam bottle in the cabinet... one almost can't blame him... -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass 02493
Digital camera fingerprinting...
Just a random distraction from the normal topics (but not completely irrelevant either)... I happened to spend a few minutes yesterday talking with an individual who participated in the development of both low and high end digital cameras for the commercial mass market. He told me that especially in the low end camera market NO sensors used were completely free of anomalous pixels (black, white, dim, bright etc) and much of the actual processing in digital camera firmware was related to masking or hiding the inevitable defects which apparently can include (at least in CMOS sensors) entire rows or columns that are bad. This got me thinking - clearly these concealment patches are not completely undetectable in families of (multiple to many) images taken with the same exact camera... and for the most part the defects are born with the sensor and change little over time if at all. And with few exceptions they are random, and different for each sensor. Thus it ought to be possible to detect with reasonable probability that a particular image or (much easier) that a particular family of images was likely to have originated with a particular camera. A kind of digital fingerprint if you will... Cypherpunk relevance (marginal perhaps), but the ability to say that a particular image or set of images came from a particular camera COULD have legal consequences for those bent on activities someone thinks of as unfriendly to their interests... Of course the headers of jpegs from cameras (and maybe elsewhere) often contain serial numbers and other identifying information so to the first order this is irrelevant to average users, but interesting none the less. -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass 02493
Switzerland forcing registration of PrePay customers
- Forwarded message from NEXTEL-1 - -- Switzerland forcing registration of PrePay customers The Swiss parliament decided last year to make registration mandatory for prepaid cards. By law, all mobile providers will have be able to provide information about customers buying their prepaid products for at least two years after the purchase. As of 1 July 2004, customers will have to register when buying a prepaid card from Swisscom Mobile (NATEL easy). Those who started using their NATEL easy cards on or after 1 November 2002 will have to register retrospectively. The authorities are aiming to limit the misuse of prepaid cards by these measures. Customers will be registered when they buy a NATEL easy SIM card. For verification, proof of identity will be required in the form of a valid passport, identity card or other travel document accepted for entry into Switzerland. In addition to the customer's personal details, Swisscom Mobile must also record the type of and number of the form of identification presented. The NATEL easy card will only be activated for use when all the necessary customer details have been recorded. Customers attempting to make calls with an unregistered prepaid card will hear a greeting prompting them to register their NATEL easy card. Retrospective registration until end of October 2004 On 23 June 2004, the Federal Council decided that prepaid customers who started using SIM cards on or after 1 November 2002 would have until 31 October 2004 to register. Swisscom Mobile will seek to ensure that the registration of these customers takes place in line with the statutory requirements and in as customer-friendly a manner as possible. The customers affected will be prompted via SMS to register their SIM cards. Registration can be made wherever Swisscom Mobile NATEL subscriptions can be purchased. In addition to the customers' personal details, Swisscom Mobile will also have to record their SIM card and mobile phone numbers. In accordance with the regulation, Swisscom Mobile will be obliged to block the access of customers who have not registered by 31 October 2004. Retrospective registration also applies to those prepaid customers who have already registered voluntarily with Swisscom Mobile in the past. The only exceptions are NATELĀ® easy customers who have registered formally (i.e. on presentation of a valid passport or identity card) in a Swisscom Shop since the middle of April 2004. On the basis of current information, Swisscom Mobile believes that several hundred thousand NATEL easy customers will have to register retrospectively. Posted to the site on 05-Jul-04 http://www.cellular-news.com/story/11407.shtml -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass 02493
Re: Tyler's Education
On Sat, Jul 03, 2004 at 09:41:44PM -0500, J.A. Terranson wrote: > On Sat, 3 Jul 2004, Major Variola (ret) wrote: > > > At 07:18 PM 7/3/04 -0400, Tyler Durden wrote: > > >I dunno...as an ex-optical engineer/physicst, I'm sceptical about this > > whole > > >scary "tempest" bullcrap. Even if it can be made to work fairly > > reliably, I > > >suspect deploying it is extremely costly. > > Scary or not, I can attest from first hand personal knowledge that this > type of monitoring is in active use by the US, and has been for over 4 > years (although it's only been "mainstream" for ~2). Would you care to comment on any technical or other details ? Tempest monitoring of raster scan CRTs has been around for a long long time... but most current LCD displays are much less vulnerable as pixels are switched in parallel (and of course not painted at high speeds allowing optical monitoring). But many video cards generate the rasterized stuff anyway... and use that interface to talk to the LCD monitor. Tempest monitoring of energy on communications lines and power lines related to internal decrypted traffic has been around since before the Berlin tunnel... and used effectively. But the heyday of this was the mechanical crypto and mechanical Teletype era... where sparking contacts switched substantial inductive loads. Tempest monitoring of CPU and system behavior is a newer trick in most cases if it is effective at all in typical situations. Obviously Tempest monitoring of copper wire ethernet LAN traffic is possible. Wireless LANs, of course, aren't a Tempest issue. Perhaps some keyboards radiate detectable keystroke related energy... But given the current statist tendencies here and elsewhere, it would not surprise me at all to hear that any and all techniques for surveillance anyone has shown to be effective are likely in active use - there is money, interest, and a great lowering of inhibitions. And certainly there has been more than enough open discussion of Tempest type side channel attacks, unlikely the folks behind the curtain have just ignored all of it... On the other hand the cost, complexity and sophistication of the gear required to extract information at useful ranges is still daunting compared to other methods of obtaining the same information (such as black bag jobs with disk copiers and use of trojans to capture passphrases). -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass 02493
EZ Pass and the fast lane ....
Having been inspired by some subversive comments on cypherpunks, I actually looked up the signaling format on the EZ-Pass toll transponders used throughout the Northeast. (On the Mass Pike, and most roads and bridges in NYC and a number of other places around here). They are the little square white plastic devices that one attaches to the center of one's windshield near the mirror and which exchange messages with an interrogator in the "FAST LANE" that debits the tolls from an account refreshed by a credit card (or other forms of payment). They allow one to sail through the toll booths at about 15-20 mph without stopping and avoid the horrible nuisance of digging out the right change while rolling along at 70 mph in heavy traffic. Turns out they use Manchester encoded on-off keying (EG old fashioned pulsed rf modulation) at 500 kilobits/second on a carrier frequency of 915 mhz at a power a little under 1 mw (0 dbm). The 915 mhz is time shared - the units are interrogated by being exposed to enough 915 mhz pulsed energy to activate a broadband video detector looking at energy after a 915 mhz SAW filter (presumably around -20 dbm or so). They are triggered to respond by a 20 us pulse and will chirp in response to between a 10 and 30 us pulse. Anything longer and shorter and they will not respond. The response comes about 100-150 us after the pulse and consists of a burst of 256 bits followed by a 16 bit CRC. No present idea what preamble or post amble is present, but I guess finding this out merely requires playing with a transponder and DSO/spectrum analyzer. Following the response but before the next interrogation the interrogator can optionally send a write burst which also presumably consists of 256 bits and CRC. Both the interrogators and transponders collect two valid (correct) CRC bursts on multiple interrogations and compare bit for bit before they decide they have seen a valid message. Apparently an EEPROM in the thing determines the partition between fixed bits set at the factory (eg the unit ESN) and bits that can get written into the unit by the interrogators. This is intended to allow interrogators at on ramps to write into the unit the ramp ID for units at off ramps to use to compute the toll... (possibilities for hacking here are obvious for the criminally inclined - one hopes the system designers were thoughtful and used some kind of keyed hash). No mention is made of encryption or challenge response authentication but I guess that may or may not be part of the design (one would think it had better be, as picking off the ESN should be duck soup with suitable gear if not encrypted). But what I have concluded is that it should be quite simple to detect a response from one's transponder and activate a LED or beeper, and hardly difficult to decode the traffic and display it if it isn't encrypted. A PIC and some simple rf hardware ought to do the trick, even one of those LED flashers that detect cellphone energy might prove to work. Perhaps someone more paranoid (or subversive) than I am will follow up and actually build such a monitor and report whether there are any interogations at OTHER than the expected places... -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass 02493
Re: [mnet-devel] DOS in DHTs (fwd from amichrisde@yahoo.de)
On Wed, Oct 22, 2003 at 04:47:02PM -0700, Steve Schear wrote: > > I think the U.S. Constitution will stand in the way of widespread adoption > of NDLs. They may have regulated firearms, though these laws are widely > ignored by citizens, but I have yet to see a license for owning a > typewriter or PC proposed. They have already ruled numerous times that the > Internet is deserving of at least as free and access as print media and > political flyers (which can be anonymnous and still pass legal muster). > You are an optimist. Us pessimists see use of Palladium/TCPA/NGSCB as all too tempting a means of regulation of the net. Initially one will not be able to get high speed Internet service at affordable rates without the big brother inside, but as this "voluntary" commercial regulatory measure proves not to curb behavior that certain powerful lobbies want controlled, there will be mandatory requirements imposed by law as per the Fritz chip. Perhaps courts will not allow such to be used for explicit censorship of otherwise legal free speech, but I'd not bet that an ISP would be required to allow "objectionable content" to pass over its wires under such a scheme. And once one must register to obtain certificates for Palladium/NGSCB attestation, one really does have a form of net drivers license. > steve -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass 02493
Re: SIGINT planes vs. radioisotope mapping
says come up and get the nuclear war order. Actual messages are sent on VLF frequencies (16-90 khz) which penetrate seawater better than other frequency ranges and can be received while submerged to up to a couple hundred feet. Antennas for this function are not buried, but gigantic towers or mile long wires trailed from command and relay aircraft. Aircraft (notably the Guardrail and Rivet Joint aircraft) can and do collect most any available radio signals they can see from flight altitude. This allows cellphones, cordless phones, pagers, pdas, wireless email devices, and miscellaneous two way radio signals to be vacuumed up and some microwave links to be intercepted as well, but none of these aircraft has ever been reported to routinely do TEMPEST type interception of wireline traffic from incidental radiation. > And if any of the copper is carrying digital data, square waves are hugely > rich in harmonics well up into the > MHz bands, and would therefore tend to radiate better from any above-ground > wires between poles, possibly > even roadside pedestals. > Actually FCC rules require things be built NOT to radiate all that much because of interference to licensed services using precious spectrum, so most wire communications devices fiber and copper radiate very very little energy. Part of this is due to the cancellation effect of energy flowing in balanced transmission lines, and part due to filtering and shielding. And there are myriads and myriads of information streams flowing in typical aerial cables - even if the energy could be detected at a distance (which it can't due to the impact of the inverse square law) it would be nearly impossible to sort out the impulses from one circuit from those of all the others in the same cable. > And I've seen alot of RF off of traditional CATV coax; don't know if > fiber-optic cable systems might ultimately > have any tie-in to the coaxial feed to/from the headend. > Cable TV systems have rather high level VHF and UHF rf flowing in them. There is constant problem for cable companies with corrosion and damage to the wires causing some of this energy to leak out and be radiated and cause interference to licensed services on the same frequencies. Cable companies spend lots of dollars going around looking for and fixing these problems in order to avoid fines and other legal action by the FCC and FAA. Modern cable companies use fiber optics to transmit the signals from the headend where the satellite dishes and antennas are to a neighborhood where they are converted from optical to rf on copper and distributed locally. And optical fiber does not radiate at all at radio frequencies. The only source of rf radiation in fiber optic systems is the electronics at either end which convert the light into electrical signals for local use. One problem that most naive paranoid types completely fail to grasp is the titanic volume of modern communications. The flow is so overwhelming that only a powerful God could possibly process it all to find interesting material. The entire federal budget could not pay enough humans to screen and analyze ALL the electonic communications of even a medium size city in 2003.So communications intercepts are necessarily targeted very narrowly, even drag net fishing is likely done only in places where there is a real likelihood that something important will turn up with finite effort. The notion that an all powerful big brother is listening to everything and capturing everything just is not realistic, and a very very high percentage of what does get captured is never looked at or listened to or even stored for very long. Which of course is why traffic analysis and transaction analysis and social network discovery is far more important than flying airplanes around trying to collect incidental radiation from local copper T1 lines. Knowing who calls or emails who makes it possible to find the needles which you want to monitor in the vast haystacks. Thus there is a much greater probability that records of your calls and IP traffic addresses are looked at for patterns and association with known bad guys than that someone is actually listening to or reading your traffic looking for the word bomb. -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass 02493 PGP fingerprint 1024D/8074C7AB 094B E58B 4F74 00C2 D8A6 B987 FB7D F8BA 8074 C7AB
Public hearing on Super DMCA in Boston
The public hearing on the Mass version of the super-DMCA bills that have been the topic of so much discussion is scheduled for tommorow April 2nd at 10 AM in room 222 of the State House in Boston. This may supply some answers as to who is originating these bills and what their goals are... -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass 02493 PGP fingerprint 1024D/8074C7AB 094B E58B 4F74 00C2 D8A6 B987 FB7D F8BA 8074 C7AB
Re: FC: An analysis of Michigan and Colorado "mini-DMCA" bills
On Sun, Mar 30, 2003 at 10:02:12AM -0500, Declan McCullagh wrote: There is another side to the MPAA's super-DMCA state legislation. In addition to its impact on use of encryption, vpns, firewalls and so forth it also sets forth new non-federal restrictions on possession and used of radio receiving equipment. While some of your readership may have different perspectives on this, it appears that several of these mini=DMCA bills might well be read to ban ownership or use of Big Ugle Dish (BUD) type TVRO satellite dish setups, or at least those used for private viewing of unscrambled sports backhauls and newsfeeds as opposed to being subscribed to scrambled programming services. This private viewing has been generally legal under federal law (Satellite Viewers Rights Act), but very few of the program providers have actually given any kind of express consent for the public to watch and thus the mini-DMCA provisions requiring such consent would possibly render even possession of such dishes illegal in states where such laws are in effect. And while the argument is more stretched, it also seems that someone might argue that police scanners used to monitor public safety communications (expressly permitted under federal law) might fall under this rubric too, as the public safety agencies may not have give express consent. Under the Mass. bill this would criminalize mere possession of such radio equipment. -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass 02493 PGP fingerprint 1024D/8074C7AB 094B E58B 4F74 00C2 D8A6 B987 FB7D F8BA 8074 C7AB
Re: Using time-domain reflectometry to detect tamper attempts on telecom cables
On Fri, Mar 07, 2003 at 02:38:56PM -0500, Tyler Durden wrote: > > Undersea, I've heard that NSA uses splices, and that NSA has its own sub > for that purpose. (And the company I used to work for did some work on > undersea NSA optical projects, so I tend to believe the rumors I heard > there.) Tapping the cable isn't all that impossibly hard (though the things carry considerable HV to power the repeaters/optical amplifiers so it isn't entirely trivial either). But getting the bits from under the ocean somewhere back to Fort Meade without being detected must be more interesting. One wonders if there is any other practical technology than just stringing another cable covertly all the way back to the nearest friendly location where intercept gear and links back to the US can be set up. Are there bouys out there in the middle of the ocean with satellite dishes or laser optical transmitters on them ? How do we hide them ? It probably is true that the right wavelength laser will penatrate water for some limited distance so a link could be set up from a bouy near but below the surface to a sensitive telescope in earth orbit. But this sounds awfully risky and complex. And I guess a simpler approach might be to fly aircraft or drones over the tap and relay that way, though having aircraft circling somewhere over a cable would be a dead giveway I should think... The original IVY BELLS tap was of a limited capacity FDM analog coax link and was done by inductively sensing minute skin currents flowing on the surface of the cable (eg leakage of the signal). AFAIK there was only one coax in each direction so separating out traffic was done by demultiplexing the FDM-SSB signals (same way it was done on shore) as there was no overlap of traffic on multiple wires. Apparently the IVY BELLS taps involved recording certain voice channels on vast capacity tape recorders powered by Plutonium decay theroelectric generators. The tapes were only rescued months later when the sub came back to the tap site. Doing this for a sonet ring carrying 10 gbs or so as some undersea cables now do seems rather challenging - at the very least how one would follow changes in channel allocations and traffic loading would seem very problematic. And intercepts that are weeks or months old would be very much less interesting in most cases than near real time intercepts - particularly of targets like terrorists. -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
DMCA charges used against DSS pirates ...
en Thornton, 36, of Redondo Beach, California, 36, who has plead guilty to developing satellite signal theft devices by writing software to circumvent smart card technology. Christopher Humbert, 20, of Terre Haute, Indiana, who has plead guilty to creating software code used to circumvent smart card technology. Gary Bumgardner, 46, of Kernersville, North Carolina, who has plead guilty to manufacturing and distributing satellite signal theft devices including hacked access cards. Bumgardner admitted his actions lead to a loss of $68,732.16. Thomas Sprink, 41, of Cocoa, Florida, who has plead guilty for selling hardware devices. Sprink admitted to causing a loss of $24,547.20. Dennis Megarry, 39, of Ostrander, Ohio, who was arrested Tuesday morning based on a criminal complaint filed against him for distributing illegal hardware devices. Robert Walton, 37, of Temple City, California, who was arrested Tuesday morning on charges of conspiracy and manufacturing satellite signal devices. Thomas Emerick, 33, of Ontario, California, who has plead guilty to distributing decryption devices and reprogramming smart cards, and has admitted to causing $70,000 in loss to the satellite companies. Joseph Bolosky, 30, of Panorama City, California, who has agreed to plead guilty to charges of manufacturing decryption devices and admitted causing a loss of $245,472.00. Yang said Tuesday that Operation Decrypt is an ongoing investigation being handled by the Cyber Crimes Squad in the FBI's Los Angeles Field Office, and is part of the Attorney General's Computer Hacking and Intellectual Property program. "There is definitely a strong possibility of others getting charged in the future," a spokesman for Yang told internetnews.com. -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
[doug@joss.com: Re: [coldwarcomms] Digest Number 1106]
- Forwarded message from Doug Humphrey <[EMAIL PROTECTED]> - To: [EMAIL PROTECTED] From: Doug Humphrey <[EMAIL PROTECTED]> Date: Wed, 12 Feb 2003 20:45:06 -0500 Subject: Re: [coldwarcomms] Digest Number 1106 > >Subject: Re: Sprint Hardened Sites > >Very interesting question! > >I came across this page, mentioning an underground backup NOC and suggesting >it's the vicinity of Sprint's HQ in Kansas: >http://www.dpstele.com/protocol/2001/jul_aug/sprint_pcs.html . > >Albert they don't give any discussion of the other hardened sites next door to Pennsauken - Pennsauken was not built for the NAP, it predates that considerably as the "backend" for a cable landing station - there is a big fiber loop from the cable landing station (which is nearer to the atlantic ocean) to Pennsauken where there is more room for gear. The loop also incorporates an NSA facility that does something (can't imagine what ;-) on the fiber. Doug Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ - End forwarded message - -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Re: What was really on that Shuttle?
On Fri, Feb 07, 2003 at 11:46:02AM -0800, A.Melon wrote: > From: > http://www.cnn.com/2003/TECH/space/02/07/sprj.colu.secret.search.reut/index.html > > -- > > In and around the tiny Texas town of Bronson, near the Louisiana border, > hundreds of National Guardsmen, federal agents, state troopers and > volunteers searched for a mystery object from the shuttle. > > They searched block by block and used machetes to hack their way through > thick woods that surround the town. The searchers were given a picture of > a faceplate from the device, which said "Secret Government Property" in > white letters on a black background. > > [...] > > Texas state troopers stood guard over the operation and told photographers > to keep their distance. They said they would be asked to leave the area if > searchers found something they did not want photographed. Reports I have read was that they were searching for a crypto box of some kind. It is known the shuttle carries various crypto devices, and that at least some of the telemetry and voice communications sent via the TDRSS satellites are encrypted, if not most or even nearly all of them. And the TDRSS satellites are extensively used for links to DOD spacecraft as well as the Shuttle -including some intelligence birds - so some of the crypto gear and keys involved might be common and thus expose other TDRSS links to adversaries. Also, presumably they would have been using keys stored in some kind of non-volatile storage, as the risk of losing them due to a power glitch of some sort would presumably outweigh any risk of unauthorized physical access to the keys (obviously not possible except in disasters). So there is a good chance that a crypto box that survived reentry in good shape might still have valid keys in it, making it nominally a Top Secret or above device under US DOD crypto custody rules. And the keys might very well be in EEPROM or even just plug in EPROMs that might very well survive reentry intact. Also, even if no keying material was exposed, one supposes that some of the NSA satellite crypto chips used might be of considerable interest to foreign governments (say the Chinese). And the chance that a chip survived reentry would be quite great. Needless to say, if some foreign entity MIGHT have grabbed your keys or crypto chips, you have to take precautions (changing keys and so forth) which cost lots of money so trying to find the crypto box and the chips and keys makes a lot of sense as it save considerable effort and expense later on. -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Re: Tiny whiskers make huge memory storage
On Tue, Feb 04, 2003 at 09:10:39AM -0500, Sunder wrote: > > My question is what's a reasonable order of magnitude of overwriting data > now, assuming you're not trying to hide data from, say the NSA. > This raises a question I've long had. ARE there actual systems for reading overwritten disk data in existance out there ? Are they in daily use or merely laboratory curiosities ? I know, of course, that there are companies that supply disk recovery services, but as far as I have ever heard they mostly work with non overwritten data on disks that have bad electronics, bad motors, bad head actuators, damaged formating, bad servo tracks, bad heads, damaged surfaces and so forth. The most I have ever heard of being routinely done is reading data off a platter with a special external head positioned by special mechanics and servo systems. And of course most of what data recovery companies do is work with disks with corrupt filesystems but largely or entirely intact information content on the platters. This includes partially erased filesystems and file systems with key information blocks that cannot be reliably read or that have been overwritten by garbage. None of this involves reading the ghosts of previous data in sectors that have been overwritten once or multiple times. So what is the actual threat ? Are there any papers describing practical production systems and proven techniques for retrieving overwritten data ? How good are they - what BERs are obtainable for what percentage of data ? Clearly a cryptographer legitimately worries about being able to infer that a particular bit a of key has a slightly greater than 50% chance of being a 1 or 0, but for most users retrieving email or documents with even one or two corrupt characters in them per page may not be very interesting even if it is possible. And good lawyer should be able to plant doubt in the minds of a jury if the data is really garbled, even if it seems incriminating. So it would seem that for most normal recovery purposes (business data recovery and evidence) any multi-layer ghost data recovery would have to be pretty good to be worth investing in. The NSA/CIA, however might be interested in anything at all under some circumstances - without those limitations. So how real is the threat - what does it cost to have it done and how expensive is the gear ? Who actually has working setups in use ? And how many layers down can they really read ? And with what BER ? -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Re: Small taste of things to come if the war on Iraq happens.
On Sun, Jan 19, 2003 at 07:45:56AM -0500, Jay h wrote: > -- Original Message -- > From: Matthew X <[EMAIL PROTECTED]> > Date: Sun, 19 Jan 2003 20:47:49 +1100 > > >street, and through the windows of a Starbucks and a Victoria's Secret. > > Yes all those evil weapons of mass destruction made by Victoria's Secret... they >MUST BE STOPPED! > > The obsession with Starbucks really puzzles me. Starbucks is one of the few mass >retailers that actually offers medical coverage to even part timers, it allows people >to move from place to place and pick up employment at another store, their policies >have always been actively supportive of people discriminated against elsewhere such >as lesbian and gay, and unlike Walmart, their prices pose no threat to the beloved >'mom and pop' stores in a community. It would seem there are better targets to attack >as the evil tools of oppression. > > j > > > > > ____ > Sent via the WebMail system at 1st.net -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Re: If this be terrorism make the most of it!
On Sat, Dec 07, 2002 at 10:56:14AM -0800, Morlock Elloi wrote: > > But we will always have phone booths and acoustic couplers. Not around Boston. I got attacked by a script kiddie with the kloged trojan on Thanksgiving morning at 5 AM and had occasion to need to make a couple of out of state calls related to cleaning up the mess.. So I tried the nearest phone booth. Put the money in and dialed the number - got a reorder. So I tried 12 more phone booths (mostly in a cluster of 8) and got "we are unable to complete your call as dialed - please check the number and try again or ask your operator for assistance". The phones that did not provide this message all gave reorders or no ringback (silence). So out of 12-14 payphones I tried at 5 locations including the fancy public library in the wealthiest town in Mass I was able to find none that would connect an out of state coin call (versus credit card or prepaid card calls). Several would connect local coin calls - I checked. I did verify that this was not related to the numbers I was dialling, trying various random out of state (and out of LATA) numbers gave the same exact results. Thus it seems that at least around the wealthy Boston suburbs they have already made it impossible to make a long distance coin call, and one presumes this is for obvious reasons... We are closer to the police state that everyone fears than we know.... -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Re: Worm Klez.E immunity
On Thu, Nov 21, 2002 at 02:47:24PM -0600, tcmay wrote: > Content-Type: application/octet-stream; > name=RPOUDOMI.TXT > Content-Transfer-Encoding: base64 > Content-ID: > Who are all these people with Hispanic names anyway ? Doesn't look like a list of arab terrorists to me.... -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Re: News: House votes life sentences for hackers (fwd)
On Wed, Nov 20, 2002 at 12:40:26AM -0500, Declan McCullagh wrote: > On Fri, Nov 15, 2002 at 10:48:37PM -0500, Dave Emery wrote: > > I might hasten to add that as I am sure Declan knows, this > > addition to the Homeland Defense Act also includes the CSEA provisions > > that turn hobby listening to certain easy to receive but off limit > > radio signals from an offense with a maximum penalty of a $500 fine > > to a federal felony with 5 years in prison as penalty. > > Dave, > Thanks for the details about the hobby listening. I looked through > the bill quickly again, and couldn't find the prohibitions you describe. > > The bill as passed by the House is here, with the Senate version near- > identical: > http://www.house.gov/rules/homeland.pdf > > Got a page number? Section 225 (j) (1) bottom of page 57 and top of page 58 in the version that the above link points to. One certainly would miss it if one wasn't looking for it very carefully. And it makes no sense without refering to the original text of section 2511 (4). > > -Declan -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Re: News: House votes life sentences for hackers (fwd)
On Fri, Nov 15, 2002 at 10:20:42PM -0800, Steve Schear wrote: > At 11:59 PM 11/15/2002 -0500, Dave Emery wrote: > >And I am on record as advising some of the folks doing gnu-radio > >that in my personal opinion it was rather unlikely that a user > >programmable open source software radio would ever get FCC approval or > >be legally sold in the USA under current regulations on scanning radio > >receivers. > > No FCC approval should be required. GNURadio is not a RADIO but an > extensible toolkit of signal processing software for building test > instruments. Test instruments are essentially unregulated by the FCC. See > for yourself by checking out the regulatory compliance section a spectrum > analyzer or signal generator from HP or Tektronix. This probably will work as long as software is not sold with hardware as a complete integrated package and as long as neither is marketed as a scanning radio receiver or a kit to make one. But the FCC looks very dimly on attempts to market "test equipment" that is really an otherwise banned scanner and they have pushed a couple of such products off the market. There is very little doubt that the gnuradio package has lots of applicablity to test equipment use and to various kinds of measurement and calibration requirements in real radio systems as well as use in R&D simulating and analyzing radio systems. And clearly hams can use it as they wish for ham projects. And perhaps someone will come up with a sufficiently closed and secured application to pass FCC muster for use in a real radio system sold to the general public - but likely that would have to be more or less a sealed box (like Linux in Tivo units) which could not be user altered or added to and might well have to include digital signatures or other mechanisms to ensure this. Of course I probably have an axe to grind here as a collector and user of test equipment and related professional electronics of various sorts - I'd sure as hell not like to see private ownership or purchase or sale of such licensed, regulated or even banned. And there already was one such attempt by the cellular industry to persuade the FCC to restrict private ownership of certain RF test equipment back in the late 90s which fortunately the ham community was able to persuade the FCC was foolish and would damage the ability of hams to serve the country in times of emergency. Had the FCC gone along with the cellular industry proposals, virtually all rf test equipment such as spectrum analyzers, modulation meters, service monitors, signal generators, network analyzers, protocol analyzers, microwave counters, test and measurement receivers and the like and perhaps even things like certain logic analyzers and scopes would have become controlled items that could only be bought or sold by communications carriers and companies making or servicing equipment for them or government and military agencies. Private sale oe ownership would have been banned, and might even have become a crime. As it was finally resolved, the FCC ruled that as long as test equipment was not marketed to the general public it could be bought, sold, used and possessed by members of the public - especially hams - without any restrictions on what an individual could buy or own. But in the NPRM the FCC made quite clear that if someone was trying to sell otherwise banned or unapproved electronics to the general public as "test equipment" they would take action. > > steve -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Re: News: House votes life sentences for hackers (fwd)
On Fri, Nov 15, 2002 at 08:01:08PM -0800, Tim May wrote: > > And software-defined radios, which are now coming from at least two > sources, will make this even easier. Indeed, "trespassing" into the Big > Brother-owned frequencies will be even easier. > > We may even see SDRs outlawed from the outset as "terrorist tools." > > (Inasmuch as tuning an SDR is nothing more than entering numbers, or > running simple programs, we may also see "coding as speech" arguments > resurrected. All for naught, though, as Camp Liberty in Guantanamo Bay > has room for 12,000 more Thought Criminals.) > Rumor has it that the ECPA hobby listening penalty increase in the CSEA was, surprisingly, not originated by the House Republicans burned by the intercept of the Newt call or by cellphone lobbyists tying to save money on encryption but by the Bush Justice Department. The DOJ is supposed to have asked for the added penalties as an addition to the original CSEA. This is an interesting turnabout from their attitude back in 1985 when the ECPA was being crafted when they described such restrictions as unenforcable and something they didn't want to deal with. Whilst hardly (understatement of the year) a Washington insider, I would speculate that perhaps someone in the DOJ has gotten concerned about recent white hat hacker projects like gru-radio and takes the potential threat from bright hackers with IQs 40-60 or more points over the scanner crowd far more seriously than some truck driver with a modified Radio Shack scanner. And I am on record as advising some of the folks doing gnu-radio that in my personal opinion it was rather unlikely that a user programmable open source software radio would ever get FCC approval or be legally sold in the USA under current regulations on scanning radio receivers. So I share Tim's assessment about the likelyhood of such being banned or tightly restricted, though it seems hard to see how they can be kept out of the hands of hams for use on ham bands (and more such ham projects appear every day). -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Re: News: House votes life sentences for hackers (fwd)
On Fri, Nov 15, 2002 at 12:11:35PM -0500, Declan McCullagh wrote: > On Fri, Nov 15, 2002 at 10:09:37AM -0500, Tyler Durden wrote: > > Holy Shit! > > > > Does that mean that some 18-year-old script kiddie could get LIFE? > > Yes, that's what the law says. Has to be a malicious attack, etc. I linked > to the text of the bill -- you may want to read the gory details for yourself. > > -Declan I might hasten to add that as I am sure Declan knows, this addition to the Homeland Defense Act also includes the CSEA provisions that turn hobby listening to certain easy to receive but off limit radio signals from an offense with a maximum penalty of a $500 fine to a federal felony with 5 years in prison as penalty. When this legislation is signed into law ANY violation of the radio listening bans in the ECPA will be a serious felony, no lesser penalty for the first offense or because the intercept was done out of curiosity or the desire to experiment with radio gear. And no lesser penalty because the offense was not for private financial gain or commercial advantage or in furtherance of a crime as the current law allows. What this means is that while one would have been hard pressed to do more than commit a federal offense with a $500 fine by purchasing a scanner or receiver from Radio Shack and tuning around just to see what one hears, one can now commit a serious felony by doing this extremely easily. The radio spectrum allocations in use at the moment are arcane and complex, and making sure that everything one listens to is legal requires a great deal more FCC and ECPA knowlage that most of the public possesses. An example of this is that the ECPA currently includes an obscure ban on listening to broadcast remote pickup signals used to relay audio back to the studio from remote sites like traffic helos. So tuning in the traffic helo feeds to find out about the traffic jam ahead will be technically a serious federal felony. And many of these signals are intermixed cheek to jowl with legal to listen to police and other public safety and business communications, so it is not that easy to be sure which is which. And certainly anyone reading my words here must realize that such draconian and essentially unenforcable laws will only be used in selective prosecutions to squash those the government doesn't approve of... they certainly won't increase communications privacy or security and may in fact decrease it if they allow the draconian penalties to be used as an excuse for not spending the money to implement secure and effective encryption of anything sensitive flowing over a radio link. -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Re: They will damn well try to legislate DRM]
On Thu, Jul 18, 2002 at 07:45:26PM -0700, [EMAIL PROTECTED] wrote: > > In the end, the camel has to be wholly in the tent, with > programmer licensing, a ban on the sale of new general purpose > computers to unauthorized people, (expect a spate of television > shows with demonic computer salemen whose lust for profit empowers > international terrorists) and a ban on unauthorized possession of > programming tools, or else the camel has to be wholly out of the > tent, meaning a free hand to break such inconveniences as regional > encoding on DVDs. I hate to inject my silly voice into such august debate, but it is both possible and there is precedent (in respect to other consumer electronic gear) for legislating restrictions on consumer PCs in the hands of the general public without controlling or restricting PCs used for business, commercial, scientific, or technical purposes. Thus the pro-DRM argument that says that DRM will never be legislated because of the magnitude of the impact to the economy conveniantly ignores the possibility of a bill that restricts new PCs sold for home use by ordinary consumers but allows all the computers in the business economy to function without TCPA or DRM if they choose. This would, of course, satisfy almost all the content cartels realistic needs and would only force consumers to upgrade to the closed boxes if they wanted the new content, not force wholesale replacements of offices full of PCs. And yet it could result in a world in which it was illegal to offer software or hardware to the general public that was not DRM'd or allow the general public complete access to their networked machines even for personal use only. -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Another restriction on technology - cell and cordless scanning now a felony
going to prosecute a hobbyist for radio communications interception under the old version of the ECPA if the worst penalty that could be levied was a $500 fine - there simply is not the budget or the staff to prosecute people for what would be a very minor offense (equivalent of a speeding ticket). And even prosecuting hobbyists for more serious interception (eg not cellular, cordless or pagers) was still a misdemeanor offense prosecution with jail time unlikely. So in practice the only prosecutions were of people who clearly had a commercial purpose or otherwise engaged in egregious and public (eg the Newt call) conduct - no ever got prosecuted. And this was doubtless the intent of Congress back in 1985-86 - it would be illegal to monitor certain radio traffic but only a minor offense if you did so for hobby type personal curiosity or just to hack with the equipment or technology - and a serious felony if one engaged in such conduct for the purpose of committing a crime or gaining financial or commercial advantage (eg true spying or electronic eavesdropping). But after this bill is signed into law (and clearly it will be), it will be quite possible for a federal prosecution of a hobbyist for illegal radio listening to be justified as a serious felony offense worth the time and effort and money to try and put in jail even if the offense is not for a commercial purpose or part of an illegal scheme. Thus "radio hacker" prosecutions have now become possible, and even perhaps probable. And federal prosecutors and law enforcement agents get career advancement and attention from senior management in their agencies in direct proportion to the seriousness of the offense they are investigating and prosecuting - nobody ever advances to senior agent for going after jaywalkers, thus by raising the level of less than legal hobby radio monitoring offenses from a jaywalking class offense to a serious felony for which there can be real jail time it becomes much more interesting from a career perspective to prosecute radio listening offenses. And needless to say, such prosecutions would be shooting fish in a barrel type things given that many individuals are quite open on Internet newsgroups and mailing lists about their activities. And of course this MAJOR change in the ECPA also has the effect of making the rather ambiguous and unclear meaning of "readily accessible to the general public" in 18 USC 2510 and 2511 much more significant, since intercepting something that isn't readily accessible to the general public is now clearly a serious crime even if done for hobby purposes as a first offense. Thus one has to be much more careful about making sure that the signal is a legal one... And further than all of this, and perhaps even MUCH more significant to radio listeners on Internet scanner lists The careful, thoughtful reader will note that section 4 has been revised a bit lately, and that this new section 4 (see above) now makes it a federal felony with 5 years in jail penalties to violate section 1 INCLUDING the following provisions of section 1: 18 USC 2511: > (1) > Except as otherwise specifically provided in this chapter any person who - > > (c) > > intentionally discloses, or endeavors to disclose, to any other person > the contents of any wire, oral, or electronic communication, knowing or > having reason to know that the information was obtained through the > interception of a wire, oral, or electronic communication in violation > of this subsection; > > (d) > > intentionally uses, or endeavors to use, the contents of any wire, oral, > or electronic communication, knowing or having reason to know that the > information was obtained through the interception of a wire, oral, or > electronic communication in violation of this subsection; or > > >shall be punished as provided in subsection (4) or shall be subject > to suit as provided in subsection (5). This seems to have changed the status of revealing as part of a hobby list posting any hint of the contents of a radio communications that might or might not have been legally intercepted from a potentially minor misdemeanor offense or less to a serious felony. Thus if a court finds that any communication reported on an Internet list was not legally intercepted, felony penalties apply for publishing the information even if the interception was for hobby purposes (which of course most scanner list intercepts are). Thus the legal climate has fundamentally changed, and one can assume that since the Bush administration has been pushing for the passage of this bill that they perhaps intend to start prosecuting at least some category of radio under the new provisions - no doubt as an example meant to scare the rest of us into handing our radios in at the nearest police station... -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Re: FC: Hollywood wants to plug "analog hole," regulate A-D
On Fri, May 31, 2002 at 08:59:43PM -0500, Neil Johnson wrote: > Remember it only requires ONE high-quality non-watermarked analog to digital > copy to make it on the net and it's all over. And that is what this whole nonsensical scheme founders on. There are probably 300-500 million existing sound cards out there and at least millions of existing NTSC analog capture cards. Many if not most can do acceptable fidelity conversion of analog audio and video to digital formats if programmed correctly. And there are even a few tens of thousands (or more) of new generation PCI cards that capture ATSC digital video (including HDTV) direct to disk in the clear. The MPAA cannot will these out of existance. Sure some are obselete ISA based designs, but there are certainly enough reasonably current boards around so that it will be a long long while before the population of working systems capable of performing analog to digital conversion of either watermarked audio or video reaches insignificance. And without that point being reached, anything else seems pretty ineffective as per your point above. And telling the public that they face serious jail time if they don't turn in that Creative Soundblaster from the old PC in the attic closet isn't going to fly. The sheeple may be sheep but even they aren't going to accept that kind of nonsense from Hollywood or any corrupt congress. I'd even venture to say that if this issue breaks out into the big time and the public really is faced with crippled devices that don't work and mandatory obselescence of existing expensive computer and entertainment systems with potential jail time for use of old equipment that the backlash will be so intense that raw public votes will control over Hollywood money. -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
An interesting discovery (if true) in the UK...
- Forwarded message from "Justin T. Fanning" <[EMAIL PROTECTED]> - Date: Mon, 13 May 2002 23:24:45 +0100 From: "Justin T. Fanning" <[EMAIL PROTECTED]> Subject: Re: [Fwd: The The Owl and the Doughnut - UK input Re: [TSCM-L] Cell Triangulation] To: [EMAIL PROTECTED] George Shaw wrote: > Out of curiosity tonight I took apart a Nokia 3210e (Orange) powered > down and took readings across the range on the Rx side of the circuits > and YES it is powered even when the "switch" is off. Now that's interesting research! > I am running further tests now to see what exactly it is capable of > receiving but all indications are that it can indeed Rx when in "off" > mode which really is a standby mode I guess. What equipment do you have access to? Can you see data on the BUS? Can you probe the IF or is this within an IC? If you can confirm it's monitoring the control channel of your closest cell, that's a major discovery. I would probably go to the software level next and find exactly what functionality is available when in this mode. > I have several other phones here I can hack this week. Now if Nokia > are doing it I guess the others are as well, whether it's in the > spec or not. Look forward to hearing of your findings. JF Yahoo! Groups Sponsor -~--> Save 30% on Web addresses! Get with the times, get a web site. Share information, pictures, your hobby, or start a business. Great names are still available- get yours before someone else does! http://us.click.yahoo.com/yu.vPA/nFGEAA/sXBHAA/kgFolB/TM -~-> TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.yahoogroups.com/community/TSCM-L It is by caffeine alone I set my mind in motion. It is by the juice of Star Bucks that thoughts acquire speed, the hands acquire shaking, the shaking is a warning. It is by caffeine alone I set my mind in motion. === TSKS Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ - End forwarded message - -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Backflow' water-line attack feared
for immediate security projects, according to a just passed Senate bill: $50 million. Sources: EPA, American Water Works Association, WSJ research Still, experts have long feared that a terrorist would try an intentional attack. As Gay Porter DeNileon - a journalist who serves on the National Critical Infrastructure Protection Advisory Group, a water-industry organization - put it in the May issue of the journal of the American Water Works Association, "One sociopath who understands hydraulics and has access to a drum of toxic chemicals could inflict serious damage pretty quickly." Utility officials say that it is difficult to fully prevent a backflow incident, but they are hopeful that they can limit the damage through early detection. The beginning of a backflow attack probably would be marked by a sudden drop in water pressure in a targeted neighborhood as terrorists stopped the flow of water into a home or business. The pressure would then climb as attackers reversed the flow of water and began using it to carry poison. Utilities regularly monitor system-wide water pressure, because a sharp and unanticipated decrease - at times other than, say, halftime of the Super Bowl, when tens of millions of American toilets flush - can indicate that a pipe has burst. Most utilities monitor pressure at water-treatment plants and inside the underground pipes that carry the water to nearby homes and businesses; some use advanced telemetric sensors inside pipes. In recent weeks, many utilities say they have increased the frequency of their checks. "A small drop-off would attract attention it wouldn't have even a short time ago," says Michelle Clements, a spokeswoman for Oregon's Portland Water District, which serves 190,000 customers. But officials concede that it might be difficult for them to actually spot the minor drop in pressure that could be the start of a backflow attack. Jeffrey Danneels, who specializes in infrastructure security at Sandia National Laboratory in New Mexico, says that water officials might have a hard time detecting a backflow attack originating in a single home or apartment building. "The smaller the pipe, the harder it would be to notice," he says. Another way to protect the public is to increase the amounts of chlorine or other chemicals added to water so that more of the chemical will remain in the pipes, providing residual protection against some toxins, according to Tom Curtis, deputy director of the American Water Works Association, which represents 4,300 public and private water utilities. At the Cleveland Division of Water, officials are considering adding more chlorine in areas where residual levels are low, says Julius Ciaccia Jr., Cleveland's water commissioner. Even before the Sept. 11 attacks, some utilities had begun replacing the chlorine with chloramine, a related substance made from the combination of chlorine and ammonia that is believed to linger in pipes longer. Increasing the chemicals has drawbacks, however. "You can only go so far before people begin to complain about the taste," says Curtis. The only sure way of preventing a backflow attack, water officials says, is installing valves to prevent water from flowing back into the pipes. Many homes have such valves on toilets and boilers. But virtually none have them on sinks, in part because water officials long assumed that the biggest threat they faced was natural, such as an earthquake, flood or hurricane carrying debris into a reservoir or pipe. Water officials say retrofitting existing structures with the valves would be prohibitively expensive. "We're used to natural incidents. We're ready for them," says Sullivan of the Association of Metropolitan Water Agencies. "But we've never really looked at what could happen if someone really wanted to come and get us. And that's a hard adjustment to make." Copyright ) 2001 Dow Jones & Company, Inc. All Rights Reserved. - End forwarded message - -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Re: Enemy at the Door
On Wed, Nov 07, 2001 at 11:01:10PM -0600, Jim Choate wrote: > On Wed, 7 Nov 2001, Harmon Seaver wrote: > > > Duh! Read it again. "802.11'd to DSL to a very remote web site?" That > > DSL line could be clear across town. > > Not with 802.11 anything will it be 'clear across town'. A few hundred > yards w/ 802.11b and maybe a mile with 802.11a. Now if you're talking > directional then it wouldn't take a rocket scientist to ask "Where does > that nifty parabolic point? Why, at that other nifty parabolic. Well, > gentlemen, how's 'bout we take 'em both down?" > > If you want distance you'll either have to add an illegal final or else > use packet or some other mechanism (probably illegaly as well). > I have read reports of people running WiFi links of up to 20 miles. Given a clear path (clear line of sight) and relatively modest sized directional antennas (not huge suspicious looking dishes) which can be concealed under rf transparent radomes (hidden in an attic for example with appropriate (fiberglass) roofing or siding, or behind a glass picture window with curtains drawn) getting 10 to 20 mile ranges is pretty easy with gain antennas on either end... not rocket science either... and quite hard to spot visually (though of course a spectrum analyzer with good preamps and antennas will find and locate any hidden 802.11 link in no time flat - one cannot radiate rf from a fixed location and not be easily found using common TSCM tools). -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Next act of the drama ?
Cc: [EMAIL PROTECTED] Folks, the MSP has placed the following BE ON THE LOOK OUT BULLETIN (BOLO) for a theft that occurred in New Jersey yesterday of a 45 foot trailer/truck combo with hazardous chemicals inside: Truck: Freightliner, 2000, license plate: NJ 171469, Penske Leasing on side of cab doors Trailer: 45 foot, 1988, has name "Crew Rockland" on trailer and a trailer number of 22A. License plate NJ T392VD BTW warning was placed not to open up the trailer if found. This is not meant to cause hysteria among us BUT again in our travels we just might see that trailer somewhere!!! - End forwarded message - -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Frenchalon....
the fortunes we spend every year, we could set up so many agents abroad. After all, that is our real job." Threat to privacy? Without a doubt. Some of the millions of communications tapped could be yours. The risk is even higher if you call a region with few cable connections, like Africa, Russia, or the DOM-TOMs. Nothing prohibits the DGSE from intercepting your conversations or e-mails if they are transmitted by satellite. Worse, this type of espionage is implicitly authorized by a 1991 law establishing the Commission on Monitoring of Wiretaps. Article 20 of this law indeed stipulates that it is not within the powers of this new commission to monitor "measures taken by the public authorities to (...) monitor (...) transmissions via hertzian channels [Le Nouvel Observateur editor's note: That is, via the airwaves]." In other words, the body may monitor everything except "satellite" taps. "This exception was demanded by the highest state authorities," confides a former advisor to then Defense Minister Pierre Joxe. "Why? You may remember that at that time, the DGSE was launching a wide-ranging plan to modernize its 'big ears.' Compromising it was out of the question." A former Elysee staffer: "We wanted to give the secret service a free hand, not enclose it in a quota of authorized taps." The members of parliament could not make head nor tail of it. They should have been more curious. They would have learned that many democratic countries had already rigorously regulated the activities of their "big ears." In Germany, eight independent experts appointed by the parliament have monitored the BND's wiretapping activities since 1968; they constitute the "G10" commission. They have considerable power. They can interrogate all employees of the BND and view the entire tap production process. "The objective: to protect Germans' privacy," according to Professor Claus Arndt, who served on this commission from 1968 to 1999. When, during random sorting, the name of a German citizen or company appears, the BND must erase it, barring the express consent of the commission. "By the same token," says Professor Arndt, "the secret service must submit the entire list of key words it intends to use. It is not allowed to include the name of a German." By next June, a law should allow super-inspectors to visit any of the German secret service's sites, including the Kourou station. If France refuses to allow this, the president of the commission could call for the BND's withdrawal from the Guyanese base. In Australia, the "big ears" are under the surveillance of an inspector general designated by the government. He has the power to verify that the DSD, the espionage service, applies highly restrictive laws. For example, any information about an Australian collected by tapping stations must be destroyed. A destruction report must even be submitted to the inspector general. In Canada, a commissioner designated by the parliament is responsible for this task of monitoring. Each year, he drafts a public report. In the United States, the NSA's activities are monitored by an inspector general and the US attorney general. When will France follow suit? In recent months, members of Parliament have taken an interest in "big ears" ... belonging to the Americans. The Defense Commission recently issued a spiteful report about "Echelon" and the NSA (footnote: On the subject of Echelon, see "Global Electronic Surveillance," by Duncan Campbell, Allia Publishing). It is time for it also to study the practices of the DGSE and propose ways of monitoring them. This is an opportune time. A revolution in "tapping" is on the way. The secret service is planning to invest massively in interception of undersea cables. Before plunging into this adventure, could it not be subjected to a few democratic rules? [Description of Source: Paris Le Nouvel Observateur (Internet Version-WWW) in French -- left-of-center weekly magazine featuring domestic and international political news] -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Re: Customer service at Anonymizer/Cyberpass/Infonex
On Mon, Jul 23, 2001 at 08:26:39PM -, Dr. Evil wrote: > Given the fact that the Anonymizer often comes up in Cypherpunk > contexts, and that many of you are probably reading this list from > cyberpass.net, which is hosted by Infonex (which is the same company > as the Anonymizer, all run by Lance Cottrell, I believe) some of you > may be interested in what Infonex's attitude about customer service > is, and how they conduct themselves as a business. > I have been having an interesting problem with my cypherpunks feed from sirius.infonex.net - twice in the last 3 weeks or so it has suddenly and without warning started sending me empty email messages (zero length body) with essentially null headers (none of the normal email envelope headers and no indication of where the message came from other than [EMAIL PROTECTED]). And all flow of actual cypherpunks list messages stopped when these anomalous messages started. I presume that each null message I got was really meant to be a cypherpunks list mailing that somehow got trashed - superficially this looks like an out of space condition in one of the spool queues. This condition persisted in one case for 4 or 5 days and in the most recent case for about 3. And then things suddently started working again. So indeed their system administration may leave a bit to be desired - perhaps they are barely afloat financially and can't pay someone to watch things like space on their server queue file systems and backups. -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
[rdcrisp@earthlink.net: the case of the forwarded email]
tzel's suit against Cremers. "Even though AOL is a classic ISP in terms of connecting you to the Internet," he says, "it does a lot more: maintaining forums and channels. In this particular case, AOL had stepped out of the role of being pure ISP provider, but the court still applied statutory immunity." Newman completes the analogy by saying that the Museum Security Network too represents an "open forum for information" that deserves protection under the law. But Batzel's lawyer sees things differently. "My reading of the case is that if all you do is provide a bulletin board, it's unlikely that there's any liability," says Fredman. "On the other hand, if you are carefully deciding what goes on the newsletter and adding headlines and comments, there is no exoneration of responsibility." In other words, both sides recognize the legal distinction between a "content provider" (a publisher which is liable for content) and an "ISP" (a platform for third-party publishing which, so far, anyway, is not). The question is: Which category does the Museum Security Network fall into? Newman argues that the Museum Security Network qualifies as an ISP for legal purposes because it offers a neutral forum for the third-party exchange of news and information. Fredman counters that the Network is more of a content provider, since Cremers has a hand in the selection process and posts an occasional moderator's note. Along with testing the boundaries of Internet case law, this issue strikes at the heart of the Museum Security Network's enterprise. If Fredman is right, Cremers' involvement with the newsletter will leave him vulnerable in a court of law. But it's precisely this human touch that readers appreciate. Cremers was honored by the Smithsonian this year for launching the site; his involvement in the newsletter clearly adds value over the automatic news alert that, say, a software program could generate. Even Cremers' loudest critics, who were quick to question his publishing of Smith's letter, sound supportive. When contacted for this story, Atkins at the Museum of Fine Arts in Boston said he used to read the Museum Security Network for "articles on art sales, art theft, art smuggling, art forgeries, etc. from all over the world. ... As an added bonus, I found that there was a lot of contribution from a cast of regular characters and others who happened upon the site for professional advice and suggestions. I thought that it was a great site and a friendly atmosphere." Merkel, a partner in a Chicago public relations firm who just sold a novel on Nazi-looted art to Penguin, agrees. While he reiterates his warning to the Museum Security Network about "serving as 'cop on the beat,'" he also praises the newsletter as "a valuable tool, particularly for helping alert museum security professionals to the ongoing news of art thefts -- more occur than you might think." Cremers himself received similar endorsements this March, when he asked his readers for feedback on the service. He was overwhelmed by the response: "Within two days, I heard from 176 subscribers from all over the world, from UNESCO to ICOM (International Council of Museums) in Paris," he says. Almost all comments were raves. Whether or not the endorsements help Cremers' case, they do underscore the ambitiousness, and vulnerability, of his project. The international black market for art and antiques is sprawling (recent estimates put it at $6 billion to $10 billion annually, almost as large as the legitimate art market), and tracking the stolen goods is no easy feat. A news bulletin about stolen art is the kind of service that the Internet in general, and the Museum Security Network in particular, was born to deliver. Now, saddled with the defamation lawsuit, the Museum Security Network's strengths have become liabilities. Cremers' involvement in the site could prove his Achilles' heel, suggesting that an automated service is safer. Likewise, the newsletter's international reach could pull the Netherlands citizen straight into U.S. federal court, suggesting that the Web venture would do better to keep its readership low and local. While the lawyers debate the definition of an ISP, the future of Cremers' newsletter -- and with it one model for online publishing -- hangs in the balance. - End forwarded message - -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Re: 2600 - bell toll signals
On Thu, Jul 27, 2000 at 02:20:26AM -0400, !Dr. Joe Baptista wrote: > Hello: > > I'm looking for a list of telephone company modulation frequencies used on > toll lines (trunk lines) to control switching between offices. Anyone > know where I can find them. Used to know them by heart - 2600 to disconect > and 300 - 1200 ?? for the control tones. > > Joe Baptista > In band signalling (tones on the trunk lines) is no longer in use in the USA to any important degree and hasn't been since the late 70s or so. Control of call setup and supervision is handled by an out of band packet network using a signalling protocol called signalling system 7 (SS7) running over entirely separate data circuits which often don't even take the same paths through the network as the trunk groups they control do. But what you are looking for is the CCITT signalling system #5 or the Bell MFKP (multifrequency key pulsing) tone set (different than DTMF, the touch tone tones).Also commonly known as the "Blue Box" tones. The US frequencies were 700, 900, 1100, 1300, 1500, 1700 sent in pairs. But what this has to do with cryptography and the politics of privacy I am apparently too dimwitted to see... -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Re: POTS encryption product.
On Sun, Jul 23, 2000 at 02:37:08AM -0400, BMM wrote: > http://www.l-3com.com/cs-east/programs/infosec/privatel.htm > > A triple-DES bump-in-the-cord encrypter, retails for ~US$600. > Buyer beware, L-3 is a Lock-Mart spinoff with NSA and DoD contracts. > That is sort of an understatement, amoung other things they are the only supplier of the next generation government secure phone - the STE. Certainly makes one wonder about whether the Privatel device is genuinely secure and a major NSA and DOD contractor actually allowed to sell bump in the cord 168 bit 3-DES devices with DH key exchange to apparently just about anyone - sure makes one wonder where the backdoor is... (perhaps they broadcast the key in TEMPEST emanations - the specs say nothing about TEMPEST certification)... -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Re: Disk INsecurity:Last word on deletes, wipes & The Final Solution.
On Thu, Apr 06, 2000 at 06:56:47PM -0400, Lucky Green wrote: > I am not aware of any high-end data recovery outfits that use software > solutions. Everybody I know of in that space uses STM's. I believe it was > Peter Gutmann who publicized the fact that you can buy STM workstations that > ship with vacuum chucks for all popular platter sizes. > > --Lucky Green <[EMAIL PROTECTED]> > Have any of your contacts in this arena given you any sense of how many layers of data their operational STM systems used day to day in their recovery business (not some theoretical system they don't really have up and usable) can actually recover off a typical disk platter ? Is it 1, 2, 5, or 25 discrete layers ? And what kind of bit error rate in the recovered date do they achieve with the STMs ? How automated is the process ? Can they prepare a platter, pump down the chamber and read out multiple layers of data almost as if reading a disk with the drive electronics or is there a lot of human operator intervention and twiddling required to set things up to retrieve a sector ? I assume the actual interpretation of the STM scan output as encoded binary data is completely automated and that they are not ever working from raster images by hand using the human eye and brain as a kind of OCR (unlike IC mask reverse engineering of a few years back) ? Do they often recover overwritten information at all ? I would imagine that most disk recovery work involves drives that went bad leaving valuable data inaccessible via normal disk reading mechanisms due to problems like corrupt servo tracks and damaged media surfaces and heads rather than actual overwritten information. Sure there might be cases of a sector or two that needs to be read in order to correctly understand the rest of the data, but massive recovery of gigabytes should be rare I would think... -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Re: Iridium [was: None]
On Thu, Mar 16, 2000 at 03:45:42PM -0500, Tim May wrote: > At 2:34 PM -0500 3/16/00, Dave Emery wrote: > >On Thu, Mar 16, 2000 at 11:00:54AM -0500, Trei, Peter wrote: > >> > >> It may be bankrupt as a commercial entity, but there are other well-heeled > >> groups who may take it over. > >> > > > >> I suspect those satellites may well be active for a long time to come, even > >> if not available for the non-elite. > >> > > > > There has been talk, perhaps not grounded in reality, of > >actually using the deorbit capability built into the satellites to > >remove the constellation by forcing the birds to reenter and burn up. It > >has been claimed that this might be necessary in order to get maximum > >tax writeoff for the loss. It is certainly in general true that > >companies in the USA seem to need to physically destroy obselete or > >unneeded equipment in order to satisfy the US tax code and get maximum > >writeof, apparently if there is any question of residual value things > >get sticky. > > Look, sorry to sound grumpy, but you are just speculating about what > has been widely, widely reported in the news. Read Yahoo or Lycos or > any other such source. It's frustraing watching people just > speculating and reporting what they they have heard as "talk." If you are complaining about what I wrote, let me say I chose my words carefully. I had indeed seen the press reports on the net about the intent to deorbit the system, but had not seen any official statement to that effect by Motorola or the Bankruptcy court. Perhaps I was being overly cautious, but in the absence of a solid primary source (that I had seen) it seemed prudent to report the whole thing as as "talk" as the notion of deorbiting a 4 billion dollar satellite constellation as a tax manuever strikes me as a pretty drastic action and something I would want to have seen primary source material on before I stated it as fact. If there have been such statements by the principals in the matter, I missed them and am sorry to have engaged in "just speculating", though there is certainly plenty of that on the cypherpunks list. I stand behind my original point (which is why why I opened my mouth in the first place) which is that the Motorala patents regarding law enforcement access to communications are primarily relevent to IRIDIUM alone and don't happen to apply to the other LEO and GEO sat phone systems which use bent pipe repeaters and ground processing of the signals. > > The plan to deorbit the 66 satellites will go into effect soon. > Tomorrow night at 11:59 the phone service will be turned off, unless > a buyer is found (or some other last minute funding arrives). > > Deorbiting is essentially necessary to get rid of the the junk in > orbit. Keeping the satellites on station requires money (for ground > controllers, etc.), and replacements would have to be launched as > needed to keep the system viable. It is simply _not_ the case that > they can just be left in orbit with no costs and used as needed. > This is a (perhaps slightly clearer) restatement of the point I was making in my post. Peter Trie, not I, was the one who was speculating about continued use of "those satellites". > --Tim May > > > > -- > -:-:-:-:-:-:-: > Timothy C. May | Crypto Anarchy: encryption, digital money, > ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > "Cyphernomicon" | black markets, collapse of governments. > -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Re: Iridium [was: None]
On Thu, Mar 16, 2000 at 11:00:54AM -0500, Trei, Peter wrote: > > It may be bankrupt as a commercial entity, but there are other well-heeled > groups who may take it over. > > I suspect those satellites may well be active for a long time to come, even > if not available for the non-elite. > There has been talk, perhaps not grounded in reality, of actually using the deorbit capability built into the satellites to remove the constellation by forcing the birds to reenter and burn up. It has been claimed that this might be necessary in order to get maximum tax writeoff for the loss. It is certainly in general true that companies in the USA seem to need to physically destroy obselete or unneeded equipment in order to satisfy the US tax code and get maximum writeof, apparently if there is any question of residual value things get sticky. The problem with keeping the system going is that the gateways and spacecraft tracking and operations both cost substantial money per month to operate - also the cost of replacing bad satellites is obviously significant and becomes more of a problem over time. An incomplete constellation with gaps in coverage at random times would be less interesting to most users. I do believe that the US government has looked at the prospect of buying the system, and decided it wasn't worth it. > Peter > > -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18