Re: [Cryptocollectors] STU III 2500
On 1/13/07, Roy M. Silvernail <[EMAIL PROTECTED]> wrote: This is the first auction I've looked at where eBay is anonymizing the bidder list. It's probably a general policy, but interesting that the first one I saw was for crypto gear. That's the eBay "Private Listing" option. Often used in auctions of adult materials. -- Taral <[EMAIL PROTECTED]> "You can't prove anything." -- Gödel's Incompetence Theorem - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: [Cryptocollectors] STU III 2500
On 13 Jan 2007, at 16:33, Roy M. Silvernail wrote: Richard Brisson wrote: Good morning all, Available to those in the U.S., STU-III 2500 with manual and AC adapter (and perhaps even a key in the plastic bag but it's not stated nor obvious) on eBay: 330073910569 This is the first auction I've looked at where eBay is anonymizing the bidder list. It's probably a general policy, but interesting that the first one I saw was for crypto gear. The first one I saw was the one for the USSR Mig-21: http://cgi.ebay.com/ebaymotors/MiG-21F-USSR-Military- Aircraft_W0QQitemZ120071699871QQihZ002QQcategoryZ26428QQrdZ1QQcmdZViewIt em -- Rui Paulo - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Banking Follies
On Sat, 13 Jan 2007 18:26:52 -0500 John Ioannidis <[EMAIL PROTECTED]> wrote: > Citibank send me periodic reminders to switch to an electronic-only > statement so that I am "better protected against identity theft". > The advice may actually be correct, though of course they have a major financial incentive to persuade you to adopt the scheme even if it isn't. Anyway -- we're so focused in this group on the Internet that we sometimes forget about physical world attacks. Theft of financial data (and financial objects, such as checks and credit cards) from physical mailboxes (or garbage cans) is quite commonplace, and is -- according to some -- a more significant vector for identity theft than Internet fun and games. The Wall Street Journal advised people to use electronic statements for just that reason (see http://online.wsj.com/article/SB116830855255470919-search.html?KEYWORDS=%22identity+theft%22&COLLECTION=wsjie/6month); also note the list at http://www.identitytheftassistance.org/How_Criminals_Steal.html --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: SSL Server needs access to raw HTTP data (Request for adivce)
Am Samstag, den 13.01.2007, 19:03 -0800 schrieb Richard Powell: > I was hoping someone on this list could provide me with a link to a > tool > that would enable me to dump the raw HTTP data from a web request that > uses SSL/HTTPS. I have full access to the server, but not to the > client, and I want to know exactly/precisely what the client is > transmitting. I think http://www.rtfm.com/ssldump/ should do the job. But this only works in some configurations. signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Molecular Keypad Lock
http://www.sciencedaily.com/releases/2007/01/070108094028.htm - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
SSL Server needs access to raw HTTP data (Request for adivce)
Hello, I was hoping someone on this list could provide me with a link to a tool that would enable me to dump the raw HTTP data from a web request that uses SSL/HTTPS. I have full access to the server, but not to the client, and I want to know exactly/precisely what the client is transmitting. I've considered a few options, including eg... using apache_request_header() from php Need to have php installed as module, which I don't. Also, not sure it would give me the complete RAW stream that I want and didn't want to waste my time installing a test server if it wasn't going to fully work. eg... tried using "openssl s_server -accept 443 -WWW -debug -msg This option didn't seem to display/dump the raw HTTP stream. I could not locate an option that would enable seeing this information. I've been searching google for hours for some sort of tool to no avail. If I don't find a reasonable/quick option, my next solution is going to be to hack the s_server.c file from openssl and add the necessary statements to dump the desired stream. I'm not too excited about this option, but I suppose if that's the best option I have, then so be it. :) Thanks in advance for any advice. Richard - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Banking Follies
Citibank send me periodic reminders to switch to an electronic-only statement so that I am "better protected against identity theft". John Cleese saying "explain the logic underlying this conclusion" in the cheese shop sketch comes to mind... The return address for the email message, although appearing to be from citibank.com, is linked to a black hole or some other information sink. /ji - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: A web site that believes in crypto
On Wed, Jan 10, 2007 at 06:31:21PM -0500, Steven M. Bellovin wrote: > I just stumbled on a web site that strongly believes in crypto -- > *everything* on the site is protected by https. If you go there via > http, you receive a Redirect. The site? www.cia.gov: > > $ telnet www.cia.gov 80 > Trying 198.81.129.100... > Connected to www.odci.gov. > Escape character is '^]'. > GET / HTTP/1.0 > > HTTP/1.0 301 Found > Location: https://www.cia.gov/ Their public email gateways don't believe in crypto nearly as much as cs.columbia.edu does. $ for d in cia.gov cs.columbia.edu; do echo; dig +sho -t mx $d | sort +0n | tee /dev/tty | perl -lne 'm{(\S+)\.$} && print $1' | while read h; do echo; smtp-finger -t "[$h]" $d 2>&1 | perl -lne 'print unless (/^-{5}BEGIN/ .. /^-{5}END/);'; done; done 5 mail2.ucia.gov. 10 mail1.ucia.gov. smtp-finger: Connected to mail2.ucia.gov[198.81.129.148]:25 smtp-finger: < 220 mail2b.ucia.gov ESMTP smtp-finger: > EHLO amnesiac.ms.com smtp-finger: < 250-mail2b.ucia.gov smtp-finger: < 250-8BITMIME smtp-finger: < 250 SIZE 104857600 smtp-finger: Connected to mail1.ucia.gov[198.81.129.68]:25 smtp-finger: < 220 mail1a.ucia.gov ESMTP smtp-finger: > EHLO amnesiac.ms.com smtp-finger: < 250-mail1a.ucia.gov smtp-finger: < 250-8BITMIME smtp-finger: < 250 SIZE 104857600 100 cs.columbia.edu. 200 ober.cs.columbia.edu. 200 opus.cs.columbia.edu. smtp-finger: Connected to cs.columbia.edu[128.59.16.20]:25 smtp-finger: < 220 cs.columbia.edu ESMTP Sendmail (8.12.10/22/jtt/sed/ib42) is thrilled to serve you at Sat, 13 Jan 2007 13:27:13 -0500 (EST). smtp-finger: > EHLO amnesiac.ms.com smtp-finger: < 250-cs.columbia.edu Hello amnesiac.ms.com [192.0.2.1], pleased to meet you smtp-finger: < 250-ENHANCEDSTATUSCODES smtp-finger: < 250-PIPELINING smtp-finger: < 250-EXPN smtp-finger: < 250-VERB smtp-finger: < 250-8BITMIME smtp-finger: < 250-SIZE 2500 smtp-finger: < 250-DSN smtp-finger: < 250-ETRN smtp-finger: < 250-STARTTLS smtp-finger: < 250-DELIVERBY smtp-finger: < 250 HELP smtp-finger: > STARTTLS smtp-finger: < 220 2.0.0 Ready to start TLS smtp-finger: certificate verification failed for cs.columbia.edu[128.59.16.20]:25: untrusted issuer /C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1 smtp-finger: TLSv1 connection to cs.columbia.edu(cs.columbia.edu[128.59.16.20]:25) with cipher DHE-RSA-AES256-SHA (256/256 bits) smtp-finger: > EHLO amnesiac.ms.com smtp-finger: < 250-cs.columbia.edu Hello amnesiac.ms.com [192.0.2.1], pleased to meet you smtp-finger: < 250-ENHANCEDSTATUSCODES smtp-finger: < 250-PIPELINING smtp-finger: < 250-EXPN smtp-finger: < 250-VERB smtp-finger: < 250-8BITMIME smtp-finger: < 250-SIZE 2500 smtp-finger: < 250-DSN smtp-finger: < 250-ETRN smtp-finger: < 250-AUTH PLAIN LOGIN smtp-finger: < 250-DELIVERBY smtp-finger: < 250 HELP smtp-finger: Unverified: subject_CN=cs.columbia.edu, issuer=Equifax Secure Global eBusiness CA-1 smtp-finger: Server session id: 8EA8B66A9DCCA0903BF75B7FC71316CE201330A0B1B09114FB6BE15E25AA9827 smtp-finger: Common Name: cs.columbia.edu: matched --- Certificate chain 0 s:/C=US/O=cs.columbia.edu/OU=https://services.choicepoint.net/get.jsp?GT1305/OU=See www.geotrust.com/quickssl/cps (c)04/OU=Domain Control Validated - This is a GeoTrust QuickSSL Premium(R) Certificate/CN=cs.columbia.edu i:/C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1 smtp-finger: Connected to ober.cs.columbia.edu[128.59.18.100]:25 smtp-finger: < 220 ober.cs.columbia.edu ESMTP Sendmail (8.12.10/22/jtt/sed/ib42) is thrilled to serve you at Sat, 13 Jan 2007 13:27:14 -0500 (EST). smtp-finger: > EHLO amnesiac.ms.com smtp-finger: < 250-ober.cs.columbia.edu Hello amnesiac.ms.com [192.0.2.1], pleased to meet you smtp-finger: < 250-ENHANCEDSTATUSCODES smtp-finger: < 250-PIPELINING smtp-finger: < 250-EXPN smtp-finger: < 250-VERB smtp-finger: < 250-8BITMIME smtp-finger: < 250-SIZE 2500 smtp-finger: < 250-DSN smtp-finger: < 250-ETRN smtp-finger: < 250-STARTTLS smtp-finger: < 250-DELIVERBY smtp-finger: < 250 HELP smtp-finger: > STARTTLS smtp-finger: < 220 2.0.0 Ready to start TLS smtp-finger: certificate verification failed for ober.cs.columbia.edu[128.59.18.100]:25: untrusted issuer /C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1 smtp-finger: TLSv1 connection to ober.cs.columbia.edu(ober.cs.columbia.edu[128.59.18.100]:25) with cipher DHE-RSA-AES256-SHA (256/256 bits) smtp-finger: > EHLO amnesiac.ms.com smtp-finger: < 250-ober.cs.columbia.edu Hello amnesiac.ms.com [192.0.2.1], pleased to meet you smtp-finger: < 250-ENHANCEDSTATUSCODES smtp-finger: < 250-PIPELINING
Re: [Cryptocollectors] STU III 2500
Richard Brisson wrote: > Good morning all, > > > > Available to those in the U.S., STU-III 2500 with manual and AC adapter (and > perhaps even a key in the plastic bag but it's not stated nor obvious) on > eBay: 330073910569 This is the first auction I've looked at where eBay is anonymizing the bidder list. It's probably a general policy, but interesting that the first one I saw was for crypto gear. -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not "It's just this little chromium switch, here." - TFT CRM114->procmail->/dev/null->bliss http://www.rant-central.com - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: [Cryptocollectors] STU III 2500
On Thu, 11 Jan 2007 06:30:08 -0500 "Richard Brisson" <[EMAIL PROTECTED]> wrote: > Good morning all, > > > > Available to those in the U.S., STU-III 2500 with manual and AC > adapter (and perhaps even a key in the plastic bag but it's not > stated nor obvious) on eBay: 330073910569 > It appears to be a Type 2 encryptor (sensitive-but-unclassified traffic), according to http://packetstormsecurity.org/apoc2k/cue/comsec --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]