Ross Anderson paper on fraud, risk and nonbank payment systems

2007-05-12 Thread Steve Schear
[Read the paper here: 
http://www.cl.cam.ac.uk/%7Erja14/Papers/nonbanks.pdf  Very interesting 
stuff, but not likely new to most here.]



The Federal Reserve commissioned me to research and write a
paper on fraud, risk and nonbank payment systems. I found that
phishing is facilitated by payment systems like eGold and Western
Union which make the recovery of stolen funds more difficult.
Traditional payment systems like cheques and credit card payments
are revocable; cheques can bounce and credit card charges can be
charged back. However some modern systems provide irrevocability
without charging an appropriate risk premium, and this attracts
the bad guys. (After I submitted the paper, and before it was
presented on Friday, eGold was indicted.)

I also became convinced that the financial market controls used
to fight fraud, money laundering and terrorist finance have
become unbalanced as they have been beefed up post-9/11. The
modern obsession with 'identity' - of asking even poor people
living in huts in Africa for an ID document and two utility
bills before they can open a bank account - is not only ridiculous
and often discriminatory. It's led banks and regulators to take
their eye off the ball, and to replace risk reduction with due
diligence.

In real life, following the money is just as important as following
the man. It's time for the system to be rebalanced.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Fwd: [gsc] Digital cache with extended features

2007-05-09 Thread Steve Schear
[Some interesting thinking going on.  Wasn't there some similar ideas 
presented/published at a past FC conference?]


Subject: [gsc] Digital cache with extended features
Date: Sun, 06 May 2007 12:57:08 +0300
From: George Hara [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]

It seems that, finally, the pieces fit together, and although the design
is not as good as for account based systems, it's good enough.

I have been pondering for some time about digital cash, but the pieces
never fit. However, with a special design, it's possible to integrate
the necessary features in digital coins.

Basically, it's necessary for the owner of a coin to create the coin
(core), blind it and send it to the mint for signing. In the core, the
user must include a hash for a coin appendix. The coin appendix
includes various information, but the most important is the asymmetric
public key pair of the recipient.

The coin appendix is not sent to the mint so that it would not serve
later to associate exchanges. However, when a coin is exchanged, the
coin appendix must be sent to the mint. And since its hash is already in
the signed coin, it's certain that the correct coin appendix is
associated with the coin.

The mint guarantees to exchange the coin only if the signature of the
exchange request is verified by the key pair which is in the coin
appendix.

This way, the spender can be sure that only the intended recipient can
later spend the coin, and also have the best thing next to a proof of
payment. If an online store publishes its public key pair, then even if
the store claims to never have received the coin, the spender can simply
publish coin (note that only the store can spend the coin, so everyone
can see the coin) and tell the store to take it.

This methods provides two features in one step: proof of payment and
ability of organizations to secure every coin they receive with the
public identity of the organization (not of individual members).

A problem of this method is that the mint can monitor how much currency
a specific digital identity exchanges. Of course, the mint can't know
the total amount of currency received by a digital identity because
there is no need to reissue a coin, and the recipient might never
exchange some coins he received.

Of course, everybody can just change their asymmetric key pair, but
since they need to publish it, it can still be monitored.

Now, there is certainly no need to use identities for recipients, but in
practice most people would do it.

The coin appendix could also contain a descriptor of its inheritors. But
the problem here is that the coin would have to be put in an escrow
service. It's not a problem if anybody sees it, because only it's
current owner can exchange it, and in the future (after a date specified
in the descriptor) only its intended inheritors can exchange it.

The owner has to consider that if he still lives when the coin is about
to enter its inheritable time frame, he must exchange it before that
time and set a new date for inheritance.

The coin appendix could also include an escrow identity. The mint must
then guarantee to exchange the coin only if it's accompanied by a signed
certificate from the escrow service.

The coin appendix could also include a recovery identity, usually that
of the original owner. This way, if the recipient never uses the coin
because he dies, for example, the spender can take it back after a
specified date. But this means that users must reissue the coins (for
themselves) they receive, before the recovery date comes. Sure, the
recovery date could be a year after the payment, but that still means
that there has to be a reissue.

The actual implementation of this design, requires two independent parts
of the coin appendix, and therefore two hashes:
* One part which contains the identity of the owner of the coin. This
part is sent to the mint when the owner spends the coin.
* One part which contains the identities of the inheritors of the coin.
This part is sent to the mint when an inheritor reissues the coin.
This way, inheritors are visible to the mint only when they actually
inherit.

All nice and cozy, but this design means that each transaction would
take on average 1 to 2 seconds for the mint, plus about 8 times more
traffic than for account based systems. (This considers that coin
denominations are power of 2, so as to minimize the number of coins from
each transaction.)

One thing I am still unable to solve is how to hide coins. With account
based systems it is simple: each visible account from the identity
manager application had, automatically created, a hidden account (well,
rather data which looked random to anyone without the right passphrase).

I still have to think about these things to see if it's a path worth
pursuing.

(http://www.gardenerofthoughts.org/ideas/axiomaticid/digitalcache.htm)

-
The Cryptography Mailing List

Re: Was a mistake made in the design of AACS?

2007-05-05 Thread Steve Schear

At 07:50 AM 5/4/2007, Nicolas Williams wrote:

On Thu, May 03, 2007 at 10:25:34AM -0700, Steve Schear wrote:
 At 03:52 PM 5/2/2007, Ian G wrote:
 This seems to assume that when a crack is announced, all revenue
 stops.  This would appear to be false.  When cracks are announced in such
 systems, normally revenues aren't strongly effected.  C.f. DVDs.

 Agreed.  But there is an incremental effect.  In the same way many people
 now copy DVDs they have rented many will gain access to HD content made

Wait, are you saying that people copy rented DVDs onto DVD media?  Or
that they _extract_ the content?

There's a big difference: there's no need to crack the DVD DRM system to
do the former, but there is for the latter.


I guess I wasn't clear.  Unlike ripping and copying DVD's bit-for-bit, 
content ripped from H-DVDs and BluRay discs are first distributed as simply 
unencrypted copies.  Watching this content means you will probably do so 
from your PC (e.g., using a curent version of Power DVD) as burning a 
bit-for-bit HD DVD/BluRay is either not available or economically 
practical.  Later, HD videophiles re-encode the content using the same 
advanced coders (i.e., H./X/264 andVC1) so at least the feature movie can 
be stored on a dual layer DVD.  Despite the smaller data size of the DVD 
(about 8.5 GB) vs. HD media (20+ GB) the quality of playback is impressive, 
good enough for all but the most discerning Home Theater buff.



Well, there's an idea: use different physical media formats for
entertainment and non-entertainment content (meaning, content created by
MPAA members vs. not) and don't sell writable media nor devices capable
of writing it for the former, not to the public, keeping very tight
controls on the specs and supplies.


Authoring DVDs are available for people wishing to master protected 
content.  These, unlike the consumer variety, allows the CSS to be 
present.  Special burners, never very popular with consumers, even video 
philes, are required.


Steve 


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: AACS and Processing Key

2007-05-04 Thread Steve Schear

At 11:32 AM 5/2/2007, Perry E. Metzger wrote:


Anyone very familiar with AACS have ideas on what optimal attack and
defense strategies are? This seems like a fertile new ground for
technical discussion.


Ed Felton wrote and excellent piece on AACS from the technical and 
economic/tactical standpoint.  This link is to the part that addresses your 
particular question:

http://www.freedom-to-tinker.com/?p=1107

Steve 


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Was a mistake made in the design of AACS?

2007-05-04 Thread Steve Schear

At 03:52 PM 5/2/2007, Ian G wrote:

Hal Finney wrote:

Perry Metzger writes:
Once the release window has passed,
the attacker will use the compromise aggressively and the authority
will then blacklist the compromised player, which essentially starts
the game over. The studio collects revenue during the release window,
and sometimes beyond the release window when the attacker gets unlucky
and takes a long time to find another compromise.


This seems to assume that when a crack is announced, all revenue 
stops.  This would appear to be false.  When cracks are announced in such 
systems, normally revenues aren't strongly effected.  C.f. DVDs.


Agreed.  But there is an incremental effect.  In the same way many people 
now copy DVDs they have rented many will gain access to HD content made 
available by those more technically sophisticated.  There a number of Bit 
Torrent trackers which focus on HD content.  All current released 
HD-DVD/BluRay movies are available for download. For those with 
higher-performance PCs for playback, broadband connections and who know how 
to burn a single- or dual layer DVD, the content is there for the talking.


A new generation of HD media players (initially from offshore consumer 
electronics and networking companies, for example, Cisco/LinkSys) are 
poised to enter the market.  These appliances will allow playback of all 
the common HD encoded media, including those ripped from the commercial HD 
discs.  This will place the content from pirates and P2P community in the 
hands of the less sophisticated Home Theater consumer.


Steve 


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Governance of anonymous financial services

2007-03-31 Thread Steve Schear

At 12:15 PM 3/30/2007, Hal Finney wrote:

 If the backing is distributed among a multitude of holders (e.g., in a
 fashion similar to how Lloyds backs their insurance empire), who's
 identities are kept secret until audit time and then only a few, randomly
 selected, names and claimed deposit amounts are revealed to the auditors,
 might this statistical sampling and the totals projected from the results
 be a reasonable replacement for 'full asset' audit?  To protect the
 identities of the holders could a complete list of the hashes of each name
 and claimed deposit be revealed to the auditors, who then select M of N
 hashes whereupon the operator reveals only those identities and claimed
 deposits work cryptographically?

One problem is the holders could collude and play a shell game.
Suppose that 30% of the holders were going to be asked to reveal their
assets, then the company could back only 30% of the currency, and
redistribute the assets to the selected holders before the auditors come.


How about this method?

1.) Auditors meet at a defined place and time.

2.) Courier arrives and presents a fraction N of M of the backing, once at 
a time, to the auditors


3.) Auditors verify the fraction, account for it and enclose it in a 
container with a unique hard to forge seal


4.) Courier leaves

5.) Step 2-4 are repeated until the total of M has been presented to the 
auditors


6.) In the second round, the auditors request the same fractions N of M 
again. Not all N have to be presented, but can be


7.) One after another the couriers with the respective fractions present 
them again to the auditors


8.) The auditors verify the seals, and remove them

9.) The couriers leave

There are two disadvantages to the process:
1.) It takes quite some time.
2.) It is expensive

The advantages are:
1.) It is secure for the auditors and the operators
2.) It presents the full backing

Steve 


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Governance of anonymous financial services

2007-03-30 Thread Steve Schear

At 08:23 PM 3/29/2007, Allen wrote:

Steve,

I assume that you mean the owner of the on-line financial service when you 
say operator, correct? In which case what exactly are the auditors going 
to be looking at when comes time to audit but the operator's identity, 
whereabouts, the servers and a portion of the assets are undisclosed?


As we have seen in the prosecutions of large corporation officers knowing 
their identity is no guarantee that stakeholders will not be 
defrauded.  Can you explain why knowing the server whereabouts is 
required?  Certainly there are cryptographically sound ways (e.g., time 
stamps from independent and trusted sources, hash chaining, etc.) that anon 
DBC mints can provide transaction logs that can be publicly examined and 
verified without ever touching the server.



In a basic sense auditing is to see if the reality behind the books 
matches the books. That the number of sheaves of wheat you have in the 
warehouse match the number you have in the office. If you can not locate 
the reality what are you verifying?


The scenario described and method I proposed I think do address the 
identification of assets.  I maintain that random sampling can, when 
properly carried out, provide a mathematically sound confidence of the 
total size of assets.


I think, rather than governance, this goes to the heart of trust in 
relationships. Governance to me is more the process of verifying that the 
trust is not misplaced and that audits are simply one way, but only one of 
many ways, of quantifying the level of trust one can have in the relationship.


Agreed.

Steve 


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: private credential/ecash thread on slashdot (Re: announce: credlib library with brands and chaum credentials)

2007-02-26 Thread Steve Schear

At 04:40 PM 2/20/2007, Adam Back wrote:

There is quite some underinformed speculation as critique on the
thread...  Its interesting to see people who probably understand SSL,
SMIME and stuff at least at a power user if not programmer level, try
to make logical leaps about what must be wrong or limited about
unlinkable credential schemes.  Shows the challenges faced in
deploying this stuff.  Cant deploy what people dont understand!


I certainly relate with that. Much of what is widely deployed fits that 
category with me. But then, look at how successful fiat money, paper money, 
is. That is certainly not understood by most, but it does not have the 
problem of lack of deployment. So maybe trust and understanding are not 
related with each other and we need to understand this point better.


In actuality, most stuff is not understood. Who understands how their cars 
work, or their airplane rides across the country, or their computers, 
banks, medical systems and on and on?


I say Adam has a good point, but maybe it's the wrong one. :)

Steve 


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


New digital bearer cash site launched

2007-02-21 Thread Steve Schear
With the expiration of Chaum's key patents it was assumed that someone 
would step up an try their hand at launching a DBC-based financial 
service.  Some time has passed and I'm happy to announce that this has 
finally happened.  Taking a cue from the lively Digital Gold Currencies, 
eCache's first denomination if gold backed.  Unlike Digicash's instruments, 
eCache is using a mixing technique, rather than blinding, to help preserve 
unlinkability.  Its mint is located on a hidden server in TOR-land.  More 
information at: https://ffij33ewbnoeqnup.onion.meshmx.com/doc.php


Comments are invited about the technology and governance aspects that such 
financial services invoke.


Steve

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?

2007-01-19 Thread Steve Schear

At 03:57 PM 1/18/2007, Saqib Ali wrote:

When is the last time you checked the code for the open source app
that you use, to make sure that it is written properly?


When is the last time you carefully checked the code for a closed source 
app that you use? (Besides the one you mentioned  to start this thread)


Steve 


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Real-world password guessing

2007-01-18 Thread Steve Schear

http://dilbert.com/comics/dilbert/archive/dilbert-20070117.html
http://dilbert.com/comics/dilbert/archive/dilbert-20070118.html

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: It's a Presidential Mandate, Feds use it. How come you are not using FDE?

2007-01-16 Thread Steve Schear

At 06:32 AM 1/16/2007, Steven M. Bellovin wrote:

Disk encryption, in general, is useful when the enemy has physical
access to the disk.  Laptops -- the case you describe on your page --
do fit that category; I have no quarrel with disk encryption for them.
It's more dubious for desktops and *much* more dubious for servers.


As governments widen their definitions of just who is a potential threat it 
makes increasing sense for citizens engaged in previous innocuous 
activities (especially political and financial privacy) to protect their 
data from being useful if seized.  This goes double for those operating 
privacy-oriented services and their servers.  As an example, when TOR 
servers were recently seized in German raids (with the implication that 
they were being used as conduits for child porn) the police knew enough to 
only take the hot-swap drives (which were encrypted and therefore paper 
weights after removal) if only for show.  The main loss to the operators 
was repair to the cage locks.


Steve 


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


SC-based link encryption

2007-01-04 Thread Steve Schear
I haven't been following the smartcard scene for a while.  I'm looking to 
create a low-cost and portable link encryptor, with D-H or similar key 
exchange, for lower 100kbps data speeds. Is this possible?


Steve

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: cellphones as room bugs

2006-12-03 Thread Steve Schear

At 07:21 AM 12/2/2006, Perry E. Metzger wrote:


Quoting:

   The FBI appears to have begun using a novel form of electronic
   surveillance in criminal investigations: remotely activating a
   mobile phone's microphone and using it to eavesdrop on nearby
   conversations.

   The technique is called a roving bug, and was approved by top
   U.S. Department of Justice officials for use against members of a
   New York organized crime family who were wary of conventional
   surveillance techniques such as tailing a suspect or wiretapping
   him.


This technique was pioneered by some criminals (drug, I think) that would 
'forget' their cell phones in police cars to they could listen in on them.


Steve 


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: cellphones as room bugs

2006-12-03 Thread Steve Schear

At 07:21 AM 12/2/2006, Perry E. Metzger wrote:


Quoting:

   The FBI appears to have begun using a novel form of electronic
   surveillance in criminal investigations: remotely activating a
   mobile phone's microphone and using it to eavesdrop on nearby
   conversations.


BTW, its easy to thwart this, even without removing the battery as 
recommended: just place a shorted jack into the phone's mic/headset 
plug.  These plug's use an physical-electrical contact switching method to 
shunt the audio so the software AFAIK can route around it.


Steve 


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: fyi: On-card displays

2006-09-21 Thread Steve Schear

At 02:45 PM 9/20/2006, [EMAIL PROTECTED] wrote:

Via Bruce Schneier's blog, flexible displays that can sit on smartcards.
So we finally have an output mechanism that means you don't have to
trust smartcard terminal displays:
http://www.cr80news.com/library/2006/09/16/on-card-displays-become-reality-maki
ng-cards-more-secure/


I have a Mondex card from years ago that used a separate reader with LCD.

Steve 



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NSA knows who you've called.

2006-05-18 Thread Steve Schear

At 08:05 AM 5/11/2006, Perry E. Metzger wrote:

Let me again remind people that if you do not inform your elected
representatives of your displeasure with this sort of thing,
eventually you will not be in a position to inform them of your
displeasure with this sort of thing.


I think begging elected representatives to acknowledge your rights is 
generally a waste of time, especially when there is powerful or ingrained 
opposition.  The Civil Rights movement got nowhere until there was massive 
civil disobedience.  Widespread deployment of generic and otherwise 
acceptable technologies that can be re-targeted for end-user controlled 
privacy (not what governments would like to see, which is privacy mediated 
by corporations, licensed professionals or other regulated entities they 
can easily pressure) and/or insistence of powerful and wealthy individuals 
that they have the privacy they deserve and get it in such a way as its 
easily unavailable to the average citizen.


Steve 



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Black Hole Encryption

2006-04-04 Thread Steve Schear
What happens to the quantum information ingested by a black hole? In 1997, 
Thorne and Hawking argued that information swallowed by a black hole is 
forever hidden, despite the fact that these dense objects do emit a 
peculiar kind of radiation and eventually evaporate. Preskill countered 
that for quantum mechanics to remain valid, the theory mandates that the 
information has to be released from the evaporating black hole in some 
fashion. Although Hawking conceded in 2004, the disagreement between 
Preskill and Thorne still stands.


Smolin and Oppenheim now find that one of the main assertions made about 
black holes may be flawed. It is often assumed that as the black hole 
evaporates, all of the information gets stored in the remnant until the 
very end, at which point the information is either released or else 
disappears forever. Instead, Smolin and Oppenheim suggest that the 
information is distributed among the quanta thatescape during evaporation, 
but is encrypted and thus effectively locked away.


The catch is that it can only be accessed with the help of the quanta 
released when the black hole disappears, in much the same way as a 
cryptographic key unlocks a coded message. The result offers a link between 
general relativity and quantum cryptography. — DV


Phys. Rev. Lett. 96, 081302 (2006).


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Cryptography Expert Paul Kocher Warns: Future DVDs Prime Target for Piracy, Pay TV Foreshadows Challenges

2004-04-22 Thread Steve Schear
At 10:40 AM 4/20/2004, R. A. Hettinga wrote:
While it's unfortunate that security on the current DVD format is broken
and can't be reprogrammed, HD is what really matters. Once studios release
high-definition content, there will be little or no distinction between
studio-quality and consumer-quality, said Kocher. This means that HD is
probably Hollywood's one and only chance to get security right.
The major problem facing Hollywood in protecting their HD content is that 
it runs smack up against an installed base of millions of HDTVs with only 
ACV (analog component video), including mine.  These consumers were 
promised by the FCC that they would not be left to twist in the wind when 
newer set-top-box to TV connections evolved and it does not appear 
technically practical to retrofit these sets to accommodate encrypted DVI 
or Firewire inputs.  The FCC has already stated they do not support 
broadcast flags for pay content and unless they back-peddle on this 
Hollywood appears to have only three other options: restrict the 
availability of HD content to cable broadcasters, prevent the sale of 
devices that can capture HD quality content from ACV, or insist that the 
resolution of ACV signals be degraded when copy restricted content is 
being broadcast.

The first will bring great howls from existing HDTV owners with only 
ACV.  The second is probably impractical since illegal devices (little more 
than 3-channel A-D converters on a PCI card) are sure to be produced and 
only a small number in the hands of skilled movie releasing groups are 
required to widely disseminate their content via the Internet.  The third 
option is also sure to bring major complaints from existing set owners.

steve  

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Microsoft publicly announces Penny Black PoW postage project

2003-12-28 Thread Steve Schear


http://news.bbc.co.uk/2/hi/technology/3324883.stm

Adam Back is part of this team, I think.

Similar approach to Camram/hahscash.  Memory-based approaches have been 
discussed.  Why hasn't Camram explored them?

steve

BTW, Penny Black stamp was only used briefly.  It was the Penny Red which 
was used for decades. 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: 'Smart stamps' next in war on terrorism

2003-11-16 Thread Steve Schear

The postal notice itself says this is the first step to identify all
senders, so this is not a matter of paranoia, this is reality. The post
office is moving towards identification requirements for everyone, said
Chris Hoofnagle, associate director of the Electronic Privacy Information
Center.
Mr. Hoofnagle scoffed at the notion identification could prevent crimes
such as the anthrax attacks on members of Congress and news media two years
ago.
Anyone resourceful enough to obtain anthrax can get a stamp without
going through the new channels, Mr. Hoofnagle said.
A Treasury Department report from the Mailing Industry Task Force also
recommended that the industry promote development of the 'intelligent'
mail piece by collaborating with the Postal Service to implement standards
and systems to make every mail piece - including packages - unique and
trackable.
What happens if I buy stamps and you need one, is it legal for me to
give it to you? Mr. Hoofnagle said.
If this foolishness is implemented I'm sure stamp exchanges will become 
routine at many public and private meetings.  Such exchanges could become a 
good business opportunity.

Ari Schwartz, associate director for the Center for Democracy and
Technology, said intelligent mail can play an important role and improve
the mail system.
However, privacy issues must be seriously addressed, and moving forward
with the rules on bulk mail could alleviate some concerns, he said.
There is a right to anonymity in the mail. If you look back in the
history of this country, the mail has played an important role in free
expression and political speech and anonymous mail has provided that, Mr.
Schwartz said.
As others have mentioned, the Supreme Court has ruled that anonymous 
correspondence is supported under freedom of political speech.  The USPS is 
a quasi-governmental organization with exclusive legal rights to transport 
and deliver first-class mail to our mail boxes.  Exactly the kind of mail, 
which if anonymous could be protected speech.  It seems fair to me that if 
the USPS wanted to foreclose on our ability to use anonymous first-class 
mail then they should be willing to give up the exclusivity of their 
first-class mail franchise, so competitors who will offer this can deliver 
to postal mail boxes.

steve 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Software protection scheme may boost new game sales

2003-10-11 Thread Steve Schear
Companies are using a new software protection system, called Fade, to
protect their intellectual property from software thieves. Fade is being
introduced by Macrovision, which specializes in digital rights management,
and the British games developer Codemasters. What the program does is make
unauthorized copies of games slowly degrade, by exploiting the systems for
error correction that computers use to cope with CD-ROMs or DVDs that have
become scratched. Software protected by Fade contains fragments of
subversive code designed to seem like scratches, which are then arranged
on the disc in a pattern that will be used to prevent copying. Bruce
Everiss of Codemasters says, The beauty of this is that the degrading copy
becomes a sales promotion tool. People go out and buy an original version.
(New Scientist 10 Oct 2003)
http://www.newscientist.com/news/news.jsp?id=ns4248

steve

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Freenet fork appears likely (was Re: Gmane -- Re: Why is Freenet so sick at the moment?)

2003-10-07 Thread Steve Schear

On Sat, Oct 04, 2003 at 11:31:36PM -0700, Ian Clarke spake thusly:
 I have never ever characterized Freenet as being anything other than in
 development.  If you don't like the fact that Freenet is taking so-long
 to perfect, then either help, or use Earth Station 5 - I hear its great.
You never said anything to this effect when people started putting things
in the network that could get them sent to prison so it was rather
implicit.
And now after finding that fred is unable to open /dev/random on my system
due to what appears to be a bug (opening for write instead of read) I am
now worried about the security of the encryption due to lack of entropy.
I'm glad I don't use freenet for anything illegal/unpopular but I'm quite
worried for those who do.
On IIRC a new channel #fredisdead has been receiving quite a bit of 
interest (along with discussions on #anonymous and #freenet).  It appears 
that a small group of developers, fed up with the recent spate of Freent 
problems has decided to take a step back, to release 692 and have started a 
revolt.

http://mids.student.utwente.nl/~mids/freenet/fid.html

steve 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Steve Schear
At 02:37 AM 9/9/2003 +1000, Greg Rose wrote:
At 05:18 PM 9/7/2003 -0700, David Honig wrote:
A copy of the research was sent to GSM authorities in order to correct the
problem, and the method is being patented so that in future it can be used
by the law enforcement agencies.
Laughing my ass off.  Since when do governments care about patents?
How would this help/harm them from exploiting it?   Not that
high-end LEOs haven't already had this capacity ---Biham et al
are only the first *open* researchers to reveal this.
Actually, patenting the method isn't nearly as silly as it sounds. 
Produced in quantity, a device to break GSM using this attack is not going 
to cost much more than a cellphone (without subsidies). Patenting the 
attack prevents the production of the radio shack (tm) gsm scanner, so 
that it at least requires serious attackers, not idle retirees or jealous 
teenagers.
Not if they can type GNURadio into Google.

steve

A foolish Constitutional inconsistency is the hobgoblin of freedom, adored 
by judges and demagogue statesmen.
- Steve Schear 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


RE: Code breakers crack GSM cellphone encryption

2003-09-08 Thread Steve Schear
At 05:04 PM 9/8/2003 -0400, Trei, Peter wrote:
 David Honig[SMTP:[EMAIL PROTECTED] wrote:

 At 02:37 AM 9/9/03 +1000, Greg Rose wrote:

 much more than a cellphone (without subsidies). Patenting the attack
 prevents the production of the radio shack (tm) gsm scanner, so that it

 at least requires serious attackers, not idle retirees or jealous
 teenagers.

Why the heck would a government agency have to break the GSM encryption
at all? The encryption is only on the airlink, and all GSM calls travel
through
the POTS land line system in the clear, where they are subject to
warranted wiretaps.
Breaking GSM is only of useful if you have no access to the landline
portion of the system.
LE agencies have been known to eavesdrop on cellular communications over 
the air when a wiretap might cause trouble later.  They are also thought to 
possess cellular spoofing equipment so targeted subscriber instruments can 
be captured by mobile rouge cell sites for fun stuff (I seem to recall 
Harris Communications made these).

steve

A foolish Constitutional inconsistency is the hobgoblin of freedom, adored 
by judges and demagogue statesmen.
- Steve Schear 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Hijacking .NET

2003-09-02 Thread Steve Schear


In the .NET Framework, it's possible to access a private member of any 
class -- your own, another developer's, or even the classes in the .NET 
Framework itself! Appleman demonstrates this with a great example that uses 
private members to get the list of groups that the current user is a member 
of -- in a single line of code -- by accessing a private member that is not 
exposed by the .NET Framework.

http://books.slashdot.org/article.pl?sid=03/05/20/1640225mode=nested 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: JAP back doored

2003-09-02 Thread Steve Schear
http://www.heise.de/newsticker/data/jk-02.09.03-005/

German police have searched and seized the rooms (dorm?) of one of the JAP 
developers.  They were on the look for data that was logged throughout the 
period when JAP had to log specific traffic.  The JAP-people say that the 
seizure was not conform with German law. They suggest that the police was 
afraid that they wouldn't  gain the right to use this data before a normal 
court. So they stole it to make things clear.  And since the JAP team did 
cooperate with them the previous time they now have the logs to get seized.

I'll bet the logs weren't encrypted.  Fools.

steve

Anarchy may not be a better form of government, but it's better than no 
government at all.  

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: traffix analysis

2003-08-28 Thread Steve Schear
At 09:17 PM 8/27/2003 -0500, Anonymous wrote:
It will often be possible to also trace the communication channel back
through the crowd, by inserting delays onto chosen links and observing
which ones correlate with delays in the data observed at the endpoint.
This way it is not necessary to monitor all subscribers to the crowd,
but rather individual traffic flows can be traced.
Using random throwaway WiFi neighborhood hotspots can blunt this type of 
attack.  Even if they trace the link back to the consumer who lent his 
bandwidth it may provide scant  information.

steve

Experience teaches us to be most on our guard to protect liberty when the
government's purpose is beneficent. Men born to freedom are naturally alert
to repel invasion of their liberty by evil-minded rulers. The greatest
dangers to liberty lurk in insidious encroachment by men of zeal,
well-meaning but without understanding. -Louis Dembitz Brandeis, lawyer,
judge, and writer (1856-1941)
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Grey-World

2003-07-09 Thread Steve Schear
An excellent site for those interested in tunneling, covert channels, 
network related steganographic methods developments.

http://gray-world.net/

There is no protection or safety in anticipatory servility.
Craig Spencer
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


New toy: SSLbar

2003-06-24 Thread Steve Schear
It's a toolbar for Mozilla (and related web browsers) that automatically 
displays the SHA1 or MD5 fingerprint of the SSL certificate when you visit 
an SSL secured web site. You could of course click the little padlock icon 
and dig through a couple of dialogs to see it, but it's much easier when 
it's right there in front of you on the toolbar.

So, what's the point?

If you look at the fingerprint of an SSL certificate, and compare this 
against a fingerprint that you obtain from the site's owner via another 
channel (IIP, email, PGP-signed web page, etc.) you can be absolutely 
certain that the certificate is legitimate, and that you are exchanging 
encrypted data with the persons(s) you intended to.

A more engaging description of the above - as well as SSLbar itself - can 
be found at 
https://194.109.142.142:1984/redirect.php?url=http%3A%2F%2Fsslbar.metropipe.nethttp://sslbar.metropipe.net

Enjoy.

A Jobless Recovery is like a Breadless Sandwich.
-- Steve Schear 
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Session Fixation Vulnerability in Web Based Apps

2003-06-12 Thread Steve Schear
http://www.acros.si/papers/session_fixation.pdf

A Jobless Recovery is like a Breadless Sandwich.
-- Steve Schear 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]