Re: Optical Tempest FAQ
On Fri, 3 Dec 2004 01:01:57 -0500, Dave Emery [EMAIL PROTECTED] wrote: ... In fact the greater hazard may sometimes be from red, yellow or green LEDs on the front of equipment that are directly driven with real data in order to allow troubleshooting - recovering data from one of those at a distance using a good telescope may be possible and most people don't think of the gentle flicker of the LED as carrying actual information that could be intercepted. Like this classic. Was just as much fun to reread as it was the first time. :) http://www.google.ca/search?q=cache:YdHPMAbPMeAJ:www.applied-math.org/optical_tempest.pdf+black+tape+over+modem+lights+tempesthl=enclient=firefox http://www.applied-math.org/optical_tempest.pdf -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: [osint] Group to launch terrorist database
On Thu, 18 Nov 2004 23:45:33 -0500 (EST), Steve Thompson [EMAIL PROTECTED] wrote: They should set up a snitch line, so to speak, so that the general public can report, possibly even by email, incidents of small-scale terrorism and potential terrorism that they might witness as they go about their daily lives. It couldn't hurt. In fact, such a move would easily eliminate any question of institutional bias in reference to the selection criterion used to evaluate whether any given incident qualifies as terrorism or not. Quoting from http://bofh.ntk.net/Bastard3.html == I make a mental note of his license plate. In fact, I did that 60 times a minute for 15 and a half minutes. Oh dear.. oh dear Looks like another call to the DMV Database to register a vehicle as stolen by out of town arms dealers... == So when some jackhole cuts you off in traffic, now you don't report him as a possible drunk driver, now you can turn him into DHS as a highway terrorist. Unless he's preemtively called you in. Everyone remember the rules of the prisoner's game? Anyway, you already have snitch lines. http://www.fbi.gov/page2/oct04/seekinfo103004.htm says you can use the online tip form, or contact your local FBI office or US embassy. Or your police department. I'm not usually one to come out in favour of government database systems, but for something like the terrorism database (which has the potential to greatly enhance the security of democracy and law), what's there not to like about it? Howzabout the difficulty of sorting the useful tips out of the chaff when you just know that some new spam network will be set up to flood the system with bogus yet somewhat plausible tips. Howzabout the difficulty that you - the meat blob - will have trying to get your name out of the database after you unfortunately happened to be within a 10 mile radius of the real terrorists. Howzabout the fact that in this day and age of the internet and telephone, no one seems to have successfully managed to hack up some little Law-Enforcement-Only forum where They go to talk about how to catch terrorists. That's a people problem, really. Howzabout the fact that all LE organizations seem to have a real hard time working together, squealing about jurisdiction, etc. If they were actually serious about getting the job done, they'd either put the juris-my-dick-tion bullshit or there would be some presidental directive simply ordering everyone to play nice together. I don't think either of those are happening, based on the number of security czars who seem to be retiring suddenly. -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Why Americans Hate Democrats-A Dialogue
Fun bits to read, somewhat related to Owell and the perceived notional differences between various... extremists. http://www.campusprogram.com/reference/en/wikipedia/f/fa/fascism.html http://www.k-1.com/Orwell/site/opinion/essays/storgaard1.html http://orwell.ru/library/articles/As_I_Please/english/efasc http://www.mtholyoke.edu/acad/intrel/orwell46.htm Certainly one could infer from reading Politics and the English Language that Orwell could've or would've thought such a thing. If anyone finds it before I do, post a link, will ya? CK On Sat, 6 Nov 2004 18:38:21 -0500, R.A. Hettinga [EMAIL PROTECTED] wrote: At 9:31 AM -0800 11/6/04, James Donald wrote: As George Orwell observed, anyone who thinks there is a significant difference between nazis and commies is in favor of one or the other. I'm going to have hunt that one up for my .sig file. Thank you. Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Why Americans Hate Democrats-A Dialogue
Fun bits to read, somewhat related to Owell and the perceived notional differences between various... extremists. http://www.campusprogram.com/reference/en/wikipedia/f/fa/fascism.html http://www.k-1.com/Orwell/site/opinion/essays/storgaard1.html http://orwell.ru/library/articles/As_I_Please/english/efasc http://www.mtholyoke.edu/acad/intrel/orwell46.htm Certainly one could infer from reading Politics and the English Language that Orwell could've or would've thought such a thing. If anyone finds it before I do, post a link, will ya? CK On Sat, 6 Nov 2004 18:38:21 -0500, R.A. Hettinga [EMAIL PROTECTED] wrote: At 9:31 AM -0800 11/6/04, James Donald wrote: As George Orwell observed, anyone who thinks there is a significant difference between nazis and commies is in favor of one or the other. I'm going to have hunt that one up for my .sig file. Thank you. Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Your source code, for sale
On Fri, 05 Nov 2004 10:01:41 -0500, Tyler Durden [EMAIL PROTECTED] wrote: ... My photo-bundle receives the releases and opens, and then shoots off a message that activates the pre-release on your end, giving you the cash. Is a 3rd party necessary here? I don't see it, but then again I could be wrong. What if I block the outbound release the money message after I unbundle the images. Sure, I've already committed my money, but you can't get to it. In effect I've just ripped you off, because I have usable product and you don't have usable money. The proof of delivery comes in handy here, so that as soon as I can prove to the bank that my product has arrived within your administrative area, they'll pay me. And the bank sends me a key to unlock the product as soon as it sends you the money. And what *GUARANTEE* do I have that the blob of bits you sent me with the Geri Ryan photos on the outside isn't something from goatse.cx or tubgirl...? Let's say there are 24000 items in the tarball of the IOS code. Do you want to pay $24K for all of them (once) or $12K for half of them (twice) or $1 per file or directory (24000 times)? Do you want to pay per committed bit or character? How can you protect yourself from me committing to sell you /dev/random? I'm sure everyone has this bit committed to memory, but the beginning of Applied Crypto, chapter 2 says: = Protocols have other characteristics as well: -- Everyone involved in the protocol must know the protocol and all of the steps to follow in advance. -- Everyone involved in the protocol must agree to follow it. -- The protocol must be unambiguous; each step must be well defined and there must be no chance of a misunderstanding. -- The protocol must be complete; there must be a specified action for every possible situation. ... The whole point of using cryptography in a protocol is to prevent or detect eavesdropping and cheating. = That last property is critical: what does the protocol do when someone isn't playing by the rules? Of course, there's nothing that crypto can do to prevent you from selling me garbage, only the fact that you intentionally did so can be proven. Comment about bribing the dockside worker at the shipping line deleted. -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Your source code, for sale
On Fri, 05 Nov 2004 10:01:41 -0500, Tyler Durden [EMAIL PROTECTED] wrote: ... My photo-bundle receives the releases and opens, and then shoots off a message that activates the pre-release on your end, giving you the cash. Is a 3rd party necessary here? I don't see it, but then again I could be wrong. What if I block the outbound release the money message after I unbundle the images. Sure, I've already committed my money, but you can't get to it. In effect I've just ripped you off, because I have usable product and you don't have usable money. The proof of delivery comes in handy here, so that as soon as I can prove to the bank that my product has arrived within your administrative area, they'll pay me. And the bank sends me a key to unlock the product as soon as it sends you the money. And what *GUARANTEE* do I have that the blob of bits you sent me with the Geri Ryan photos on the outside isn't something from goatse.cx or tubgirl...? Let's say there are 24000 items in the tarball of the IOS code. Do you want to pay $24K for all of them (once) or $12K for half of them (twice) or $1 per file or directory (24000 times)? Do you want to pay per committed bit or character? How can you protect yourself from me committing to sell you /dev/random? I'm sure everyone has this bit committed to memory, but the beginning of Applied Crypto, chapter 2 says: = Protocols have other characteristics as well: -- Everyone involved in the protocol must know the protocol and all of the steps to follow in advance. -- Everyone involved in the protocol must agree to follow it. -- The protocol must be unambiguous; each step must be well defined and there must be no chance of a misunderstanding. -- The protocol must be complete; there must be a specified action for every possible situation. .. The whole point of using cryptography in a protocol is to prevent or detect eavesdropping and cheating. = That last property is critical: what does the protocol do when someone isn't playing by the rules? Of course, there's nothing that crypto can do to prevent you from selling me garbage, only the fact that you intentionally did so can be proven. Comment about bribing the dockside worker at the shipping line deleted. -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: campus network admins
On Thu, 04 Nov 2004 02:34:46 -0500, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I recently violated the network user agreement (they packet-sniffed and got the username/password for my FTP server and didn't like what I was sharing with myself) and was informed by the admin that I am now 'under observation' and that they hope I don't like privacy. Considering this admin was an NSA employee, I tend to take that threat a little seriously. Two questions: Yes, it's not wise to mock the people who busted you to their faces. Scheming requires more subtlety. Kinda like doing a big smoky burnout and leaving a hundred feet of rubber on the road in front of the cop who just gave you a speeding ticket is a bad idea. 1) I'm assuming they can legally look at anything that comes in or out of my computer, but is that the case? Can they look at my computer itself, or take me off the network for the private contents of my computer? Read the agreement and see. Are you doing something illegal? Are you doing something that exposes the network owners to risk of some sort? Is it your personal hardware or was it provided to you by the network owners. Was there a clause in your terms of service that says the network owners can monitor/audit use, yadda yadda yadda...? Depending on the perceived severity of the infraction, your local security or police officers may be coming to pay a visit and impound your machine. Depending on which political backwater or fascist/EpithetOfChoice regime you live under, they could very well be doing you a favor. Or they could be covering their butts. Whatever - you got the short end of the stick. 2) Is there some sort of service I can use to have everything I do on the network encrypted, such as a tunneling service to the internet? In other words I did something that got me in trouble, I know what I'm doing is wrong, or at least if I do it again, I'll get in more trouble. Please help me to do these bad things and stay out of trouble. Be honest. It's OK to say yes. Short answer: Yes. Longer answer: SSH tunnels, IPSec tunnels, ssl-ized protocols, mixmasters, freenets, onion routers, and buying your own network connection from a 3rd party are all valid options. I'm sure that if you google for things like internet privacy service, the likes of anonymizer (just the first one that came to mind) will turn up. There are plenty of very low cost solutions if you're willing to try stuff that may break your machine for a while causing you to learn stuff the hard way. :) If there's stuff I shouldn't be doing at work (like consulting), well, that's what my home net is for. Perhaps you might want to carefully consider why your administration doesn't want you doing stuff with their network in light of what it costs to have their class of network activity. Now let's run that kind of pipe to your house, and bridge in an open wireless access point. I bet it wouldn't make you very happy to find other people abusing your network connection. Pretend you've been downloading 5 gigs of movies a day over cleartext bittorrent. You get busted, so rather than not doing that, you switch to an encrypted protocol, but continue to generate 5 gigs a day with your computer, and you're still talking to a similar bunch of hosts. Traffic analysis says we suspect you of being up to your old tricks. In this case one technical countermeasure does not help because the problem is higher up the stack... at the chair-to-keyboard interface layer. This may be a bit vague - no idea who you are or where you live, so I am generalizing. Simple truths: You have pissed off The Man - assume for the next little while that he's watching (and is seeing this). There are certain technologies available which may help you, but consider the behavioural, economic, legal and political factors as well. -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Fwd: the simian unelected is blocking the world
meant to send this to the list too -- Forwarded message -- From: Chris Kuethe [EMAIL PROTECTED] Date: Wed, 27 Oct 2004 08:56:45 -0600 Subject: Re: the simian unelected is blocking the world To: Eugen Leitl [EMAIL PROTECTED] On Wed, 27 Oct 2004 12:11:59 +0200, Eugen Leitl [EMAIL PROTECTED] wrote: Access to http://www.georgewbush.com/ is blocked but from US IP address space. Access Denied You don't have permission to access http://www.georgewbush.com/; on this server. Hrm. Shrub a) has now disabled the geo-ip test or b) considers .ca to be part of .us because from my cable modem (rDNS = .net) I can get to the site just fine, and I can also get to it from work (rDNS = .ca) ICBM: 48.07078, 11.61144http://www.leitl.org Germany, no? Have your politicians pissed of Shrub lately? I'm surprised I can see the site, what with various provincial governments tossing around memos referring to him as Shrub. -- GDB has a 'break' feature; why doesn't it have 'fix' too? -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Fwd: the simian unelected is blocking the world
meant to send this to the list too -- Forwarded message -- From: Chris Kuethe [EMAIL PROTECTED] Date: Wed, 27 Oct 2004 08:56:45 -0600 Subject: Re: the simian unelected is blocking the world To: Eugen Leitl [EMAIL PROTECTED] On Wed, 27 Oct 2004 12:11:59 +0200, Eugen Leitl [EMAIL PROTECTED] wrote: Access to http://www.georgewbush.com/ is blocked but from US IP address space. Access Denied You don't have permission to access http://www.georgewbush.com/; on this server. Hrm. Shrub a) has now disabled the geo-ip test or b) considers .ca to be part of .us because from my cable modem (rDNS = .net) I can get to the site just fine, and I can also get to it from work (rDNS = .ca) ICBM: 48.07078, 11.61144http://www.leitl.org Germany, no? Have your politicians pissed of Shrub lately? I'm surprised I can see the site, what with various provincial governments tossing around memos referring to him as Shrub. -- GDB has a 'break' feature; why doesn't it have 'fix' too? -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
On Wed, 13 Oct 2004 09:27:20 -0700, James A. Donald [EMAIL PROTECTED] wrote: Two problems: Kinda... 1. Instantaneous and complete transfer is irrevocable, thus attractive to ten million phishing spammers, virus witers etc. Instantaneous and complete transfer of cash to a mugger, burglar, or other hoodlum is difficult to revoke, thus I watch my back when I go to a bank machine and limit my exposure by not transporting more anonymous value tokens than I need to 2. Governments want everyone to keep records on everyone else, and make those records available to the government, thus discriminate against the more cashlike forms of internet money. Agreed. My habit of pulling a $20 out of the bank machine all the time looks... interesting. Really though, it's just a change-jar on speed: grab $20, spend $12 of it, throw the rest in my change jar. Repeat tomorrow. After a while the change jar looks pretty healthy... In a way it's self-laundered, mini-mixmastered money. There is no proof that this transaction here was the reason that drug dealer over there is X dollars richer and Y ounces lighter. It is clear that the world needs a fully cashlike form of internet money, that there is real demand for this, but the low security of personal computers makes it insecure from thieves, and the hostility of national governments make it insecure from governments. Agreed. I would hope that users of iCash get fully educated on what that entails: that that blob of bits is just as much $20 as that green piece of paper or that big pile of quarters. And if someone gets it and spends it, you may as well have been mugged. People do eventually learn when it costs them something out of pocket. Now that they've learned that the white headphones mean I'm a target with an iPod, mug me! I see a lot of iPod users with boring old sony or koss headphones. Right now, insecurity doesn't cost the end-user enough. As soon as some virus comes along and wipes out some new york times columnist's savings, and he screams about it, then and only then will the slightest nonzero percentage of the sheeple pay attention for a bit. Hm... this is one of those liberty vs. security moments, isn't it? Risk of carrying value versus freedom to engage in private transactions acceptable to all the players. -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
On Wed, 13 Oct 2004 09:27:20 -0700, James A. Donald [EMAIL PROTECTED] wrote: Two problems: Kinda... 1. Instantaneous and complete transfer is irrevocable, thus attractive to ten million phishing spammers, virus witers etc. Instantaneous and complete transfer of cash to a mugger, burglar, or other hoodlum is difficult to revoke, thus I watch my back when I go to a bank machine and limit my exposure by not transporting more anonymous value tokens than I need to 2. Governments want everyone to keep records on everyone else, and make those records available to the government, thus discriminate against the more cashlike forms of internet money. Agreed. My habit of pulling a $20 out of the bank machine all the time looks... interesting. Really though, it's just a change-jar on speed: grab $20, spend $12 of it, throw the rest in my change jar. Repeat tomorrow. After a while the change jar looks pretty healthy... In a way it's self-laundered, mini-mixmastered money. There is no proof that this transaction here was the reason that drug dealer over there is X dollars richer and Y ounces lighter. It is clear that the world needs a fully cashlike form of internet money, that there is real demand for this, but the low security of personal computers makes it insecure from thieves, and the hostility of national governments make it insecure from governments. Agreed. I would hope that users of iCash get fully educated on what that entails: that that blob of bits is just as much $20 as that green piece of paper or that big pile of quarters. And if someone gets it and spends it, you may as well have been mugged. People do eventually learn when it costs them something out of pocket. Now that they've learned that the white headphones mean I'm a target with an iPod, mug me! I see a lot of iPod users with boring old sony or koss headphones. Right now, insecurity doesn't cost the end-user enough. As soon as some virus comes along and wipes out some new york times columnist's savings, and he screams about it, then and only then will the slightest nonzero percentage of the sheeple pay attention for a bit. Hm... this is one of those liberty vs. security moments, isn't it? Risk of carrying value versus freedom to engage in private transactions acceptable to all the players. -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: [cta@hcsin.net: Re: CNN: 'Explores Possibility that Power Outage is Related to Internet Worm']
On Fri, 15 Aug 2003, Harmon Seaver wrote: Somehow I have difficulty believing the these people could be so totally lame as to be running mission-critical stuff like this on windoze. Please say it isn't true. it's scary just how much mission-critical stuff runs on windows. i'll confess right now to being a unix zealot, so the thought of anything mission critical (beyond hotmail and freecell) on windows is scary. i know of some fairly large installations running control systems for power generation on windows. these same sites then give the vendors access to the system via vpn across the internet. sure there are firewalls, but i don't have faith in the long-term maintenance of the vendor sites. Is the military also now dependant on windoze? Bizarre, absolutely bizarre. And here I thought it was probably caused by people with potato guns firing tennis balls filled with concrete, attached to coils of wire cable, dropping them across the power lines and transformer stations. the power lines are certainly low-hanging fruit... CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Low cost cruise missile
On Sat, 28 Jun 2003, Steve Schear wrote: A New Zealand home handyman's bid to construct a cruise missile in his shed has made global headlines, and the British media have dubbed him a threat to world security. http://www.theage.com.au/articles/2003/06/05/1054700311550.html http://www.aardvark.co.nz/pjet/cruise.shtml the register has a fun page about cheap UAV / drone widgets... http://www.theregister.co.uk/content/archive/29933.html i've been to more than one lan party / geeky caffeine klatsch where we pondered what happens when people start making flocks of drones carrying ... unpleasant things. wondering how big or small of an EMP you could carry around in a drone. wondering if you could maybe set a mostly-styrofoam drone to orbit for a few days or weeks soaking up the sun, charging its batteries before showing up for work somewhere. a few thousand feet up, an albatross-sized craft would scarcely be noticeable. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?