Re: DoD badly protected web form lets users administer .mil domain names.
On Fri, Jan 24, 2003 at 07:05:45PM -0800, Bill Stewart wrote: A well-known non-US journalistic source reports: [...] By Thomas C Greene in Washington The company may be incorporated overseas, but Thomas lives not that far up the street from me. I'm not sure what having an overseas HQ gains him if some of the Feds choose to pursue legal action (a very small chance, though, I'd wager). -Declan
Torturing the Detainees - A Special Report
If Bush fails in his quest for world domination, and is put on trial at The Hague for Crimes against Humanity, will not the Americans whose tax dollars funded Bush's human rights violations, with full knowlege of the abuses, be equally guilty? How many civilians will die when Bush orders the Military Cowards to launch 400 cruise missiles a day on Baghdad, as part of the Pentagon's Operation Shock and Awe, designed to demoralize the enemy in the initial days of Bush's War? America is real brave when technology permits it to project military force to any place on the planet at no risk to itself, except through friendly fire accidents. I wonder how much popular support this war would enjoy if one American Coward were killed for each Iraqi soldier killed, and one American civilian were killed for each ten Iraqi civilians killed. AmeriKKKa needs a Regieme Change. http://www.guardian.co.uk/usa/story/0,12271,882002,00.html - The United States is condoning the torture and illegal interrogation of prisoners held in the wake of September 11, in defiance of international law and its own constitution, according to lawyers, former US intelligence officers and human rights groups. They claim prisoners have been beaten, hooded and had painkillers withheld. Some prisoners inside American penal institutions and detention camps have been subjected to interrogation techniques which do not leave injuries, but which lawyers consider to be abusive. Others have been sent to countries where electric shocks and more conventional forms of torture have been used, according to the claims. ... -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division Do What Thou Wilt Shall Be The Whole Of The Law
sql worm part of anti-war protest?
There's a report on indymedia that the lastes worm is part of an anti-war tactic which will escalate if Iraq is attacked. http://www.indymedia.org/front.php3?article_id=231141group=webcast -- Harmon Seaver CyberShamanix http://www.cybershamanix.com
Re: Deniable Thumbdrive?
At 06:05 PM 1/24/03 +, Ben Laurie wrote: ... Nice! Get them to cut _all_ your fingers off instead of just one. Just say no to amputationware. This whole idea was talked to death many years ago on sci.crypt, and probably before that other places. The good news is that it's not too hard to come up with a design that lets you encrypt a large hard drive in such a way that there's no way to determine how many tracks of secret data are there. I believe one of Ross Anderson's students did a design for this; it doesn't seem like a really hard problem to solve if you don't mind losing most of your effective disk capacity. The bad news is that you *really* need to think about your threat model before using it, since there's necessarily no way for you to prove that there no more tracks of secret data. It takes no imagination at all to think of ways you might end up wishing you *could* convince someone you'd given them the key to all the tracks. IMO, the only way to do this kind of thing is to have the data, or at least part of the key, stored remotely. The remote machine or machines can implement duress codes, limits to the number ot password guesses allowed per day, number of invalid password guesses before the thing just zeros out the key and tells the person making the attempt it has done so, etc. Trust me, you *want* the server to loudly announce that it will zero the key irretrievably after the tenth bad password Cheers, Ben. --John Kelsey, [EMAIL PROTECTED]
Re: Deniable Thumbdrive?
At 10:06 PM 1/24/03 +0100, Eugen Leitl wrote: ... Frankly, the fingerprint is a lousy secret: you leak it all over the place. You can't help it, unless you're wearing gloves all the time. Ditto DNA. That's generally true of biometrics. Unless taking the measurement is so intrusive it's obvious when it's taken (e.g., maybe the geometry of your sinus cavities or some such thing that requires a CAT scan to measure properly), there's no secret. People constantly seem to get themselves in trouble trying to use biometrics in a system as though they were secret. The best you can usually do is to make it moderately expensive and difficult to actually copy the biometric in a way that will fool the reader. But this is really hard. In fact, making special-purpose devices that are hard to copy or imitate is pretty difficult. It seems enormously harder to find a hard-to-copy, easy-to-use token that just happens to come free with a normal human body. I think the best way to think about any biometric is as a very cheap, moderately hard to copy identification token. Think of it like a good ID card that just happens to be very hard to misplace or lend to your friends. --John Kelsey, [EMAIL PROTECTED]
Re: Deniable Thumbdrive?
On Sun, 26 Jan 2003, John Kelsey wrote: I think the best way to think about any biometric is as a very cheap, moderately hard to copy identification token. Think of it like a good ID card that just happens to be very hard to misplace or lend to your friends. Like an implant in the forehead. At least you'll know who the spy _was_ :-) Patience, persistence, truth, Dr. mike